diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-01-14 15:57:45 +0100 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-02-18 13:55:27 +0100 |
| commit | b95f4330c9433683f61c46f9605fd1d24bb8b998 (patch) | |
| tree | f4512722abf1b289b053370a6b95322f23d6c328 | |
| parent | 8ea8a7038ea0a9ed23e5569c34535e48008c7884 (diff) | |
| download | freeipa-b95f4330c9433683f61c46f9605fd1d24bb8b998.tar.gz freeipa-b95f4330c9433683f61c46f9605fd1d24bb8b998.tar.xz freeipa-b95f4330c9433683f61c46f9605fd1d24bb8b998.zip | |
Changing the token owner changes also the manager
This works if the change is made to a token which is owned and managed by the
same person. The new owner then automatically becomes token's manager unless
the attribute 'managedBy' is explicitly set otherwise.
https://fedorahosted.org/freeipa/ticket/4681
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
| -rw-r--r-- | ipalib/plugins/otptoken.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py index 41a7f1087..b87145df8 100644 --- a/ipalib/plugins/otptoken.py +++ b/ipalib/plugins/otptoken.py @@ -395,6 +395,19 @@ class otptoken_mod(LDAPUpdate): error='is after the validity end') _normalize_owner(self.api.Object.user, entry_attrs) + # ticket #4681: if the owner of the token is changed and the + # user also manages this token, then we should automatically + # set the 'managedby' attribute to the new owner + if 'ipatokenowner' in entry_attrs and 'managedby' not in entry_attrs: + new_owner = entry_attrs.get('ipatokenowner', None) + prev_entry = ldap.get_entry(dn, attrs_list=['ipatokenowner', + 'managedby']) + prev_owner = prev_entry.get('ipatokenowner', None) + prev_managedby = prev_entry.get('managedby', None) + + if (new_owner != prev_owner) and (prev_owner == prev_managedby): + entry_attrs.setdefault('managedby', new_owner) + attrs_list.append("objectclass") return dn |