Explicitly filter options that permission-{add,mod} passes to aci-{add,mod}

Make permission commands not pass options that the underlying ACI commands do not understand. Update tests. Remove some extraneous imports of the `copy` module. https://fedorahosted.org/freeipa/ticket/2885
author: Petr Viktorin <pviktori@redhat.com> 2012-06-29 07:24:14 -0400
committer: Martin Kosek <mkosek@redhat.com> 2012-07-02 08:31:03 +0200
commit: 03f247ec863eaafa1a760d520eaed91120d522de (patch)
tree: cf93c7de644b7bc85b13a08a789a624f222a9325 /ipalib/plugins
parent: 50ebd1a339f16c147153bfdb2ee78eb51e9b5d0c (diff)
download: freeipa-03f247ec863eaafa1a760d520eaed91120d522de.tar.gz
freeipa-03f247ec863eaafa1a760d520eaed91120d522de.tar.xz
freeipa-03f247ec863eaafa1a760d520eaed91120d522de.zip
4 files changed, 9 insertions, 14 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py
index f602507bd..0f3eecd7b 100644
--- a/ipalib/plugins/delegation.py
+++ b/ipalib/plugins/delegation.py
@@ -18,7 +18,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import copy
 from ipalib import api, _, ngettext
 from ipalib import Flag, Str
 from ipalib.request import context
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index ec3d78d1b..89f9eaa62 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -17,8 +17,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import copy
-
 from ipalib.plugins.baseldap import *
 from ipalib import api, _, ngettext
 from ipalib import Flag, Str, StrEnum
@@ -189,6 +187,11 @@ class permission(LDAPObject):
                 return False
         return True
 
+    def filter_aci_attributes(self, options):
+        """Return option dictionary that only includes ACI attributes"""
+        return dict((k, v) for k, v in options.items() if
+            k in self.aci_attributes)
+
 api.register(permission)
 
 
@@ -200,7 +203,7 @@ class permission_add(LDAPCreate):
 
     def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
         # Test the ACI before going any further
-        opts = copy.copy(options)
+        opts = self.obj.filter_aci_attributes(options)
         opts['test'] = True
         opts['permission'] = keys[-1]
         opts['aciprefix'] = ACI_PREFIX
@@ -217,7 +220,7 @@ class permission_add(LDAPCreate):
 
     def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
         # Now actually add the aci.
-        opts = copy.copy(options)
+        opts = self.obj.filter_aci_attributes(options)
         opts['test'] = False
         opts['permission'] = keys[-1]
         opts['aciprefix'] = ACI_PREFIX
@@ -340,9 +343,7 @@ class permission_mod(LDAPUpdate):
                 raise errors.ValidationError(
                     name='rename',error=_('New name can not be empty'))
 
-        opts = copy.copy(options)
-        for o in ['all', 'raw', 'rights', 'test', 'rename']:
-            opts.pop(o, None)
+        opts = self.obj.filter_aci_attributes(options)
         setattr(context, 'aciupdate', False)
         # If there are no options left we don't need to do anything to the
         # underlying ACI.
@@ -434,13 +435,11 @@ class permission_find(LDAPSearch):
         # Now find all the ACIs that match. Once we find them, add any that
         # aren't already in the list along with their permission info.
 
-        opts = copy.copy(options)
+        opts = self.obj.filter_aci_attributes(options)
         if aciname:
             opts['aciname'] = aciname
         opts['aciprefix'] = ACI_PREFIX
         # permission ACI attribute is needed
-        opts.pop('raw', None)
-        opts.pop('sizelimit', None)
         aciresults = self.api.Command.aci_find(*args, **opts)
         truncated = truncated or aciresults['truncated']
         results = aciresults['result']
diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py
index 82f2a0cc0..2b1048854 100644
--- a/ipalib/plugins/selfservice.py
+++ b/ipalib/plugins/selfservice.py
@@ -17,8 +17,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import copy
-
 from ipalib import api, _, ngettext
 from ipalib import Flag, Str
 from ipalib.request import context
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 7e98bba4c..c19d9a666 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -19,7 +19,6 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from time import gmtime, strftime, strptime
-import copy
 import string
 
 from ipalib import api, errors
author	Petr Viktorin <pviktori@redhat.com>	2012-06-29 07:24:14 -0400
committer	Martin Kosek <mkosek@redhat.com>	2012-07-02 08:31:03 +0200
commit	03f247ec863eaafa1a760d520eaed91120d522de (patch)
tree	cf93c7de644b7bc85b13a08a789a624f222a9325 /ipalib/plugins
parent	50ebd1a339f16c147153bfdb2ee78eb51e9b5d0c (diff)
download	freeipa-03f247ec863eaafa1a760d520eaed91120d522de.tar.gz freeipa-03f247ec863eaafa1a760d520eaed91120d522de.tar.xz freeipa-03f247ec863eaafa1a760d520eaed91120d522de.zip