diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-11-04 10:44:49 -0400 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-11-05 16:30:19 -0400 |
| commit | 655aa0fcdfefe8582d7527ae3638a8e9368a7d51 (patch) | |
| tree | 1b62f04bb41cac2bc51737b8b2f0ac94eddde185 | |
| parent | 9c50371652a584aa4fbf9906744873e23536c1a0 (diff) | |
| download | freeipa-655aa0fcdfefe8582d7527ae3638a8e9368a7d51.tar.gz freeipa-655aa0fcdfefe8582d7527ae3638a8e9368a7d51.tar.xz freeipa-655aa0fcdfefe8582d7527ae3638a8e9368a7d51.zip | |
Add the --rights option to the LDAPUpdate base class.
ticket 437
| -rw-r--r-- | ipalib/plugins/baseldap.py | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 708d1e4a1..6bf9b3b3e 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -149,6 +149,20 @@ def get_attributes(attrs): return attrlist +def get_effective_rights(ldap, dn, attrs=None): + if attrs is None: + attrs = ['*', 'nsaccountlock'] + rights = ldap.get_effective_rights(dn, attrs) + rdict = {} + if 'attributelevelrights' in rights[1]: + rights = rights[1]['attributelevelrights'] + rights = rights[0].split(', ') + for r in rights: + (k,v) = r.split(':') + rdict[k.strip().lower()] = v + + return rdict + class LDAPObject(Object): """ Object representing a LDAP entry. @@ -562,15 +576,7 @@ class LDAPRetrieve(LDAPQuery): self.obj.handle_not_found(*keys) if options.get('rights', False) and options.get('all', False): - rights = ldap.get_effective_rights(dn, ['*', 'nsaccountlock']) - if 'attributelevelrights' in rights[1]: - rights = rights[1]['attributelevelrights'] - rights = rights[0].split(', ') - rdict = {} - for r in rights: - (k,v) = r.split(':') - rdict[k] = v - entry_attrs['attributelevelrights'] = rdict + entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn) for callback in self.POST_CALLBACKS: if hasattr(callback, 'im_self'): @@ -599,7 +605,12 @@ class LDAPUpdate(LDAPQuery, crud.Update): Update an LDAP entry. """ - takes_options = _attr_options + takes_options = _attr_options + ( + Flag('rights', + label=_('Rights'), + doc=_('Display the access rights to modify this entry (requires --all)'), + ), + ) has_output_params = global_output_params @@ -704,6 +715,9 @@ class LDAPUpdate(LDAPQuery, crud.Update): format=_('the entry was deleted while being modified') ) + if options.get('rights', False) and options.get('all', False): + entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn) + for callback in self.POST_CALLBACKS: if hasattr(callback, 'im_self'): dn = callback(ldap, dn, entry_attrs, *keys, **options) |