mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Translate the membergroup dn into a group name.
Drop filter from the output, it is superfluous. ticket 634
This commit is contained in:
Rob Crittenden
committed by
Adam Young
Adam Young
parent
3a9210f06f
commit
ffd467bd7e
@@ -50,7 +50,7 @@ from ipalib import api, crud, errors
|
||||
from ipalib import output
|
||||
from ipalib import Object, Command
|
||||
|
||||
def convert_delegation(aci):
|
||||
def convert_delegation(ldap, aci):
|
||||
"""
|
||||
memberOf is in filter but we want to pull out the group for easier
|
||||
displaying.
|
||||
@@ -61,11 +61,19 @@ def convert_delegation(aci):
|
||||
raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname']))
|
||||
en = filter.find(')', st)
|
||||
membergroup = filter[st+9:en]
|
||||
aci['membergroup'] = membergroup
|
||||
try:
|
||||
(dn, entry_attrs) = ldap.get_entry(membergroup, ['cn'])
|
||||
except Exception, e:
|
||||
# Uh oh, the group we're granting access to has an error
|
||||
msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e))
|
||||
raise errors.NonFatalError(reason=msg)
|
||||
aci['membergroup'] = entry_attrs['cn']
|
||||
|
||||
del aci['filter']
|
||||
|
||||
return aci
|
||||
|
||||
def is_delegation(aciname):
|
||||
def is_delegation(ldap, aciname):
|
||||
"""
|
||||
Determine if the ACI is a Delegation ACI and raise an exception if it
|
||||
isn't.
|
||||
@@ -75,7 +83,7 @@ def is_delegation(aciname):
|
||||
"""
|
||||
result = api.Command['aci_show'](aciname)['result']
|
||||
if 'filter' in result:
|
||||
result = convert_delegation(result)
|
||||
result = convert_delegation(ldap, result)
|
||||
else:
|
||||
raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname))
|
||||
return result
|
||||
@@ -144,11 +152,12 @@ class delegation_add(crud.Create):
|
||||
msg_summary = _('Added delegation "%(value)s"')
|
||||
|
||||
def execute(self, aciname, **kw):
|
||||
ldap = self.api.Backend.ldap2
|
||||
if not 'permissions' in kw:
|
||||
kw['permissions'] = (u'write',)
|
||||
result = api.Command['aci_add'](aciname, **kw)['result']
|
||||
if 'filter' in result:
|
||||
result = convert_delegation(result)
|
||||
result = convert_delegation(ldap, result)
|
||||
|
||||
return dict(
|
||||
result=result,
|
||||
@@ -167,7 +176,8 @@ class delegation_del(crud.Delete):
|
||||
msg_summary = _('Deleted delegation "%(value)s"')
|
||||
|
||||
def execute(self, aciname, **kw):
|
||||
is_delegation(aciname)
|
||||
ldap = self.api.Backend.ldap2
|
||||
is_delegation(ldap, aciname)
|
||||
result = api.Command['aci_del'](aciname, **kw)
|
||||
return dict(
|
||||
result=True,
|
||||
@@ -185,10 +195,11 @@ class delegation_mod(crud.Update):
|
||||
msg_summary = _('Modified delegation "%(value)s"')
|
||||
|
||||
def execute(self, aciname, **kw):
|
||||
is_delegation(aciname)
|
||||
ldap = self.api.Backend.ldap2
|
||||
is_delegation(ldap, aciname)
|
||||
result = api.Command['aci_mod'](aciname, **kw)['result']
|
||||
if 'filter' in result:
|
||||
result = convert_delegation(result)
|
||||
result = convert_delegation(ldap, result)
|
||||
return dict(
|
||||
result=result,
|
||||
value=aciname,
|
||||
@@ -207,12 +218,13 @@ class delegation_find(crud.Search):
|
||||
)
|
||||
|
||||
def execute(self, term, **kw):
|
||||
ldap = self.api.Backend.ldap2
|
||||
acis = api.Command['aci_find'](term, **kw)['result']
|
||||
results = []
|
||||
for aci in acis:
|
||||
try:
|
||||
if 'filter' in aci:
|
||||
aci = convert_delegation(aci)
|
||||
aci = convert_delegation(ldap, aci)
|
||||
results.append(aci)
|
||||
except errors.NotFound:
|
||||
pass
|
||||
@@ -237,7 +249,8 @@ class delegation_show(crud.Retrieve):
|
||||
)
|
||||
|
||||
def execute(self, aciname, **kw):
|
||||
result = is_delegation(aciname)
|
||||
ldap = self.api.Backend.ldap2
|
||||
result = is_delegation(ldap, aciname)
|
||||
return dict(
|
||||
result=result,
|
||||
value=aciname,
|
||||
|
||||
@@ -26,7 +26,7 @@ from tests.test_xmlrpc import objectclasses
|
||||
from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
|
||||
|
||||
delegation1 = u'testdelegation'
|
||||
memberdn1 = u'cn=admins,cn=groups,cn=accounts,%s' % api.env.basedn
|
||||
member1 = u'admins'
|
||||
|
||||
class test_delegation(Declarative):
|
||||
|
||||
@@ -89,8 +89,7 @@ class test_delegation(Declarative):
|
||||
permissions=[u'write'],
|
||||
aciname=delegation1,
|
||||
group=u'editors',
|
||||
membergroup=u'%s' % memberdn1,
|
||||
filter = u'(memberOf=%s)' % memberdn1
|
||||
membergroup=[member1],
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -121,8 +120,7 @@ class test_delegation(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'aciname': delegation1,
|
||||
'group': u'editors',
|
||||
'filter': u'(memberOf=%s)' % memberdn1,
|
||||
'membergroup': u'%s' % memberdn1
|
||||
'membergroup': [member1],
|
||||
},
|
||||
),
|
||||
),
|
||||
@@ -141,8 +139,7 @@ class test_delegation(Declarative):
|
||||
'permissions': [u'write'],
|
||||
'aciname': delegation1,
|
||||
'group': u'editors',
|
||||
'membergroup': u'%s' % memberdn1,
|
||||
'filter': u'(memberOf=%s)' % memberdn1
|
||||
'membergroup': [member1],
|
||||
},
|
||||
],
|
||||
),
|
||||
@@ -162,8 +159,7 @@ class test_delegation(Declarative):
|
||||
permissions=[u'read'],
|
||||
aciname=delegation1,
|
||||
group=u'editors',
|
||||
membergroup=u'%s' % memberdn1,
|
||||
filter=u'(memberOf=%s)' % memberdn1
|
||||
membergroup=[member1],
|
||||
),
|
||||
),
|
||||
),
|
||||
@@ -180,8 +176,7 @@ class test_delegation(Declarative):
|
||||
'permissions': [u'read'],
|
||||
'aciname': delegation1,
|
||||
'group': u'editors',
|
||||
'membergroup': u'%s' % memberdn1,
|
||||
'filter': u'(memberOf=%s)' % memberdn1
|
||||
'membergroup': [member1],
|
||||
},
|
||||
),
|
||||
),
|
||||
|
||||
Reference in New Issue
Block a user