diff options
Diffstat (limited to 'ipalib/plugins/otptoken.py')
-rw-r--r-- | ipalib/plugins/otptoken.py | 38 |
1 files changed, 31 insertions, 7 deletions
diff --git a/ipalib/plugins/otptoken.py b/ipalib/plugins/otptoken.py index 17644e0f1..9c7bd412b 100644 --- a/ipalib/plugins/otptoken.py +++ b/ipalib/plugins/otptoken.py @@ -17,7 +17,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -from ipalib.plugins.baseldap import DN, LDAPObject, LDAPCreate, LDAPDelete, LDAPUpdate, LDAPSearch, LDAPRetrieve +from ipalib.plugins.baseldap import DN, LDAPObject, LDAPAddMember, LDAPRemoveMember +from ipalib.plugins.baseldap import LDAPCreate, LDAPDelete, LDAPUpdate, LDAPSearch, LDAPRetrieve from ipalib import api, Int, Str, Bool, Flag, Bytes, IntEnum, StrEnum, _, ngettext from ipalib.plugable import Registry from ipalib.errors import PasswordMismatch, ConversionError, LastMemberError, NotFound @@ -109,8 +110,14 @@ class otptoken(LDAPObject): default_attributes = [ 'ipatokenuniqueid', 'description', 'ipatokenowner', 'ipatokendisabled', 'ipatokennotbefore', 'ipatokennotafter', - 'ipatokenvendor', 'ipatokenmodel', 'ipatokenserial' + 'ipatokenvendor', 'ipatokenmodel', 'ipatokenserial', 'managedby' ] + attribute_members = { + 'managedby': ['user'], + } + relationships = { + 'managedby': ('Managed by', 'man_by_', 'not_man_by_'), + } rdn_is_primary_key = True label = _('OTP Tokens') @@ -138,6 +145,10 @@ class otptoken(LDAPObject): cli_name='owner', label=_('Owner'), ), + Str('managedby_user?', + label=_('Manager'), + flags=['no_create', 'no_update', 'no_search'], + ), Bool('ipatokendisabled?', cli_name='disabled', label=_('Disabled state') @@ -245,11 +256,14 @@ class otptoken_add(LDAPCreate): del entry_attrs[tattr] # If owner was not specified, default to the person adding this token. - if 'ipatokenowner' not in entry_attrs: + # If managedby was not specified, attempt a sensible default. + if 'ipatokenowner' not in entry_attrs or 'managedby' not in entry_attrs: result = self.api.Command.user_find(whoami=True)['result'] if result: cur_uid = result[0]['uid'][0] - entry_attrs.setdefault('ipatokenowner', cur_uid) + prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid) + if cur_uid == prev_uid: + entry_attrs.setdefault('managedby', result[0]['dn']) # Resolve the owner's dn _normalize_owner(self.api.Object.user, entry_attrs) @@ -326,9 +340,7 @@ class otptoken_mod(LDAPUpdate): @register() class otptoken_find(LDAPSearch): __doc__ = _('Search for OTP token.') - msg_summary = ngettext( - '%(count)d OTP token matched', '%(count)d OTP tokens matched', 0 - ) + msg_summary = ngettext('%(count)d OTP token matched', '%(count)d OTP tokens matched', 0) def pre_callback(self, ldap, filters, *args, **kwargs): # This is a hack, but there is no other way to @@ -359,3 +371,15 @@ class otptoken_show(LDAPRetrieve): def post_callback(self, ldap, dn, entry_attrs, *keys, **options): _convert_owner(self.api.Object.user, entry_attrs, options) return super(otptoken_show, self).post_callback(ldap, dn, entry_attrs, *keys, **options) + +@register() +class otptoken_add_managedby(LDAPAddMember): + __doc__ = _('Add users that can manage this token.') + + member_attributes = ['managedby'] + +@register() +class otptoken_remove_managedby(LDAPRemoveMember): + __doc__ = _('Remove hosts that can manage this host.') + + member_attributes = ['managedby'] |