diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-12-20 13:53:35 -0500 |
|---|---|---|
| committer | Adam Young <ayoung@redhat.com> | 2010-12-20 15:18:42 -0500 |
| commit | ffd467bd7e12faad3f1574fe3c1e505820bdf459 (patch) | |
| tree | b13ac45f2a75c4d7e5e26c3f652615218b80e1ca /ipalib | |
| parent | 3a9210f06f2a1d28689d8b12179607b77078f8ea (diff) | |
| download | freeipa-ffd467bd7e12faad3f1574fe3c1e505820bdf459.tar.gz freeipa-ffd467bd7e12faad3f1574fe3c1e505820bdf459.tar.xz freeipa-ffd467bd7e12faad3f1574fe3c1e505820bdf459.zip | |
Translate the membergroup dn into a group name.
Drop filter from the output, it is superfluous.
ticket 634
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/delegation.py | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index c233784d1..468e0174b 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -50,7 +50,7 @@ from ipalib import api, crud, errors from ipalib import output from ipalib import Object, Command -def convert_delegation(aci): +def convert_delegation(ldap, aci): """ memberOf is in filter but we want to pull out the group for easier displaying. @@ -61,11 +61,19 @@ def convert_delegation(aci): raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname'])) en = filter.find(')', st) membergroup = filter[st+9:en] - aci['membergroup'] = membergroup + try: + (dn, entry_attrs) = ldap.get_entry(membergroup, ['cn']) + except Exception, e: + # Uh oh, the group we're granting access to has an error + msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e)) + raise errors.NonFatalError(reason=msg) + aci['membergroup'] = entry_attrs['cn'] + + del aci['filter'] return aci -def is_delegation(aciname): +def is_delegation(ldap, aciname): """ Determine if the ACI is a Delegation ACI and raise an exception if it isn't. @@ -75,7 +83,7 @@ def is_delegation(aciname): """ result = api.Command['aci_show'](aciname)['result'] if 'filter' in result: - result = convert_delegation(result) + result = convert_delegation(ldap, result) else: raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname)) return result @@ -144,11 +152,12 @@ class delegation_add(crud.Create): msg_summary = _('Added delegation "%(value)s"') def execute(self, aciname, **kw): + ldap = self.api.Backend.ldap2 if not 'permissions' in kw: kw['permissions'] = (u'write',) result = api.Command['aci_add'](aciname, **kw)['result'] if 'filter' in result: - result = convert_delegation(result) + result = convert_delegation(ldap, result) return dict( result=result, @@ -167,7 +176,8 @@ class delegation_del(crud.Delete): msg_summary = _('Deleted delegation "%(value)s"') def execute(self, aciname, **kw): - is_delegation(aciname) + ldap = self.api.Backend.ldap2 + is_delegation(ldap, aciname) result = api.Command['aci_del'](aciname, **kw) return dict( result=True, @@ -185,10 +195,11 @@ class delegation_mod(crud.Update): msg_summary = _('Modified delegation "%(value)s"') def execute(self, aciname, **kw): - is_delegation(aciname) + ldap = self.api.Backend.ldap2 + is_delegation(ldap, aciname) result = api.Command['aci_mod'](aciname, **kw)['result'] if 'filter' in result: - result = convert_delegation(result) + result = convert_delegation(ldap, result) return dict( result=result, value=aciname, @@ -207,12 +218,13 @@ class delegation_find(crud.Search): ) def execute(self, term, **kw): + ldap = self.api.Backend.ldap2 acis = api.Command['aci_find'](term, **kw)['result'] results = [] for aci in acis: try: if 'filter' in aci: - aci = convert_delegation(aci) + aci = convert_delegation(ldap, aci) results.append(aci) except errors.NotFound: pass @@ -237,7 +249,8 @@ class delegation_show(crud.Retrieve): ) def execute(self, aciname, **kw): - result = is_delegation(aciname) + ldap = self.api.Backend.ldap2 + result = is_delegation(ldap, aciname) return dict( result=result, value=aciname, |