diff options
author | Petr Viktorin <pviktori@redhat.com> | 2012-06-29 07:24:14 -0400 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-07-02 08:31:03 +0200 |
commit | 03f247ec863eaafa1a760d520eaed91120d522de (patch) | |
tree | cf93c7de644b7bc85b13a08a789a624f222a9325 /ipalib/plugins | |
parent | 50ebd1a339f16c147153bfdb2ee78eb51e9b5d0c (diff) | |
download | freeipa-03f247ec863eaafa1a760d520eaed91120d522de.tar.gz freeipa-03f247ec863eaafa1a760d520eaed91120d522de.tar.xz freeipa-03f247ec863eaafa1a760d520eaed91120d522de.zip |
Explicitly filter options that permission-{add,mod} passes to aci-{add,mod}
Make permission commands not pass options that the underlying ACI commands
do not understand.
Update tests.
Remove some extraneous imports of the `copy` module.
https://fedorahosted.org/freeipa/ticket/2885
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/delegation.py | 1 | ||||
-rw-r--r-- | ipalib/plugins/permission.py | 19 | ||||
-rw-r--r-- | ipalib/plugins/selfservice.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 1 |
4 files changed, 9 insertions, 14 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index f602507bd..0f3eecd7b 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -18,7 +18,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import copy from ipalib import api, _, ngettext from ipalib import Flag, Str from ipalib.request import context diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index ec3d78d1b..89f9eaa62 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import copy - from ipalib.plugins.baseldap import * from ipalib import api, _, ngettext from ipalib import Flag, Str, StrEnum @@ -189,6 +187,11 @@ class permission(LDAPObject): return False return True + def filter_aci_attributes(self, options): + """Return option dictionary that only includes ACI attributes""" + return dict((k, v) for k, v in options.items() if + k in self.aci_attributes) + api.register(permission) @@ -200,7 +203,7 @@ class permission_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # Test the ACI before going any further - opts = copy.copy(options) + opts = self.obj.filter_aci_attributes(options) opts['test'] = True opts['permission'] = keys[-1] opts['aciprefix'] = ACI_PREFIX @@ -217,7 +220,7 @@ class permission_add(LDAPCreate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): # Now actually add the aci. - opts = copy.copy(options) + opts = self.obj.filter_aci_attributes(options) opts['test'] = False opts['permission'] = keys[-1] opts['aciprefix'] = ACI_PREFIX @@ -340,9 +343,7 @@ class permission_mod(LDAPUpdate): raise errors.ValidationError( name='rename',error=_('New name can not be empty')) - opts = copy.copy(options) - for o in ['all', 'raw', 'rights', 'test', 'rename']: - opts.pop(o, None) + opts = self.obj.filter_aci_attributes(options) setattr(context, 'aciupdate', False) # If there are no options left we don't need to do anything to the # underlying ACI. @@ -434,13 +435,11 @@ class permission_find(LDAPSearch): # Now find all the ACIs that match. Once we find them, add any that # aren't already in the list along with their permission info. - opts = copy.copy(options) + opts = self.obj.filter_aci_attributes(options) if aciname: opts['aciname'] = aciname opts['aciprefix'] = ACI_PREFIX # permission ACI attribute is needed - opts.pop('raw', None) - opts.pop('sizelimit', None) aciresults = self.api.Command.aci_find(*args, **opts) truncated = truncated or aciresults['truncated'] results = aciresults['result'] diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 82f2a0cc0..2b1048854 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import copy - from ipalib import api, _, ngettext from ipalib import Flag, Str from ipalib.request import context diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 7e98bba4c..c19d9a666 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -19,7 +19,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from time import gmtime, strftime, strptime -import copy import string from ipalib import api, errors |