diff options
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/aci.py | 11 | ||||
-rw-r--r-- | ipalib/plugins/baseldap.py | 12 | ||||
-rw-r--r-- | ipalib/plugins/delegation.py | 85 | ||||
-rw-r--r-- | ipalib/plugins/selfservice.py | 3 |
4 files changed, 47 insertions, 64 deletions
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py index 8a10efccb..e4ef2ef17 100644 --- a/ipalib/plugins/aci.py +++ b/ipalib/plugins/aci.py @@ -126,6 +126,7 @@ from ipalib.aci import ACI from ipalib.dn import DN from ipalib import output from ipalib import _, ngettext +from ipalib.plugins.baseldap import gen_pkey_only_option if api.env.in_server and api.env.context in ['lite', 'server']: from ldap import explode_dn from ipapython.ipa_log_manager import * @@ -297,7 +298,7 @@ def _make_aci(ldap, current, aciname, kw): return a -def _aci_to_kw(ldap, a, test=False): +def _aci_to_kw(ldap, a, test=False, pkey_only=False): """Convert an ACI into its equivalent keywords. This is used for the modify operation so we can merge the @@ -306,6 +307,8 @@ def _aci_to_kw(ldap, a, test=False): """ kw = {} kw['aciprefix'], kw['aciname'] = _parse_aci_name(a.name) + if pkey_only: + return kw kw['permissions'] = tuple(a.permissions) if 'targetattr' in a.target: kw['attrs'] = list(a.target['targetattr']['expression']) @@ -682,7 +685,8 @@ class aci_find(crud.Search): NO_CLI = True msg_summary = ngettext('%(count)d ACI matched', '%(count)d ACIs matched', 0) - takes_options = (_prefix_option.clone_rename("aciprefix?", required=False),) + takes_options = (_prefix_option.clone_rename("aciprefix?", required=False), + gen_pkey_only_option("name"),) def execute(self, term, **kw): ldap = self.api.Backend.ldap2 @@ -837,7 +841,8 @@ class aci_find(crud.Search): if kw.get('raw', False): aci = dict(aci=unicode(result)) else: - aci = _aci_to_kw(ldap, result) + aci = _aci_to_kw(ldap, result, + pkey_only=kw.get('pkey_only', False)) acis.append(aci) return dict( diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 82ccf3769..3d6480458 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1552,6 +1552,12 @@ class LDAPRemoveMember(LDAPModMember): return +def gen_pkey_only_option(cli_name): + return Flag('pkey_only?', + label=_('Primary key only'), + doc=_('Results should contain primary key attribute only ("%s")') \ + % to_cli(cli_name),) + class LDAPSearch(BaseLDAPCommand, crud.Search): """ Retrieve all LDAP entries matching the given criteria. @@ -1594,11 +1600,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search): yield option if self.obj.primary_key and \ 'no_output' not in self.obj.primary_key.flags: - yield Flag('pkey_only?', - label=_('Primary key only'), - doc=_('Results should contain primary key attribute only ("%s")') \ - % to_cli(self.obj.primary_key.cli_name), - ) + yield gen_pkey_only_option(self.obj.primary_key.cli_name) for attr in self.member_attributes: for ldap_obj_name in self.obj.attribute_members[attr]: ldap_obj = self.api.Object[ldap_obj_name] diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index 5fe1511f2..660425013 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -1,5 +1,6 @@ # Authors: # Rob Crittenden <rcritten@redhat.com> +# Martin Kosek <mkosek@redhat.com> # # Copyright (C) 2010 Red Hat # see file 'COPYING' for use and warranty information @@ -24,6 +25,7 @@ from ipalib.request import context from ipalib import api, crud, errors from ipalib import output from ipalib import Object, Command +from ipalib.plugins.baseldap import gen_pkey_only_option __doc__ = _(""" Group to Group Delegation @@ -53,45 +55,6 @@ EXAMPLES: ACI_PREFIX=u"delegation" -def convert_delegation(ldap, aci): - """ - memberOf is in filter but we want to pull out the group for easier - displaying. - """ - filter = aci['memberof'] - st = filter.find('memberOf=') - if st == -1: - raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname'])) - en = filter.find(')', st) - membergroup = filter[st+9:en] - try: - (dn, entry_attrs) = ldap.get_entry(membergroup, ['cn']) - except Exception, e: - # Uh oh, the group we're granting access to has an error - msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e)) - raise errors.NonFatalError(reason=msg) - aci['memberof'] = entry_attrs['cn'][0] - - del aci['aciprefix'] # do not include prefix in result - - return aci - -def is_delegation(ldap, aciname): - """ - Determine if the ACI is a Delegation ACI and raise an exception if it - isn't. - - Return the result if it is a delegation ACI, adding a new attribute - membergroup. - """ - result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX)['result'] - if 'memberof' in result: - result = convert_delegation(ldap, result) - else: - raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname)) - return result - - class delegation(Object): """ Delegation object. @@ -163,8 +126,12 @@ class delegation_add(crud.Create): kw['permissions'] = (u'write',) kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_add'](aciname, **kw)['result'] - if 'memberof' in result: - result = convert_delegation(ldap, result) + + # do not include prefix in result + try: + del result['aciprefix'] + except KeyError: + pass return dict( result=result, @@ -181,8 +148,6 @@ class delegation_del(crud.Delete): msg_summary = _('Deleted delegation "%(value)s"') def execute(self, aciname, **kw): - ldap = self.api.Backend.ldap2 - is_delegation(ldap, aciname) kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_del'](aciname, **kw) return dict( @@ -199,12 +164,15 @@ class delegation_mod(crud.Update): msg_summary = _('Modified delegation "%(value)s"') def execute(self, aciname, **kw): - ldap = self.api.Backend.ldap2 - is_delegation(ldap, aciname) kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_mod'](aciname, **kw)['result'] - if 'memberof' in result: - result = convert_delegation(ldap, result) + + # do not include prefix in result + try: + del result['aciprefix'] + except KeyError: + pass + return dict( result=result, value=aciname, @@ -220,17 +188,18 @@ class delegation_find(crud.Search): '%(count)d delegation matched', '%(count)d delegations matched', 0 ) + takes_options = (gen_pkey_only_option("name"),) + def execute(self, term, **kw): ldap = self.api.Backend.ldap2 kw['aciprefix'] = ACI_PREFIX - acis = api.Command['aci_find'](term, **kw)['result'] - results = [] - for aci in acis: + results = api.Command['aci_find'](term, **kw)['result'] + + for aci in results: + # do not include prefix in result try: - if 'memberof' in aci: - aci = convert_delegation(ldap, aci) - results.append(aci) - except errors.NotFound: + del aci['aciprefix'] + except KeyError: pass return dict( @@ -252,8 +221,12 @@ class delegation_show(crud.Retrieve): ) def execute(self, aciname, **kw): - ldap = self.api.Backend.ldap2 - result = is_delegation(ldap, aciname) + result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX)['result'] + # do not include prefix in result + try: + del result['aciprefix'] + except KeyError: + pass return dict( result=result, value=aciname, diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 902e16baf..2db376479 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -24,6 +24,7 @@ from ipalib.request import context from ipalib import api, crud, errors from ipalib import output from ipalib import Object, Command +from ipalib.plugins.baseldap import gen_pkey_only_option __doc__ = _(""" Self-service Permissions @@ -182,6 +183,8 @@ class selfservice_find(crud.Search): '%(count)d selfservice matched', '%(count)d selfservices matched', 0 ) + takes_options = (gen_pkey_only_option("name"),) + def execute(self, term, **kw): kw['selfaci'] = True kw['aciprefix'] = ACI_PREFIX |