diff options
author | Martin Basti <mbasti@redhat.com> | 2014-06-20 13:52:12 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-25 18:31:27 +0200 |
commit | 816007bdd911065b42170a06aea3cf750a5198fe (patch) | |
tree | 5099947430aeed1b4fe1096cb6bbd6f22ce705d0 /ipalib | |
parent | 6dab9123be1d4c2db8a194d00f05884738fb692a (diff) | |
download | freeipa-816007bdd911065b42170a06aea3cf750a5198fe.tar.gz freeipa-816007bdd911065b42170a06aea3cf750a5198fe.tar.xz freeipa-816007bdd911065b42170a06aea3cf750a5198fe.zip |
Fix incompatible DNS permission
dns(forward)zone-add/remove-permission can work with permissions with
relative zone name
Ticket:https://fedorahosted.org/freeipa/ticket/4383
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/dns.py | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index a81fb575b..890d2cceb 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1876,6 +1876,23 @@ class DNSZoneBase_add_permission(LDAPQuery): self.obj.handle_not_found(*keys) permission_name = self.obj.permission_name(keys[-1]) + + # compatibility with older IPA versions which allows relative zonenames + permission_name_rel = self.obj.permission_name( + keys[-1].relativize(DNSName.root) + ) + try: + api.Object['permission'].get_dn_if_exists(permission_name_rel) + except errors.NotFound: + pass + else: + # permission exists without absolute domain name + raise errors.DuplicateEntry( + message=_('permission "%(value)s" already exists') % { + 'value': permission_name + } + ) + permission = api.Command['permission_add_noaci'](permission_name, ipapermissiontype=u'SYSTEM' )['result'] @@ -1922,7 +1939,19 @@ class DNSZoneBase_remove_permission(LDAPQuery): pass permission_name = self.obj.permission_name(keys[-1]) - api.Command['permission_del'](permission_name, force=True) + try: + api.Command['permission_del'](permission_name, force=True) + except errors.NotFound, e: + # compatibility, older IPA versions which allows to create zone + # without absolute zone name + permission_name_rel = self.obj.permission_name( + keys[-1].relativize(DNSName.root) + ) + try: + api.Command['permission_del'](permission_name_rel, force=True) + except errors.NotFound: + raise e # re-raise original exception + return dict( result=True, |