From ffff9f8d7ed3e6b6f18e208278c11e552734c5d9 Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Fri, 26 Mar 2021 14:27:32 +0100 Subject: [PATCH] sudorule: reduce number of LDAP searches during modification Combining the existence check with the sudoorder handling allows to reduce the number of searches during a sudorule modification by removing a call to sudorule-show. Related: https://pagure.io/freeipa/issue/8780 Signed-off-by: Antonio Torres Reviewed-By: Alexander Bokovoy --- ipaserver/plugins/sudorule.py | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/ipaserver/plugins/sudorule.py b/ipaserver/plugins/sudorule.py index 3b0d17d4f..688065715 100644 --- a/ipaserver/plugins/sudorule.py +++ b/ipaserver/plugins/sudorule.py @@ -410,21 +410,20 @@ class sudorule_mod(LDAPUpdate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): assert isinstance(dn, DN) - if 'sudoorder' in options: - new_order = options.get('sudoorder') - old_entry = self.api.Command.sudorule_show(keys[-1])['result'] - if 'sudoorder' in old_entry: - old_order = int(old_entry['sudoorder'][0]) - if old_order != new_order: - self.obj.check_order_uniqueness(*keys, **options) - else: - self.obj.check_order_uniqueness(*keys, **options) - try: _entry_attrs = ldap.get_entry(dn, self.obj.default_attributes) except errors.NotFound: raise self.obj.handle_not_found(*keys) + if 'sudoorder' in options: + new_order = options.get('sudoorder') + if 'sudoorder' in _entry_attrs: + old_order = int(_entry_attrs['sudoorder'][0]) + if old_order != new_order: + self.obj.check_order_uniqueness(*keys, **options) + else: + self.obj.check_order_uniqueness(*keys, **options) + error = _("%(type)s category cannot be set to 'all' " "while there are allowed %(objects)s")