Prevent deletion of the last admin

Raise an error when trying to delete the last user in the 'admins' group, or remove the last member from the group, or delete the group itself. https://fedorahosted.org/freeipa/ticket/2564
author: Petr Viktorin <pviktori@redhat.com> 2012-05-23 05:44:53 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2012-06-06 21:57:12 -0400
commit: f8e7b516d923142a23058cb23ee817522686cfe3 (patch)
tree: 9987a2ea8abd8579c4852ad813d00861351e54bf /ipalib/plugins/user.py
parent: cf72738b214d115bb930f4e323512fd57a426a63 (diff)
download: freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.tar.gz
freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.tar.xz
freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index b48e68022..7e98bba4c 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -544,8 +544,13 @@ class user_del(LDAPDelete):
 
     msg_summary = _('Deleted user "%(value)s"')
 
-    def post_callback(self, ldap, dn, *keys, **options):
-        return True
+    def pre_callback(self, ldap, dn, *keys, **options):
+        protected_group_name = u'admins'
+        result = api.Command.group_show(protected_group_name)
+        if result['result'].get('member_user', []) == [keys[-1]]:
+            raise errors.LastMemberError(key=keys[-1], label=_(u'group'),
+                container=protected_group_name)
+        return dn
 
 api.register(user_del)
author	Petr Viktorin <pviktori@redhat.com>	2012-05-23 05:44:53 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2012-06-06 21:57:12 -0400
commit	f8e7b516d923142a23058cb23ee817522686cfe3 (patch)
tree	9987a2ea8abd8579c4852ad813d00861351e54bf /ipalib/plugins/user.py
parent	cf72738b214d115bb930f4e323512fd57a426a63 (diff)
download	freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.tar.gz freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.tar.xz freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.zip