diff options
Diffstat (limited to 'ipalib/plugins/group.py')
-rw-r--r-- | ipalib/plugins/group.py | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py index 13208542c..65657363a 100644 --- a/ipalib/plugins/group.py +++ b/ipalib/plugins/group.py @@ -72,6 +72,8 @@ EXAMPLES: ipa group-show localadmins """) +protected_group_name = u'admins' + class group(LDAPObject): """ Group object. @@ -164,7 +166,9 @@ class group_del(LDAPDelete): group_attrs = self.obj.methods.show( self.obj.get_primary_key_from_dn(dn), all=True )['result'] - + if keys[0] == protected_group_name: + raise errors.ProtectedEntryError(label=_(u'group'), key=keys[0], + reason=_(u'privileged group')) if 'mepmanagedby' in group_attrs: raise errors.ManagedGroupError() return dn @@ -276,6 +280,16 @@ api.register(group_add_member) class group_remove_member(LDAPRemoveMember): __doc__ = _('Remove members from a group.') + def pre_callback(self, ldap, dn, found, not_found, *keys, **options): + if keys[0] == protected_group_name: + result = api.Command.group_show(protected_group_name) + users_left = set(result['result'].get('member_user', [])) + users_deleted = set(options['user']) + if users_left.issubset(users_deleted): + raise errors.LastMemberError(key=sorted(users_deleted)[0], + label=_(u'group'), container=protected_group_name) + return dn + api.register(group_remove_member) |