1 files changed, 89 insertions, 24 deletions

diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
index 5d9024275..781ca35d4 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/ipapolicy.py
@@ -15,6 +15,7 @@ from turbogears import identity
 from ipacontroller import IPAController
 from ipa.entity import utf8_encode_values
 from ipa import ipaerror
+import ipa.entity
 import ipagui.forms.ipapolicy
 
 import ldap.dn
@@ -34,16 +35,14 @@ class IPAPolicyController(IPAController):
     @identity.require(identity.in_group("admins"))
     def show(self, tg_errors=None):
         """Displays the one policy page"""
+        client = self.get_ipaclient()
+        config = client.get_ipa_config()
+        ipapolicy = config.toDict()
+
+        ppolicy = client.get_password_policy()
+        password = ppolicy.toDict()
 
-        # TODO: Get this dict from LDAP
-        ipapolicy = {}
-        ipapolicy['searchlimit'] = 2
-        ipapolicy['maxuidlength'] = 3
-        ipapolicy['passwordnotif'] = 4
-        ipapolicy['homedir'] = "/home"
-        ipapolicy['defaultgroup'] = "ipausers"
-        ipapolicy['defaultshell'] = "/bin/bash"
-        return dict(ipapolicy=ipapolicy,fields=ipagui.forms.ipapolicy.IPAPolicyFields())
+        return dict(ipapolicy=ipapolicy,password=password,fields=ipagui.forms.ipapolicy.IPAPolicyFields())
 
     @expose("ipagui.templates.ipapolicyedit")
     @identity.require(identity.in_group("admins"))
@@ -54,18 +53,28 @@ class IPAPolicyController(IPAController):
                              "Please see the messages below for details.")
 
         try:
-            # TODO: Get this dict from LDAP
-            ipapolicy_dict = {}
-            ipapolicy_dict['searchlimit'] = 2
-            ipapolicy_dict['maxuidlength'] = 3
-            ipapolicy_dict['passwordnotif'] = 4
-            ipapolicy_dict['homedir'] = "/home"
-            ipapolicy_dict['defaultgroup'] = "ipausers"
-            ipapolicy_dict['defaultshell'] = "/bin/bash"
+            client = self.get_ipaclient()
+            config = client.get_ipa_config()
+            ipapolicy_dict = config.toDict()
+
+            ppolicy = client.get_password_policy()
+            password_dict = ppolicy.toDict()
+
+            # store a copy of the original policy for the update later
+            ipapolicy_data = b64encode(dumps(ipapolicy_dict))
+            ipapolicy_dict['ipapolicy_orig'] = ipapolicy_data
+
+            # store a copy of the original policy for the update later
+            password_data = b64encode(dumps(password_dict))
+            password_dict['password_orig'] = password_data
+
+            # Combine the 2 dicts to make the form easier
+            ipapolicy_dict.update(password_dict)
+
             return dict(form=ipapolicy_edit_form, ipapolicy=ipapolicy_dict)
         except ipaerror.IPAError, e:
             turbogears.flash("IPA Policy edit failed: " + str(e) + "<br/>" + str(e.detail))
-            raise turbogears.redirect('/group/show', uid=cn)
+            raise turbogears.redirect('/ipapolicy/show')
 
 
     @expose()
@@ -86,16 +95,72 @@ class IPAPolicyController(IPAController):
             return dict(form=ipapolicy_edit_form, ipapolicy=kw,
                     tg_template='ipagui.templates.ipapolicyedit')
 
-        try:
+        policy_modified = False
+        password_modified = False
 
-            # TODO: Actually save the data
+        try:
+            orig_ipapolicy_dict = loads(b64decode(kw.get('ipapolicy_orig')))
+            orig_password_dict = loads(b64decode(kw.get('password_orig')))
+
+            new_ipapolicy = ipa.entity.Entity(orig_ipapolicy_dict)
+            new_password = ipa.entity.Entity(orig_password_dict)
+            
+            if str(new_ipapolicy.ipasearchtimelimit) != str(kw.get('ipasearchtimelimit')):
+                policy_modified = True
+                new_ipapolicy.setValue('ipasearchtimelimit', kw.get('ipasearchtimelimit'))
+            if str(new_ipapolicy.ipasearchrecordslimit) != str(kw.get('ipasearchrecordslimit')):
+                policy_modified = True
+                new_ipapolicy.setValue('ipasearchrecordslimit', kw.get('ipasearchrecordslimit'))
+            if new_ipapolicy.ipausersearchfields != kw.get('ipausersearchfields'):
+                policy_modified = True
+                new_ipapolicy.setValue('ipausersearchfields', kw.get('ipausersearchfields'))
+            if new_ipapolicy.ipagroupsearchfields != kw.get('ipagroupsearchfields'):
+                policy_modified = True
+                new_ipapolicy.setValue('ipagroupsearchfields', kw.get('ipagroupsearchfields'))
+            if str(new_ipapolicy.ipapwdexpadvnotify) != str(kw.get('ipapwdexpadvnotify')):
+                policy_modified = True
+                new_ipapolicy.setValue('ipapwdexpadvnotify', kw.get('ipapwdexpadvnotify'))
+            if str(new_ipapolicy.ipamaxusernamelength) != str(kw.get('ipamaxusernamelength')):
+                policy_modified = True
+                new_ipapolicy.setValue('ipamaxusernamelength', kw.get('ipamaxusernamelength'))
+            if new_ipapolicy.ipahomesrootdir != kw.get('ipahomesrootdir'):
+                policy_modified = True
+                new_ipapolicy.setValue('ipahomesrootdir', kw.get('ipahomesrootdir'))
+            if new_ipapolicy.ipadefaultloginshell != kw.get('ipadefaultloginshell'):
+                policy_modified = True
+                new_ipapolicy.setValue('ipadefaultloginshell', kw.get('ipadefaultloginshell'))
+            if new_ipapolicy.ipadefaultprimarygroup != kw.get('ipadefaultprimarygroup'):
+                policy_modified = True
+                new_ipapolicy.setValue('ipadefaultprimarygroup', kw.get('ipadefaultprimarygroup'))
+
+            if policy_modified:
+                rv = client.update_ipa_config(new_ipapolicy)
+
+            # Now check the password policy for updates
+            if str(new_password.krbmaxpwdlife) != str(kw.get('krbmaxpwdlife')):
+                password_modified = True
+                new_password.setValue('krbmaxpwdlife', str(kw.get('krbmaxpwdlife')))
+            if str(new_password.krbminpwdlife) != str(kw.get('krbminpwdlife')):
+                password_modified = True
+                new_password.setValue('krbminpwdlife', str(kw.get('krbminpwdlife')))
+            if str(new_password.krbpwdhistorylength) != str(kw.get('krbpwdhistorylength')):
+                password_modified = True
+                new_password.setValue('krbpwdhistorylength', str(kw.get('krbpwdhistorylength')))
+            if str(new_password.krbpwdmindiffchars) != str(kw.get('krbpwdmindiffchars')):
+                password_modified = True
+                new_password.setValue('krbpwdmindiffchars', str(kw.get('krbpwdmindiffchars')))
+            if str(new_password.krbpwdminlength) != str(kw.get('krbpwdminlength')):
+                password_modified = True
+                new_password.setValue('krbpwdminlength', str(kw.get('krbpwdminlength')))
+            if password_modified:
+                rv = client.update_password_policy(new_password)
 
             turbogears.flash("IPA Policy updated")
             raise turbogears.redirect('/ipapolicy/show')
-        except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Policy update failed: " + str(e))
-            return dict(form=policy_form, policy=kw,
-                        tg_template='ipagui.templates.policyindex')
+        except ipaerror.IPAError, e:
+            turbogears.flash("Policy update failed: " + str(e) + e.detail[0]['desc'])
+            return dict(form=ipapolicy_edit_form, ipapolicy=kw,
+                        tg_template='ipagui.templates.ipapolicyedit')
 
     @validate(form=ipapolicy_edit_form)
     @identity.require(identity.not_anonymous())