IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Warn for permissions with read/write/search/compare and no attrs

Browse Source 
An ACI with rights of read, write, search and/or compare without
attributes to apply the rights to is effectively a no-op. Allow
the ACI to be created but include a warning. Ignore the add
and delete rights. While they make no sense in the context of
the other rights we should still warn that they are a no-op
with no attributes.

Use the existing make_aci() object method to create the
message and update the add/mod callers to capture and add the
message to the result if one is provided.

When updating an existing ACI the effective attributes will
not be included so fall back to the attributes in the resulting
permission.

Prior to checking for rights and attributes convert any deprecated
names for older clients into the newer values needed by make_aci

This is exercised by existing xmlrpc permission tests that
create such permissions without attributes.

https://pagure.io/freeipa/issue/9188

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Rob Crittenden
2022-06-23 10:32:24 -04:00
committed by Florence Blanc-Renaud
parent 436c9d85ee
commit dc73813b8a
6 changed files with 320 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ipalib/messages.py
View File

@@ -18,7 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Custom message (debug, info, wraning) classes passed through RPC.
Custom message (debug, info, warning) classes passed through RPC.
These are added to the "messages" entry in a RPC response, and printed to the
user as log messages.
@@ -27,7 +27,7 @@ Each message class has a unique numeric "errno" attribute from the 10000-10999
range, so that it does not clash with PublicError numbers.
Messages also have the 'type' argument, set to one of 'debug', 'info',
'warning', 'error'. This determines the severity of themessage.
'warning', 'error'. This determines the severity of the message.
"""
from __future__ import print_function
@@ -496,6 +496,16 @@ class LightweightCACertificateNotAvailable(PublicMessage):
format = _("The certificate for %(ca)s is not available on this server.")
class MissingTargetAttributesinPermission(PublicMessage):
"""
**13032** A permission was added with no target attributes
"""
errno = 13032
type = "warning"
format = _("The permission has %(right)s rights but no attributes "
"are set.")
def iter_messages(variables, base):
"""Return a tuple with all subclasses
"""