diff options
-rw-r--r-- | ipalib/plugins/delegation.py | 1 | ||||
-rw-r--r-- | ipalib/plugins/permission.py | 19 | ||||
-rw-r--r-- | ipalib/plugins/selfservice.py | 2 | ||||
-rw-r--r-- | ipalib/plugins/user.py | 1 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 11 |
5 files changed, 19 insertions, 15 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index f602507bd..0f3eecd7b 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -18,7 +18,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import copy from ipalib import api, _, ngettext from ipalib import Flag, Str from ipalib.request import context diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index ec3d78d1b..89f9eaa62 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import copy - from ipalib.plugins.baseldap import * from ipalib import api, _, ngettext from ipalib import Flag, Str, StrEnum @@ -189,6 +187,11 @@ class permission(LDAPObject): return False return True + def filter_aci_attributes(self, options): + """Return option dictionary that only includes ACI attributes""" + return dict((k, v) for k, v in options.items() if + k in self.aci_attributes) + api.register(permission) @@ -200,7 +203,7 @@ class permission_add(LDAPCreate): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # Test the ACI before going any further - opts = copy.copy(options) + opts = self.obj.filter_aci_attributes(options) opts['test'] = True opts['permission'] = keys[-1] opts['aciprefix'] = ACI_PREFIX @@ -217,7 +220,7 @@ class permission_add(LDAPCreate): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): # Now actually add the aci. - opts = copy.copy(options) + opts = self.obj.filter_aci_attributes(options) opts['test'] = False opts['permission'] = keys[-1] opts['aciprefix'] = ACI_PREFIX @@ -340,9 +343,7 @@ class permission_mod(LDAPUpdate): raise errors.ValidationError( name='rename',error=_('New name can not be empty')) - opts = copy.copy(options) - for o in ['all', 'raw', 'rights', 'test', 'rename']: - opts.pop(o, None) + opts = self.obj.filter_aci_attributes(options) setattr(context, 'aciupdate', False) # If there are no options left we don't need to do anything to the # underlying ACI. @@ -434,13 +435,11 @@ class permission_find(LDAPSearch): # Now find all the ACIs that match. Once we find them, add any that # aren't already in the list along with their permission info. - opts = copy.copy(options) + opts = self.obj.filter_aci_attributes(options) if aciname: opts['aciname'] = aciname opts['aciprefix'] = ACI_PREFIX # permission ACI attribute is needed - opts.pop('raw', None) - opts.pop('sizelimit', None) aciresults = self.api.Command.aci_find(*args, **opts) truncated = truncated or aciresults['truncated'] results = aciresults['result'] diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 82f2a0cc0..2b1048854 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -17,8 +17,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import copy - from ipalib import api, _, ngettext from ipalib import Flag, Str from ipalib.request import context diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py index 7e98bba4c..c19d9a666 100644 --- a/ipalib/plugins/user.py +++ b/ipalib/plugins/user.py @@ -19,7 +19,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from time import gmtime, strftime, strptime -import copy import string from ipalib import api, errors diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index 847b03e58..8aaa4a999 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -304,6 +304,8 @@ class test_permission(Declarative): 'permission_add', [permission2], dict( type=u'user', permissions=u'write', + setattr=u'owner=cn=test', + addattr=u'owner=cn=test2', ) ), expected=dict( @@ -315,6 +317,7 @@ class test_permission(Declarative): objectclass=objectclasses.permission, type=u'user', permissions=[u'write'], + owner=[u'cn=test', u'cn=test2'], ), ), ), @@ -482,7 +485,12 @@ class test_permission(Declarative): dict( desc='Update %r' % permission1, command=( - 'permission_mod', [permission1], dict(permissions=u'read', memberof=u'ipausers') + 'permission_mod', [permission1], dict( + permissions=u'read', + memberof=u'ipausers', + setattr=u'owner=cn=other-test', + addattr=u'owner=cn=other-test2', + ) ), expected=dict( value=permission1, @@ -494,6 +502,7 @@ class test_permission(Declarative): type=u'user', permissions=[u'read'], memberof=u'ipausers', + owner=[u'cn=other-test', u'cn=other-test2'], ), ), ), |