diff options
| -rw-r--r-- | ipalib/plugins/certprofile.py | 13 | ||||
| -rw-r--r-- | ipapython/dogtag.py | 8 |
2 files changed, 16 insertions, 5 deletions
diff --git a/ipalib/plugins/certprofile.py b/ipalib/plugins/certprofile.py index 1dd4f403e..007cc5434 100644 --- a/ipalib/plugins/certprofile.py +++ b/ipalib/plugins/certprofile.py @@ -3,6 +3,7 @@ # import re +from operator import attrgetter from ipalib import api, Bool, File, Str from ipalib import output, util @@ -14,6 +15,7 @@ from ipalib.plugins.baseldap import ( from ipalib.request import context from ipalib import ngettext from ipalib.text import _ +from ipapython.dogtag import INCLUDED_PROFILES from ipapython.version import API_VERSION from ipalib import errors @@ -287,9 +289,16 @@ class certprofile_del(LDAPDelete): __doc__ = _("Delete a Certificate Profile.") msg_summary = _('Deleted profile "%(value)s"') - def execute(self, *args, **kwargs): + def pre_callback(self, ldap, dn, *keys, **options): ca_enabled_check() - return super(certprofile_del, self).execute(*args, **kwargs) + + if keys[0] in map(attrgetter('profile_id'), INCLUDED_PROFILES): + raise errors.ValidationError(name='profile_id', + error=_("Predefined profile '%(profile_id)s' cannot be deleted") + % {'profile_id': keys[0]} + ) + + return dn def post_callback(self, ldap, dn, *keys, **options): with self.api.Backend.ra_certprofile as profile_api: diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 0782d360c..3f0d08154 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -17,6 +17,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +import collections import os import httplib import xml.dom.minidom @@ -42,10 +43,11 @@ from ipapython.ipa_log_manager import * # the configured version. +Profile = collections.namedtuple('Profile', ['profile_id', 'description', 'store_issued']) + INCLUDED_PROFILES = { - # ( profile_id , description , store_issued) - (u'caIPAserviceCert', u'Standard profile for network services', True), - (u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True), + Profile(u'caIPAserviceCert', u'Standard profile for network services', True), + Profile(u'IECUserRoles', u'User profile that includes IECUserRoles extension from request', True), } DEFAULT_PROFILE = u'caIPAserviceCert' |