diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-05-20 08:12:07 +0000 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2015-06-15 16:13:22 +0200 |
commit | 69607250b9762a6c9b657dd31653b03d54a7b411 (patch) | |
tree | 007f125753d00963a7c5b69d79649eabc0329e21 /ipalib/plugins/user.py | |
parent | e9e4509b10e5064556f0aa9a6f0124f38f14b31b (diff) | |
download | freeipa-69607250b9762a6c9b657dd31653b03d54a7b411.tar.gz freeipa-69607250b9762a6c9b657dd31653b03d54a7b411.tar.xz freeipa-69607250b9762a6c9b657dd31653b03d54a7b411.zip |
User life cycle: provide preserved user virtual attribute
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'ipalib/plugins/user.py')
-rw-r--r-- | ipalib/plugins/user.py | 78 |
1 files changed, 48 insertions, 30 deletions
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 119294b19..f4a8a2c3c 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -333,6 +333,11 @@ class user(baseuser): label=_('Account disabled'), flags=['no_option'], ), + Bool('preserved?', + label=_('Preserved user'), + default=False, + flags=['virtual_attribute', 'no_create', 'no_update'], + ), ) def get_dn(self, *keys, **options): @@ -369,6 +374,15 @@ class user(baseuser): """ return super(user, self).normalize_manager(manager, self.active_container_dn) + def get_preserved_attribute(self, entry, options): + if options.get('raw', False): + return + delete_container_dn = DN(self.delete_container_dn, api.env.basedn) + if entry.dn.endswith(delete_container_dn): + entry['preserved'] = True + elif options.get('all', False): + entry['preserved'] = False + @register() class user_add(baseuser_add): @@ -540,6 +554,7 @@ class user_add(baseuser_add): self.obj.get_password_attributes(ldap, dn, entry_attrs) convert_sshpubkey_post(ldap, dn, entry_attrs) radius_dn2pk(self.api, entry_attrs) + self.obj.get_preserved_attribute(entry_attrs, options) return dn @@ -665,6 +680,7 @@ class user_mod(baseuser_mod): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): self.post_common_callback(ldap, dn, entry_attrs, **options) + self.obj.get_preserved_attribute(entry_attrs, options) return dn @@ -675,56 +691,56 @@ class user_find(baseuser_find): member_attributes = ['memberof'] has_output_params = baseuser_find.has_output_params + user_output_params + msg_summary = ngettext( + '%(count)d user matched', '%(count)d users matched', 0 + ) + takes_options = LDAPSearch.takes_options + ( Flag('whoami', label=_('Self'), doc=_('Display user record for current Kerberos principal'), ), - Flag('preserved?', - doc=_('Display preserved deleted user'), - cli_name='preserved', - default=False, - ), ) - def execute(self, *args, **options): - if self.original_msg_summary: - object.__setattr__(self, 'msg_summary', self.original_msg_summary) - newoptions = {} - self.common_enhance_options(newoptions, **options) - options.update(newoptions) - - for arg in args: - self.log.debug("user-find- exec arg %r" % (arg)) - if options['preserved']: - self.obj.container_dn = baseuser.delete_container_dn - self.msg_summary = ngettext('%(count)d (delete) user matched', '%(count)d (delete) users matched', 0) - - ret = super(user_find, self).execute(self, *args, **options) - - self.obj.container_dn = baseuser.active_container_dn - return ret - else: - return super(user_find, self).execute(self, *args, **options) - def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *keys, **options): assert isinstance(base_dn, DN) + if options.get('whoami'): return ("(&(objectclass=posixaccount)(krbprincipalname=%s))"%\ getattr(context, 'principal'), base_dn, scope) + newoptions = {} + self.common_enhance_options(newoptions, **options) + options.update(newoptions) + + preserved = options.get('preserved', False) + if preserved is None: + base_dn = self.api.env.basedn + scope = ldap.SCOPE_SUBTREE + elif preserved: + base_dn = DN(self.obj.delete_container_dn, self.api.env.basedn) + else: + base_dn = DN(self.obj.active_container_dn, self.api.env.basedn) + return (filter, base_dn, scope) def post_callback(self, ldap, entries, truncated, *args, **options): if options.get('pkey_only', False): return truncated + + if options.get('preserved', False) is None: + base_dns = ( + DN(self.obj.active_container_dn, self.api.env.basedn), + DN(self.obj.delete_container_dn, self.api.env.basedn), + ) + entries[:] = [e for e in entries + if any(e.dn.endswith(bd) for bd in base_dns)] + self.post_common_callback(ldap, entries, lockout=False, **options) - return truncated + for entry in entries: + self.obj.get_preserved_attribute(entry, options) - msg_summary = ngettext( - '%(count)d user matched', '%(count)d users matched', 0 - ) - original_msg_summary = msg_summary + return truncated @register() @@ -736,6 +752,7 @@ class user_show(baseuser_show): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): convert_nsaccountlock(entry_attrs) self.post_common_callback(ldap, dn, entry_attrs, **options) + self.obj.get_preserved_attribute(entry_attrs, options) return dn @register() @@ -944,6 +961,7 @@ class user_status(LDAPQuery): convert_nsaccountlock(entry) if 'nsaccountlock' in entry: disabled = entry['nsaccountlock'] + self.obj.get_preserved_attribute(entry, options) entries.append(newresult) count += 1 except errors.NotFound: |