diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-12-10 22:52:44 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-12-13 09:55:28 -0500 |
| commit | c9807f4b252055107118493b7d6b66309e3e0d27 (patch) | |
| tree | 63ac4ecf746084d1ba6e1ababdc81471c011f354 /ipalib/plugins | |
| parent | ba8d21f5ae3d4133032c635dad77127cb72ab1bf (diff) | |
| download | freeipa-c9807f4b252055107118493b7d6b66309e3e0d27.tar.gz freeipa-c9807f4b252055107118493b7d6b66309e3e0d27.tar.xz freeipa-c9807f4b252055107118493b7d6b66309e3e0d27.zip | |
Better handle permission object updates versus aci object updates.
permissions are a real group pointed to by an aci, managed by the same
plugin. Any given update can update one or both or neither. Do a better
job at determining what it is that needs to be updated and handle the
case where only the ACI is updated so that EmptyModList is not thrown.
ticket 603
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/permission.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 4ad53c749..18dd577e7 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -220,13 +220,16 @@ class permission_mod(LDAPUpdate): msg_summary = _('Modified permission "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - (dn, attrs) = ldap.get_entry( - dn, attrs_list, normalize=self.obj.normalize_dn - ) + try: + (dn, attrs) = ldap.get_entry( + dn, attrs_list, normalize=self.obj.normalize_dn + ) + except errors.NotFound: + self.obj.handle_not_found(*keys) opts = copy.copy(options) if 'description' in opts: del opts['description'] - for o in self.obj.aci_attributes + ['all', 'raw', 'rights']: + for o in ['all', 'raw', 'rights', 'description']: if o in opts: del opts[o] setattr(context, 'aciupdate', False) @@ -249,8 +252,8 @@ class permission_mod(LDAPUpdate): pass if 'description' in options: - (dn, attrs) = ldap.get_entry(dn, ['description']) - self.api.Command.aci_rename(attrs['description'][0], newname=options['description']) + if attrs['description'][0] != options['description']: + self.api.Command.aci_rename(attrs['description'][0], newname=options['description']) return dn @@ -265,7 +268,7 @@ class permission_mod(LDAPUpdate): except: pass - if len(opts) > 0: + if len(opts) > 0 and not aciupdate: raise exc else: raise exc |