diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-06-24 14:32:57 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-07-11 18:43:32 -0400 |
| commit | 3a5e26a01c9cbb7b0a1c38d1b0467b780c3df124 (patch) | |
| tree | eeb797ba3cb6167a8d4c677d339e7a348f1bee59 /ipalib | |
| parent | 3229eee074e6b419f64faa9bb701a60fe96da3a6 (diff) | |
| download | freeipa-3a5e26a01c9cbb7b0a1c38d1b0467b780c3df124.tar.gz freeipa-3a5e26a01c9cbb7b0a1c38d1b0467b780c3df124.tar.xz freeipa-3a5e26a01c9cbb7b0a1c38d1b0467b780c3df124.zip | |
Enforce class rules when query=True, continue to not run validators.ticket-hbac-test
This started as a problem in allowing leading/trailing whitespaces
on primary keys. In nearly every command other than add query is True
so all rules were ignored on the primary key. This meant that to
enforce whitespace we would need to define a validator for each one.
I decided instead to set self.all_rules to just the class rules if
query == True. So the minimum set of validators will be executed
against each type but param-specific validators will only run on add.
https://fedorahosted.org/freeipa/ticket/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/parameters.py | 23 | ||||
| -rw-r--r-- | ipalib/plugins/baseldap.py | 2 |
2 files changed, 20 insertions, 5 deletions
diff --git a/ipalib/parameters.py b/ipalib/parameters.py index 3d9f208d2..76ca2d791 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -432,7 +432,10 @@ class Param(ReadOnly): # Check that all the rules are callable self.class_rules = tuple(class_rules) self.rules = rules - self.all_rules = self.class_rules + self.rules + if self.query: + self.all_rules = self.class_rules + else: + self.all_rules = self.class_rules + self.rules for rule in self.all_rules: if not callable(rule): raise TypeError( @@ -727,8 +730,6 @@ class Param(ReadOnly): else: raise RequirementError(name=self.name) return - if self.query: - return if self.multivalue: if type(value) is not tuple: raise TypeError( @@ -1125,7 +1126,7 @@ class Data(Param): ('pattern', (basestring,), None), ('pattern_errmsg', (basestring,), None), ) - + re = None re_errmsg = None @@ -1242,6 +1243,10 @@ class Str(Data): Also see the `Bytes` parameter. """ + kwargs = Data.kwargs + ( + ('noextrawhitespace', bool, True), + ) + type = unicode type_error = _('must be Unicode text') @@ -1268,6 +1273,16 @@ class Str(Data): error=ugettext(self.type_error), ) + def _rule_noextrawhitespace(self, _, value): + """ + Do not allow leading/trailing spaces. + """ + assert type(value) is unicode + if self.noextrawhitespace is False: #pylint: disable=E1101 + return + if len(value) != len(value.strip()): + return _('Leading and trailing spaces are not allowed') + def _rule_minlength(self, _, value): """ Check minlength constraint. diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 3465c3746..5912b8dcf 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1365,7 +1365,7 @@ class LDAPSearch(CallbackInterface, crud.Search): #pylint: disable=E1003 for key in self.obj.get_ancestor_primary_keys(): yield key - yield Str('criteria?') + yield Str('criteria?', noextrawhitespace=False) for arg in super(crud.Search, self).get_args(): yield arg |