IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Translate the membergroup dn into a group name.

Browse Source 
Drop filter from the output, it is superfluous.

ticket 634
This commit is contained in:
Rob Crittenden
2010-12-20 13:53:35 -05:00
committed by Adam Young
parent 3a9210f06f
commit ffd467bd7e
2 changed files with 29 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
ipalib/plugins/delegation.py
View File

@@ -50,7 +50,7 @@ from ipalib import api, crud, errors
from ipalib import output from ipalib import output
from ipalib import Object, Command from ipalib import Object, Command
def convert_delegation(aci): def convert_delegation(ldap, aci):
""" """
memberOf is in filter but we want to pull out the group for easier memberOf is in filter but we want to pull out the group for easier
displaying. displaying.
@@ -61,11 +61,19 @@ def convert_delegation(aci):
raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname'])) raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname']))
en = filter.find(')', st) en = filter.find(')', st)
membergroup = filter[st+9:en] membergroup = filter[st+9:en]
aci['membergroup'] = membergroup try:
(dn, entry_attrs) = ldap.get_entry(membergroup, ['cn'])
except Exception, e:
# Uh oh, the group we're granting access to has an error
msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e))
raise errors.NonFatalError(reason=msg)
aci['membergroup'] = entry_attrs['cn']
del aci['filter']
return aci return aci
def is_delegation(aciname): def is_delegation(ldap, aciname):
""" """
Determine if the ACI is a Delegation ACI and raise an exception if it Determine if the ACI is a Delegation ACI and raise an exception if it
isn't. isn't.
@@ -75,7 +83,7 @@ def is_delegation(aciname):
""" """
result = api.Command['aci_show'](aciname)['result'] result = api.Command['aci_show'](aciname)['result']
if 'filter' in result: if 'filter' in result:
result = convert_delegation(result) result = convert_delegation(ldap, result)
else: else:
raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname)) raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname))
return result return result
@@ -144,11 +152,12 @@ class delegation_add(crud.Create):
msg_summary = _('Added delegation "%(value)s"') msg_summary = _('Added delegation "%(value)s"')
def execute(self, aciname, **kw): def execute(self, aciname, **kw):
ldap = self.api.Backend.ldap2
if not 'permissions' in kw: if not 'permissions' in kw:
kw['permissions'] = (u'write',) kw['permissions'] = (u'write',)
result = api.Command['aci_add'](aciname, **kw)['result'] result = api.Command['aci_add'](aciname, **kw)['result']
if 'filter' in result: if 'filter' in result:
result = convert_delegation(result) result = convert_delegation(ldap, result)
return dict( return dict(
result=result, result=result,
@@ -167,7 +176,8 @@ class delegation_del(crud.Delete):
msg_summary = _('Deleted delegation "%(value)s"') msg_summary = _('Deleted delegation "%(value)s"')
def execute(self, aciname, **kw): def execute(self, aciname, **kw):
is_delegation(aciname) ldap = self.api.Backend.ldap2
is_delegation(ldap, aciname)
result = api.Command['aci_del'](aciname, **kw) result = api.Command['aci_del'](aciname, **kw)
return dict( return dict(
result=True, result=True,
@@ -185,10 +195,11 @@ class delegation_mod(crud.Update):
msg_summary = _('Modified delegation "%(value)s"') msg_summary = _('Modified delegation "%(value)s"')
def execute(self, aciname, **kw): def execute(self, aciname, **kw):
is_delegation(aciname) ldap = self.api.Backend.ldap2
is_delegation(ldap, aciname)
result = api.Command['aci_mod'](aciname, **kw)['result'] result = api.Command['aci_mod'](aciname, **kw)['result']
if 'filter' in result: if 'filter' in result:
result = convert_delegation(result) result = convert_delegation(ldap, result)
return dict( return dict(
result=result, result=result,
value=aciname, value=aciname,
@@ -207,12 +218,13 @@ class delegation_find(crud.Search):
) )
def execute(self, term, **kw): def execute(self, term, **kw):
ldap = self.api.Backend.ldap2
acis = api.Command['aci_find'](term, **kw)['result'] acis = api.Command['aci_find'](term, **kw)['result']
results = [] results = []
for aci in acis: for aci in acis:
try: try:
if 'filter' in aci: if 'filter' in aci:
aci = convert_delegation(aci) aci = convert_delegation(ldap, aci)
results.append(aci) results.append(aci)
except errors.NotFound: except errors.NotFound:
pass pass
@@ -237,7 +249,8 @@ class delegation_show(crud.Retrieve):
) )
def execute(self, aciname, **kw): def execute(self, aciname, **kw):
result = is_delegation(aciname) ldap = self.api.Backend.ldap2
result = is_delegation(ldap, aciname)
return dict( return dict(
result=result, result=result,
value=aciname, value=aciname,

17
tests/test_xmlrpc/test_delegation_plugin.py
View File

@@ -26,7 +26,7 @@ from tests.test_xmlrpc import objectclasses
from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
delegation1 = u'testdelegation' delegation1 = u'testdelegation'
memberdn1 = u'cn=admins,cn=groups,cn=accounts,%s' % api.env.basedn member1 = u'admins'
class test_delegation(Declarative): class test_delegation(Declarative):
@@ -89,8 +89,7 @@ class test_delegation(Declarative):
permissions=[u'write'], permissions=[u'write'],
aciname=delegation1, aciname=delegation1,
group=u'editors', group=u'editors',
membergroup=u'%s' % memberdn1, membergroup=[member1],
filter = u'(memberOf=%s)' % memberdn1
), ),
), ),
), ),
@@ -121,8 +120,7 @@ class test_delegation(Declarative):
'permissions': [u'write'], 'permissions': [u'write'],
'aciname': delegation1, 'aciname': delegation1,
'group': u'editors', 'group': u'editors',
'filter': u'(memberOf=%s)' % memberdn1, 'membergroup': [member1],
'membergroup': u'%s' % memberdn1
}, },
), ),
), ),
@@ -141,8 +139,7 @@ class test_delegation(Declarative):
'permissions': [u'write'], 'permissions': [u'write'],
'aciname': delegation1, 'aciname': delegation1,
'group': u'editors', 'group': u'editors',
'membergroup': u'%s' % memberdn1, 'membergroup': [member1],
'filter': u'(memberOf=%s)' % memberdn1
}, },
], ],
), ),
@@ -162,8 +159,7 @@ class test_delegation(Declarative):
permissions=[u'read'], permissions=[u'read'],
aciname=delegation1, aciname=delegation1,
group=u'editors', group=u'editors',
membergroup=u'%s' % memberdn1, membergroup=[member1],
filter=u'(memberOf=%s)' % memberdn1
), ),
), ),
), ),
@@ -180,8 +176,7 @@ class test_delegation(Declarative):
'permissions': [u'read'], 'permissions': [u'read'],
'aciname': delegation1, 'aciname': delegation1,
'group': u'editors', 'group': u'editors',
'membergroup': u'%s' % memberdn1, 'membergroup': [member1],
'filter': u'(memberOf=%s)' % memberdn1
}, },
), ),
), ),