diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-01-06 12:44:59 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-01-24 16:52:41 +0100 |
| commit | ef68c02c6acdba29de9d4bab2c7f5aa956b55da2 (patch) | |
| tree | 29220600aada7d0303907d1b3378ebd020dbd8b0 | |
| parent | 6141919fba30487e3c4eb19b0c87a10384fd9d20 (diff) | |
| download | freeipa-ef68c02c6acdba29de9d4bab2c7f5aa956b55da2.tar.gz freeipa-ef68c02c6acdba29de9d4bab2c7f5aa956b55da2.tar.xz freeipa-ef68c02c6acdba29de9d4bab2c7f5aa956b55da2.zip | |
Fix selfservice-find crashes
Ignore empty options when performing an ACI search so that the
find command does not crash. Update ipa(1) man page to mention
this common behavior of find commands.
https://fedorahosted.org/freeipa/ticket/2011
https://fedorahosted.org/freeipa/ticket/2012
| -rw-r--r-- | ipa.1 | 4 | ||||
| -rw-r--r-- | ipalib/plugins/aci.py | 22 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_selfservice_plugin.py | 19 |
3 files changed, 32 insertions, 13 deletions
@@ -16,7 +16,7 @@ .\" .\" Author: Pavel Zuna <pzuna@redhat.com> .\" -.TH "IPA" "1" "02/22/2010" "IPA 2\&.0\&.0" "IPA CLI Manual" +.TH "ipa" "1" "Jan 24 2012" "FreeIPA" "FreeIPA Manual Pages" .SH "NAME" ipa \- IPA command\-line interface .SH "SYNOPSIS" @@ -92,7 +92,7 @@ Search for existing objects. .LP The above types of commands except \fBfind\fR take the objects primary key (e.g. user name for users) as their only positional argument unless there can be only one object of the given type. They can also take a number of options (some of which might be required in the case of \fBadd\fR) that represent the objects attributes. -\fBfind\fR commands take an optional criteria string as their only positional argument. If present, all objects with an attribute that contains the criteria string are displayed. If an option representing an attribute is set, only object with the attribute exactly matching the specified value are displayed. Without parameters all objects of the corresponding type are displayed. +\fBfind\fR commands take an optional criteria string as their only positional argument. If present, all objects with an attribute that contains the criteria string are displayed. If an option representing an attribute is set, only object with the attribute exactly matching the specified value are displayed. Options with empty values are ignored. Without parameters all objects of the corresponding type are displayed. For IPA objects with attributes that can contain references to other objects (e.g. groups), the following action are usually available: .TP diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index e4ef2ef17..e87ac9bff 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -705,21 +705,21 @@ class aci_find(crud.Search): else: results = list(acis) - if 'aciname' in kw: + if kw.get('aciname'): for a in acis: prefix, name = _parse_aci_name(a.name) if name != kw['aciname']: results.remove(a) acis = list(results) - if 'aciprefix' in kw: + if kw.get('aciprefix'): for a in acis: prefix, name = _parse_aci_name(a.name) if prefix != kw['aciprefix']: results.remove(a) acis = list(results) - if 'attrs' in kw: + if kw.get('attrs'): for a in acis: if not 'targetattr' in a.target: results.remove(a) @@ -732,7 +732,7 @@ class aci_find(crud.Search): results.remove(a) acis = list(results) - if 'permission' in kw: + if kw.get('permission'): try: self.api.Command['permission_show']( kw['permission'] @@ -745,7 +745,7 @@ class aci_find(crud.Search): results.remove(a) acis = list(results) - if 'permissions' in kw: + if kw.get('permissions'): for a in acis: alist1 = sorted(a.permissions) alist2 = sorted(kw['permissions']) @@ -753,7 +753,7 @@ class aci_find(crud.Search): results.remove(a) acis = list(results) - if 'memberof' in kw: + if kw.get('memberof'): try: dn = _group_from_memberof(kw['memberof']) except errors.NotFound: @@ -768,7 +768,7 @@ class aci_find(crud.Search): else: results.remove(a) - if 'type' in kw: + if kw.get('type'): for a in acis: if 'target' in a.target: target = a.target['target']['expression'] @@ -786,7 +786,7 @@ class aci_find(crud.Search): except ValueError: pass - if 'selfaci' in kw and kw['selfaci'] == True: + if kw.get('selfaci', False) is True: for a in acis: if a.bindrule['expression'] != u'ldap:///self': try: @@ -794,7 +794,7 @@ class aci_find(crud.Search): except ValueError: pass - if 'group' in kw: + if kw.get('group'): for a in acis: groupdn = a.bindrule['expression'] groupdn = groupdn.replace('ldap:///','') @@ -808,7 +808,7 @@ class aci_find(crud.Search): except ValueError: pass - if 'targetgroup' in kw: + if kw.get('targetgroup'): for a in acis: found = False if 'target' in a.target: @@ -825,7 +825,7 @@ class aci_find(crud.Search): except ValueError: pass - if 'filter' in kw: + if kw.get('filter'): if not kw['filter'].startswith('('): kw['filter'] = unicode('('+kw['filter']+')') for a in acis: diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py index e994bb32c..670e353d8 100644 --- a/tests/test_xmlrpc/test_selfservice_plugin.py +++ b/tests/test_xmlrpc/test_selfservice_plugin.py @@ -154,6 +154,25 @@ class test_selfservice(Declarative): dict( + desc='Search for %r with empty attrs and permissions' % selfservice1, + command=('selfservice_find', [selfservice1], {'attrs' : None, 'permissions' : None}), + expected=dict( + count=1, + truncated=False, + summary=u'1 selfservice matched', + result=[ + { + 'attrs': [u'street', u'c', u'l', u'st', u'postalcode'], + 'permissions': [u'write'], + 'selfaci': True, + 'aciname': selfservice1, + }, + ], + ), + ), + + + dict( desc='Update %r' % selfservice1, command=( 'selfservice_mod', [selfservice1], dict(permissions=u'read') |