summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2014-09-04 17:26:14 +0200
committerTomas Babej <tbabej@redhat.com>2014-09-17 14:41:51 +0200
commit843031f016c7dfa791c010d080fd8c607e13ad8f (patch)
treeb7910bc255f5ed2232bcbcb6c65c8e514d8e9d00
parent12ad1bf168be8810bff772d79871a33007558ad4 (diff)
downloadfreeipa-843031f016c7dfa791c010d080fd8c607e13ad8f.zip
freeipa-843031f016c7dfa791c010d080fd8c607e13ad8f.tar.gz
freeipa-843031f016c7dfa791c010d080fd8c607e13ad8f.tar.xz
idviews: Split the idoverride object into iduseroverride and idgroupoverride
-rw-r--r--ipalib/plugins/idviews.py157
1 files changed, 103 insertions, 54 deletions
diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py
index 2021e26..1be4d9d 100644
--- a/ipalib/plugins/idviews.py
+++ b/ipalib/plugins/idviews.py
@@ -376,27 +376,20 @@ class idview_unapply(baseidview_apply):
return super(idview_unapply, self).execute(*keys, **options)
-@register()
-class idoverride(LDAPObject):
+# This is not registered on purpose, it's a base class for ID overrides
+class baseidoverride(LDAPObject):
"""
- ID override object.
+ Base ID override object.
"""
parent_object = 'idview'
container_dn = api.env.container_views
- object_name = _('ID override')
- object_name_plural = _('ID overrides')
object_class = ['ipaOverrideAnchor', 'top']
default_attributes = [
- 'cn', 'description', 'ipaAnchorUUID', 'gidNumber',
- 'homeDirectory', 'uidNumber', 'uid',
+ 'description', 'ipaAnchorUUID',
]
- label = _('ID overrides')
- label_singular = _('ID override')
- rdn_is_primary_key = True
-
takes_params = (
Str('ipaanchoruuid',
cli_name='anchor',
@@ -407,51 +400,9 @@ class idoverride(LDAPObject):
cli_name='desc',
label=_('Description'),
),
- Str('cn?',
- pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$',
- pattern_errmsg='may only include letters, numbers, _, -, . and $',
- maxlength=255,
- cli_name='group_name',
- label=_('Group name'),
- normalizer=lambda value: value.lower(),
- ),
- Int('gidnumber?',
- cli_name='gid',
- label=_('GID'),
- doc=_('Group ID Number'),
- minvalue=1,
- ),
- Str('uid?',
- pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$',
- pattern_errmsg='may only include letters, numbers, _, -, . and $',
- maxlength=255,
- cli_name='login',
- label=_('User login'),
- normalizer=lambda value: value.lower(),
- ),
- Int('uidnumber?',
- cli_name='uid',
- label=_('UID'),
- doc=_('User ID Number'),
- minvalue=1,
- ),
- Str('homedirectory?',
- cli_name='homedir',
- label=_('Home directory'),
- ),
)
- permission_filter_objectclasses = ['ipaOverrideAnchor']
- managed_permissions = {
- 'System: Read ID Overrides': {
- 'ipapermbindruletype': 'all',
- 'ipapermright': {'read', 'search', 'compare'},
- 'ipapermdefaultattr': {
- 'cn', 'objectClass', 'ipaAnchorUUID', 'uidNumber', 'gidNumber',
- 'description', 'homeDirectory', 'uid',
- },
- },
- }
+ override_object = None
def resolve_object_to_anchor(self, obj):
"""
@@ -591,3 +542,101 @@ class idoverride_show(LDAPRetrieve):
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
self.obj.convert_anchor_to_human_readable_form(entry_attrs, **options)
return dn
+
+
+@register()
+class idoverrideuser(baseidoverride):
+
+ object_name = _('User ID override')
+ object_name_plural = _('User ID overrides')
+
+ label = _('User ID overrides')
+ label_singular = _('User ID override')
+ rdn_is_primary_key = True
+
+ permission_filter_objectclasses = ['ipaOverrideAnchor', 'ipaUserOverride']
+ managed_permissions = {
+ 'System: Read User ID Overrides': {
+ 'ipapermbindruletype': 'all',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'objectClass', 'ipaAnchorUUID', 'uidNumber', 'description',
+ 'homeDirectory', 'uid',
+ },
+ },
+ }
+
+ object_class = baseidoverride.object_class + ['ipaUserOverride']
+ default_attributes = baseidoverride.default_attributes + [
+ 'homeDirectory', 'uidNumber', 'uid',
+ ]
+
+ takes_params = baseidoverride.takes_params + (
+ Str('uid?',
+ pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$',
+ pattern_errmsg='may only include letters, numbers, _, -, . and $',
+ maxlength=255,
+ cli_name='login',
+ label=_('User login'),
+ normalizer=lambda value: value.lower(),
+ ),
+ Int('uidnumber?',
+ cli_name='uid',
+ label=_('UID'),
+ doc=_('User ID Number'),
+ minvalue=1,
+ ),
+ Str('homedirectory?',
+ cli_name='homedir',
+ label=_('Home directory'),
+ ),
+ )
+
+ override_object = 'user'
+
+
+@register()
+class idoverridegroup(baseidoverride):
+
+ object_name = _('Group ID override')
+ object_name_plural = _('Group ID overrides')
+
+ label = _('Group ID overrides')
+ label_singular = _('Group ID override')
+ rdn_is_primary_key = True
+
+ permission_filter_objectclasses = ['ipaOverrideAnchor', 'ipaGroupOverride']
+ managed_permissions = {
+ 'System: Read Group ID Overrides': {
+ 'ipapermbindruletype': 'all',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'objectClass', 'ipaAnchorUUID', 'gidNumber',
+ 'description', 'cn',
+ },
+ },
+ }
+
+ object_class = baseidoverride.object_class + ['ipaGroupOverride']
+ default_attributes = baseidoverride.default_attributes + [
+ 'gidNumber', 'cn',
+ ]
+
+ takes_params = baseidoverride.takes_params + (
+ Str('cn?',
+ pattern='^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$',
+ pattern_errmsg='may only include letters, numbers, _, -, . and $',
+ maxlength=255,
+ cli_name='group_name',
+ label=_('Group name'),
+ normalizer=lambda value: value.lower(),
+ ),
+ Int('gidnumber?',
+ cli_name='gid',
+ label=_('GID'),
+ doc=_('Group ID Number'),
+ minvalue=1,
+ ),
+ )
+
+ override_object = 'group'