diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-05-23 05:44:53 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-06-06 21:57:12 -0400 |
commit | f8e7b516d923142a23058cb23ee817522686cfe3 (patch) | |
tree | 9987a2ea8abd8579c4852ad813d00861351e54bf /ipalib/plugins/user.py | |
parent | cf72738b214d115bb930f4e323512fd57a426a63 (diff) | |
download | freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.tar.gz freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.tar.xz freeipa-f8e7b516d923142a23058cb23ee817522686cfe3.zip |
Prevent deletion of the last admin
Raise an error when trying to delete the last user in the
'admins' group, or remove the last member from the group,
or delete the group itself.
https://fedorahosted.org/freeipa/ticket/2564
Diffstat (limited to 'ipalib/plugins/user.py')
-rw-r--r-- | ipalib/plugins/user.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index b48e68022..7e98bba4c 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -544,8 +544,13 @@ class user_del(LDAPDelete): msg_summary = _('Deleted user "%(value)s"') - def post_callback(self, ldap, dn, *keys, **options): - return True + def pre_callback(self, ldap, dn, *keys, **options): + protected_group_name = u'admins' + result = api.Command.group_show(protected_group_name) + if result['result'].get('member_user', []) == [keys[-1]]: + raise errors.LastMemberError(key=keys[-1], label=_(u'group'), + container=protected_group_name) + return dn api.register(user_del) |