diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-12-10 22:52:44 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-12-13 09:55:28 -0500 |
| commit | c9807f4b252055107118493b7d6b66309e3e0d27 (patch) | |
| tree | 63ac4ecf746084d1ba6e1ababdc81471c011f354 | |
| parent | ba8d21f5ae3d4133032c635dad77127cb72ab1bf (diff) | |
| download | freeipa-c9807f4b252055107118493b7d6b66309e3e0d27.tar.gz freeipa-c9807f4b252055107118493b7d6b66309e3e0d27.tar.xz freeipa-c9807f4b252055107118493b7d6b66309e3e0d27.zip | |
Better handle permission object updates versus aci object updates.
permissions are a real group pointed to by an aci, managed by the same
plugin. Any given update can update one or both or neither. Do a better
job at determining what it is that needs to be updated and handle the
case where only the ACI is updated so that EmptyModList is not thrown.
ticket 603
| -rw-r--r-- | ipalib/plugins/permission.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 4ad53c749..18dd577e7 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -220,13 +220,16 @@ class permission_mod(LDAPUpdate): msg_summary = _('Modified permission "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - (dn, attrs) = ldap.get_entry( - dn, attrs_list, normalize=self.obj.normalize_dn - ) + try: + (dn, attrs) = ldap.get_entry( + dn, attrs_list, normalize=self.obj.normalize_dn + ) + except errors.NotFound: + self.obj.handle_not_found(*keys) opts = copy.copy(options) if 'description' in opts: del opts['description'] - for o in self.obj.aci_attributes + ['all', 'raw', 'rights']: + for o in ['all', 'raw', 'rights', 'description']: if o in opts: del opts[o] setattr(context, 'aciupdate', False) @@ -249,8 +252,8 @@ class permission_mod(LDAPUpdate): pass if 'description' in options: - (dn, attrs) = ldap.get_entry(dn, ['description']) - self.api.Command.aci_rename(attrs['description'][0], newname=options['description']) + if attrs['description'][0] != options['description']: + self.api.Command.aci_rename(attrs['description'][0], newname=options['description']) return dn @@ -265,7 +268,7 @@ class permission_mod(LDAPUpdate): except: pass - if len(opts) > 0: + if len(opts) > 0 and not aciupdate: raise exc else: raise exc |