diff options
author | Thierry Bordaz <tbordaz@redhat.com> | 2015-05-12 15:03:58 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2015-05-18 09:37:21 +0200 |
commit | f2e986e01f973a95e95608e1853dca35dcffeb58 (patch) | |
tree | 2112238c250e2060928f1889590102f130e07dbf /ipalib/plugins/stageuser.py | |
parent | dc668b1b6a75472ea79a6af4dbcd8c6a2c5a0384 (diff) | |
download | freeipa-f2e986e01f973a95e95608e1853dca35dcffeb58.tar.gz freeipa-f2e986e01f973a95e95608e1853dca35dcffeb58.tar.xz freeipa-f2e986e01f973a95e95608e1853dca35dcffeb58.zip |
User life cycle: new stageuser commands del/mod/find/show
Add plugin commands to stageuser plugin:
stageuser_del
stageuser_mod
stageuser_find
stageuser_show
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipalib/plugins/stageuser.py')
-rw-r--r-- | ipalib/plugins/stageuser.py | 71 |
1 files changed, 70 insertions, 1 deletions
diff --git a/ipalib/plugins/stageuser.py b/ipalib/plugins/stageuser.py index 2a9a7f413..f788061f0 100644 --- a/ipalib/plugins/stageuser.py +++ b/ipalib/plugins/stageuser.py @@ -27,7 +27,8 @@ from ipalib import Flag, Int, Password, Str, Bool, StrEnum, DateTime from ipalib.plugable import Registry from ipalib.plugins.baseldap import LDAPCreate, DN, entry_to_dict from ipalib.plugins import baseldap -from ipalib.plugins.baseuser import baseuser, baseuser_add, baseuser_mod, baseuser_find, \ +from ipalib.plugins.baseuser import baseuser, baseuser_add, baseuser_del, \ + baseuser_mod, baseuser_find, baseuser_show, \ NO_UPG_MAGIC, radius_dn2pk, \ baseuser_pwdchars, fix_addressbook_permission_bindrule, normalize_principal, validate_principal, \ baseuser_output_params, status_baseuser_output_params @@ -275,3 +276,71 @@ class stageuser_add(baseuser_add): convert_sshpubkey_post(ldap, dn, entry_attrs) radius_dn2pk(self.api, entry_attrs) return dn + +@register() +class stageuser_del(baseuser_del): + __doc__ = _('Delete a stage user.') + + msg_summary = _('Deleted stage user "%(value)s"') + +@register() +class stageuser_mod(baseuser_mod): + __doc__ = _('Modify a stage user.') + + msg_summary = _('Modified stage user "%(value)s"') + + has_output_params = baseuser_mod.has_output_params + stageuser_output_params + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + self.pre_common_callback(ldap, dn, entry_attrs, **options) + # Make sure it is not possible to authenticate with a Stage user account + if 'nsaccountlock' in entry_attrs: + del entry_attrs['nsaccountlock'] + return dn + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + self.post_common_callback(ldap, dn, entry_attrs, **options) + if 'nsaccountlock' in entry_attrs: + del entry_attrs['nsaccountlock'] + return dn + +@register() +class stageuser_find(baseuser_find): + __doc__ = _('Search for stage users.') + + member_attributes = ['memberof'] + has_output_params = baseuser_find.has_output_params + stageuser_output_params + + + def execute(self, *args, **options): + newoptions = {} + self.common_enhance_options(newoptions, **options) + options.update(newoptions) + + return super(stageuser_find, self).execute(self, *args, **options) + + def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options): + assert isinstance(base_dn, DN) + + return (filter, base_dn, scope) + + def post_callback(self, ldap, entries, truncated, *args, **options): + if options.get('pkey_only', False): + return truncated + self.post_common_callback(ldap, entries, lockout=True, **options) + return truncated + + msg_summary = ngettext( + '%(count)d user matched', '%(count)d users matched', 0 + ) + +@register() +class stageuser_show(baseuser_show): + __doc__ = _('Display information about a stage user.') + + has_output_params = baseuser_show.has_output_params + stageuser_output_params + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + entry_attrs['nsaccountlock'] = True + self.post_common_callback(ldap, dn, entry_attrs, **options) + return dn |