Fix incompatible DNS permission

dns(forward)zone-add/remove-permission can work with permissions with relative zone name Ticket:https://fedorahosted.org/freeipa/ticket/4383 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2014-06-20 13:52:12 +0200
committer: Petr Viktorin <pviktori@redhat.com> 2014-06-25 18:31:27 +0200
commit: 816007bdd911065b42170a06aea3cf750a5198fe (patch)
tree: 5099947430aeed1b4fe1096cb6bbd6f22ce705d0 /ipalib
parent: 6dab9123be1d4c2db8a194d00f05884738fb692a (diff)
download: freeipa-816007bdd911065b42170a06aea3cf750a5198fe.tar.gz
freeipa-816007bdd911065b42170a06aea3cf750a5198fe.tar.xz
freeipa-816007bdd911065b42170a06aea3cf750a5198fe.zip
1 files changed, 30 insertions, 1 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index a81fb575b..890d2cceb 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1876,6 +1876,23 @@ class DNSZoneBase_add_permission(LDAPQuery):
                 self.obj.handle_not_found(*keys)
 
         permission_name = self.obj.permission_name(keys[-1])
+
+        # compatibility with older IPA versions which allows relative zonenames
+        permission_name_rel = self.obj.permission_name(
+            keys[-1].relativize(DNSName.root)
+        )
+        try:
+            api.Object['permission'].get_dn_if_exists(permission_name_rel)
+        except errors.NotFound:
+            pass
+        else:
+            # permission exists without absolute domain name
+            raise errors.DuplicateEntry(
+                message=_('permission "%(value)s" already exists') % {
+                        'value': permission_name
+                }
+            )
+
         permission = api.Command['permission_add_noaci'](permission_name,
                          ipapermissiontype=u'SYSTEM'
                      )['result']
@@ -1922,7 +1939,19 @@ class DNSZoneBase_remove_permission(LDAPQuery):
             pass
 
         permission_name = self.obj.permission_name(keys[-1])
-        api.Command['permission_del'](permission_name, force=True)
+        try:
+            api.Command['permission_del'](permission_name, force=True)
+        except errors.NotFound, e:
+            # compatibility, older IPA versions which allows to create zone
+            # without absolute zone name
+            permission_name_rel = self.obj.permission_name(
+                keys[-1].relativize(DNSName.root)
+            )
+            try:
+                api.Command['permission_del'](permission_name_rel, force=True)
+            except errors.NotFound:
+                raise e  # re-raise original exception
+
 
         return dict(
             result=True,
author	Martin Basti <mbasti@redhat.com>	2014-06-20 13:52:12 +0200
committer	Petr Viktorin <pviktori@redhat.com>	2014-06-25 18:31:27 +0200
commit	816007bdd911065b42170a06aea3cf750a5198fe (patch)
tree	5099947430aeed1b4fe1096cb6bbd6f22ce705d0 /ipalib
parent	6dab9123be1d4c2db8a194d00f05884738fb692a (diff)
download	freeipa-816007bdd911065b42170a06aea3cf750a5198fe.tar.gz freeipa-816007bdd911065b42170a06aea3cf750a5198fe.tar.xz freeipa-816007bdd911065b42170a06aea3cf750a5198fe.zip