diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-10-16 12:40:24 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-16 16:00:18 +0200 |
commit | 061f7ff331531fa01801fb597feed924de6a2fd7 (patch) | |
tree | 2f7381ac8f48c3916369a2e0dae227cb92f229fa /ipalib/plugins/permission.py | |
parent | cf860c71545fe93bebcb7dcb426795240e776eb3 (diff) | |
download | freeipa-061f7ff331531fa01801fb597feed924de6a2fd7.tar.gz freeipa-061f7ff331531fa01801fb597feed924de6a2fd7.tar.xz freeipa-061f7ff331531fa01801fb597feed924de6a2fd7.zip |
Raise better error message for permission added to generated tree
https://fedorahosted.org/freeipa/ticket/4523
Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r-- | ipalib/plugins/permission.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 9028f0248..43481b9eb 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -972,7 +972,7 @@ class permission_add(baseldap.LDAPCreate): def post_callback(self, ldap, dn, entry, *keys, **options): try: self.obj.add_aci(entry) - except Exception: + except Exception, e: # Adding the ACI failed. # We want to be 100% sure the ACI is not there, so try to # remove it. (This is a no-op if the ACI was not added.) @@ -988,6 +988,13 @@ class permission_add(baseldap.LDAPCreate): self.api.Backend['ldap2'].delete_entry(entry) except errors.NotFound: pass + if isinstance(e, errors.NotFound): + # add_aci may raise NotFound if the subtree is only virtual + # like cn=compat,SUFFIX and thus passes the LDAP get entry test + location = DN(entry.single_value['ipapermlocation']) + raise errors.ValidationError( + name='ipapermlocation', + error=_('Cannot store permission ACI to %s') % location) # Re-raise original exception raise self.obj.postprocess_result(entry, options) |