summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipalib/plugins/aci.py26
-rw-r--r--ipalib/plugins/permission.py33
-rw-r--r--ipalib/plugins/selfservice.py3
-rw-r--r--tests/test_xmlrpc/test_selfservice_plugin.py3
4 files changed, 28 insertions, 37 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index f0b81f48a..b0be26f5c 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -565,21 +565,20 @@ class aci_del(crud.Delete):
takes_options = (_prefix_option,)
- def execute(self, aciname, **kw):
+ def execute(self, aciname, aciprefix):
"""
Execute the aci-delete operation.
:param aciname: The name of the ACI being deleted.
- :param kw: unused
+ :param aciprefix: The ACI prefix.
"""
- assert 'aciname' not in kw
ldap = self.api.Backend.ldap2
(dn, entry_attrs) = ldap.get_entry(self.api.env.basedn, ['aci'])
acistrs = entry_attrs.get('aci', [])
acis = _convert_strings_to_acis(acistrs)
- aci = _find_aci_by_name(acis, kw['aciprefix'], aciname)
+ aci = _find_aci_by_name(acis, aciprefix, aciname)
for a in acistrs:
candidate = ACI(a)
if aci.isequal(candidate):
@@ -614,28 +613,25 @@ class aci_mod(crud.Update):
msg_summary = _('Modified ACI "%(value)s"')
def execute(self, aciname, **kw):
+ aciprefix = kw['aciprefix']
ldap = self.api.Backend.ldap2
(dn, entry_attrs) = ldap.get_entry(self.api.env.basedn, ['aci'])
acis = _convert_strings_to_acis(entry_attrs.get('aci', []))
- aci = _find_aci_by_name(acis, kw['aciprefix'], aciname)
+ aci = _find_aci_by_name(acis, aciprefix, aciname)
# The strategy here is to convert the ACI we're updating back into
# a series of keywords. Then we replace any keywords that have been
# updated and convert that back into an ACI and write it out.
oldkw = _aci_to_kw(ldap, aci)
newkw = deepcopy(oldkw)
- if 'selfaci' in newkw and newkw['selfaci'] == True:
+ if newkw.get('selfaci', False):
# selfaci is set in aci_to_kw to True only if the target is self
kw['selfaci'] = True
- for k in kw.keys():
- newkw[k] = kw[k]
+ newkw.update(kw)
for acikw in (oldkw, newkw):
- try:
- del acikw['aciname']
- except KeyError:
- pass
+ acikw.pop('aciname', None)
# _make_aci is what is run in aci_add and validates the input.
# Do this before we delete the existing ACI.
@@ -643,7 +639,7 @@ class aci_mod(crud.Update):
if aci.isequal(newaci):
raise errors.EmptyModlist()
- self.api.Command['aci_del'](aciname, **kw)
+ self.api.Command['aci_del'](aciname, aciprefix=aciprefix)
try:
result = self.api.Command['aci_add'](aciname, **newkw)['result']
@@ -652,7 +648,7 @@ class aci_mod(crud.Update):
# report the ADD error back to user
try:
self.api.Command['aci_add'](aciname, **oldkw)
- except:
+ except Exception:
pass
raise e
@@ -949,7 +945,7 @@ class aci_rename(crud.Update):
# Do this before we delete the existing ACI.
newaci = _make_aci(ldap, None, kw['newname'], newkw)
- self.api.Command['aci_del'](aciname, **kw)
+ self.api.Command['aci_del'](aciname, aciprefix=kw['aciprefix'])
result = self.api.Command['aci_add'](kw['newname'], **newkw)['result']
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 9bf17944c..ff38f852d 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -194,10 +194,7 @@ class permission_add(LDAPCreate):
opts['test'] = True
opts['permission'] = keys[-1]
opts['aciprefix'] = ACI_PREFIX
- try:
- self.api.Command.aci_add(keys[-1], **opts)
- except Exception, e:
- raise e
+ self.api.Command.aci_add(keys[-1], **opts)
# Clear the aci attributes out of the permission entry
for o in options:
@@ -289,24 +286,20 @@ class permission_mod(LDAPUpdate):
except errors.NotFound:
pass # permission may be renamed, continue
else:
- raise errors.ValidationError(name='rename',error=_('New name can not be empty'))
+ raise errors.ValidationError(
+ name='rename',error=_('New name can not be empty'))
opts = copy.copy(options)
- for o in ['all', 'raw', 'rights', 'rename']:
- if o in opts:
- del opts[o]
+ for o in ['all', 'raw', 'rights', 'test', 'rename']:
+ opts.pop(o, None)
setattr(context, 'aciupdate', False)
# If there are no options left we don't need to do anything to the
# underlying ACI.
if len(opts) > 0:
- opts['test'] = False
opts['permission'] = keys[-1]
opts['aciprefix'] = ACI_PREFIX
- try:
- self.api.Command.aci_mod(keys[-1], **opts)
- setattr(context, 'aciupdate', True)
- except Exception, e:
- raise e
+ self.api.Command.aci_mod(keys[-1], **opts)
+ setattr(context, 'aciupdate', True)
# Clear the aci attributes out of the permission entry
for o in self.obj.aci_attributes:
@@ -341,11 +334,12 @@ class permission_mod(LDAPUpdate):
permission=options['rename'])
self.api.Command.aci_rename(cn, aciprefix=ACI_PREFIX,
- newname=options['rename'], newprefix=ACI_PREFIX)
+ newname=options['rename'])
cn = options['rename'] # rename finished
- result = self.api.Command.permission_show(cn, **options)['result']
+ common_options = dict((k, options[k]) for k in ('all', 'raw') if k in options)
+ result = self.api.Command.permission_show(cn, **common_options)['result']
for r in result:
if not r.startswith('member_'):
entry_attrs[r] = result[r]
@@ -363,7 +357,7 @@ class permission_find(LDAPSearch):
has_output_params = LDAPSearch.has_output_params + output_params
def post_callback(self, ldap, entries, truncated, *args, **options):
- if options.get('pkey_only', False):
+ if options.pop('pkey_only', False):
return
for entry in entries:
(dn, attrs) = entry
@@ -379,9 +373,9 @@ class permission_find(LDAPSearch):
# Now find all the ACIs that match. Once we find them, add any that
# aren't already in the list along with their permission info.
- options['aciprefix'] = ACI_PREFIX
opts = copy.copy(options)
+ opts['aciprefix'] = ACI_PREFIX
try:
# permission ACI attribute is needed
del opts['raw']
@@ -422,7 +416,8 @@ class permission_show(LDAPRetrieve):
has_output_params = LDAPRetrieve.has_output_params + output_params
def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
try:
- aci = self.api.Command.aci_show(keys[-1], aciprefix=ACI_PREFIX, **options)['result']
+ common_options = dict((k, options[k]) for k in ('all', 'raw') if k in options)
+ aci = self.api.Command.aci_show(keys[-1], aciprefix=ACI_PREFIX, **common_options)['result']
for attr in self.obj.aci_attributes:
if attr in aci:
entry_attrs[attr] = aci[attr]
diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py
index a60475b7c..82f2a0cc0 100644
--- a/ipalib/plugins/selfservice.py
+++ b/ipalib/plugins/selfservice.py
@@ -149,8 +149,7 @@ class selfservice_del(crud.Delete):
msg_summary = _('Deleted selfservice "%(value)s"')
def execute(self, aciname, **kw):
- kw['aciprefix'] = ACI_PREFIX
- result = api.Command['aci_del'](aciname, **kw)
+ result = api.Command['aci_del'](aciname, aciprefix=ACI_PREFIX)
self.obj.postprocess_result(result)
return dict(
diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py
index e60eb5d52..fa67cbc2d 100644
--- a/tests/test_xmlrpc/test_selfservice_plugin.py
+++ b/tests/test_xmlrpc/test_selfservice_plugin.py
@@ -46,7 +46,8 @@ class test_selfservice(Declarative):
dict(
desc='Try to update non-existent %r' % selfservice1,
- command=('selfservice_mod', [selfservice1], dict(description=u'Foo')),
+ command=('selfservice_mod', [selfservice1],
+ dict(permissions=u'write')),
expected=errors.NotFound(
reason=u'ACI with name "%s" not found' % selfservice1),
),