summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/permission.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r--ipalib/plugins/permission.py56
1 files changed, 0 insertions, 56 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 2d300e246..2cf42bbc0 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -24,7 +24,6 @@ from ipalib import api, _, ngettext
from ipalib import Flag, Str, StrEnum
from ipalib.request import context
from ipalib import errors
-from ipalib.dn import DN
__doc__ = _("""
Permissions
@@ -91,44 +90,6 @@ output_params = (
),
)
-dn_ipaconfig = str(DN('cn=ipaconfig,cn=etc,%s' % api.env.basedn))
-
-
-def check_attrs(attrs, type):
- # Trying to delete attributes - no need for validation
- if attrs is None:
- return True
- allowed_objcls=[]
- disallowed_objcls=[]
- obj=api.Object[type]
-
- if obj.object_class_config:
- (dn,objcls)=api.Backend.ldap2.get_entry(
- dn_ipaconfig,[obj.object_class_config]
- )
- allowed_objcls=objcls[obj.object_class_config]
- else:
- allowed_objcls=obj.object_class
- if obj.possible_objectclasses:
- allowed_objcls+=obj.possible_objectclasses
- if obj.disallow_object_classes:
- disallowed_objcls=obj.disallow_object_classes
-
- allowed_attrs=[]
- disallowed_attrs=[]
- if allowed_objcls:
- allowed_attrs=api.Backend.ldap2.get_allowed_attributes(allowed_objcls)
- if disallowed_objcls:
- disallowed_attrs=api.Backend.ldap2.get_allowed_attributes(disallowed_objcls)
- failed_attrs=[]
- for attr in attrs:
- if (attr not in allowed_attrs) or (attr in disallowed_attrs):
- failed_attrs.append(attr)
- if failed_attrs:
- raise errors.ObjectclassViolation(info='attribute(s) \"%s\" not allowed' % ','.join(failed_attrs))
- return True
-
-
class permission(LDAPObject):
"""
Permission object.
@@ -234,8 +195,6 @@ class permission_add(LDAPCreate):
opts['permission'] = keys[-1]
opts['aciprefix'] = ACI_PREFIX
try:
- if 'type' in entry_attrs and 'attrs' in entry_attrs:
- check_attrs(entry_attrs['attrs'],entry_attrs['type'])
self.api.Command.aci_add(keys[-1], **opts)
except Exception, e:
raise e
@@ -317,21 +276,6 @@ class permission_mod(LDAPUpdate):
except errors.NotFound:
self.obj.handle_not_found(*keys)
- # check the correctness of attributes only when the type is specified
- type=None
- attrs_to_check=[]
- current_values=self.api.Command.permission_show(attrs['cn'][0])['result']
- if 'type' in entry_attrs:
- type = entry_attrs['type']
- elif 'type' in current_values:
- type = current_values['type']
- if 'attrs' in entry_attrs:
- attrs_to_check = entry_attrs['attrs']
- elif 'attrs' in current_values:
- attrs_to_check = current_values['attrs']
- if attrs_to_check and type is not None:
- check_attrs(attrs_to_check,type)
-
# when renaming permission, check if the target permission does not
# exists already. Then, make changes to underlying ACI
if 'rename' in options: