summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/group.py
Commit message (Collapse)AuthorAgeFilesLines
* ticket 1669 - improve i18n docstring extractionJohn Dennis2011-08-241-32/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reverts the use of pygettext for i18n string extraction. It was originally introduced because the help documentation for commands are in the class docstring and module docstring. Docstrings are a Python construct whereby any string which immediately follows a class declaration, function/method declaration or appears first in a module is taken to be the documentation for that object. Python automatically assigns that string to the __doc__ variable associated with the object. Explicitly assigning to the __doc__ variable is equivalent and permitted. We mark strings in the source for i18n translation by embedding them in _() or ngettext(). Specialized extraction tools (e.g. xgettext) scan the source code looking for strings with those markers and extracts the string for inclusion in a translation catalog. It was mistakingly assumed one could not mark for translation Python docstrings. Since some docstrings are vital for our command help system some method had to be devised to extract docstrings for the translation catalog. pygettext has the ability to locate and extract docstrings and it was introduced to acquire the documentation for our commands located in module and class docstrings. However pygettext was too large a hammer for this task, it lacked any fined grained ability to extract only the docstrings we were interested in. In practice it extracted EVERY docstring in each file it was presented with. This caused a large number strings to be extracted for translation which had no reason to be translated, the string might have been internal code documentation never meant to be seen by users. Often the superfluous docstrings were long, complex and likely difficult to translate. This placed an unnecessary burden on our volunteer translators. Instead what is needed is some method to extract only those strings intended for translation. We already have such a mechanism and it is already widely used, namely wrapping strings intended for translation in calls to _() or _negettext(), i.e. marking a string for i18n translation. Thus the solution to the docstring translation problem is to mark the docstrings exactly as we have been doing, it only requires that instead of a bare Python docstring we instead assign the marked string to the __doc__ variable. Using the hypothetical class foo as an example. class foo(Command): ''' The foo command takes out the garbage. ''' Would become: class foo(Command): __doc__ = _('The foo command takes out the garbage.') But which docstrings need to be marked for translation? The makeapi tool knows how to iterate over every command in our public API. It was extended to validate every command's documentation and report if any documentation is missing or not marked for translation. That information was then used to identify each docstring in the code which needed to be transformed. In summary what this patch does is: * Remove the use of pygettext (modification to install/po/Makefile.in) * Replace every docstring with an explicit assignment to __doc__ where the rhs of the assignment is an i18n marking function. * Single line docstrings appearing in multi-line string literals (e.g. ''' or """) were replaced with single line string literals because the multi-line literals were introducing unnecessary whitespace and newlines in the string extracted for translation. For example: ''' The foo command takes out the garbage. ''' Would appear in the translation catalog as: "\n The foo command takes out the garbage.\n " The superfluous whitespace and newlines are confusing to translators and requires us to strip leading and trailing whitespace from the translation at run time. * Import statements were moved from below the docstring to above it. This was necessary because the i18n markers are imported functions and must be available before the the doc is parsed. Technically only the import of the i18n markers had to appear before the doc but stylistically it's better to keep all the imports together. * It was observed during the docstring editing process that the command documentation was inconsistent with respect to the use of periods to terminate a sentence. Some doc had a trailing period, others didn't. Consistency was enforced by adding a period to end of every docstring if one was missing.
* Fixed label capitalizationEndi S. Dewata2011-07-141-1/+1
| | | | | | | | The CSS text-transform sometimes produces incorrect capitalization, so the code has been modified to use translated labels that already contain the correct capitalization. Ticket #1424
* Fixed object_name and object_name_plural internationalizationEndi S. Dewata2011-07-121-2/+2
| | | | | | | | | The object_name, object_name_plural and messages that use these attributes have been converted to support translation. The label attribute in the Param class has been modified to accept unicode string. Ticket #1435
* Removed invalid associations.Endi S. Dewata2011-07-011-1/+1
| | | | | | | | | The following invalid associations have been removed: - group's memberindirect netgroup and role - hostgroup's memberofindirect host Ticket #1366 Ticket #1367
* Added singular entity labels.Endi S. Dewata2011-06-271-0/+1
| | | | | | | | | | | | | | | A new attribute label_singular has been added to all entities which contains the singular form of the entity label in lower cases except for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web UI, this label can be capitalized using CSS text-transform. The existing 'label' attribute is intentionally left unchanged due to inconsistencies in the current values. It contains mostly the plural form of capitalized entity label, but some are singular. Also, it seems currently there is no comparable capitalization method on the server-side. So more work is needed before the label can be changed. Ticket #1249
* Add sudorule and hbacrule to memberof and indirectmemberof attributesJr Aquino2011-06-061-2/+3
| | | | | | | | Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170
* Fix style and grammatical issues in built-in command help.Rob Crittenden2011-03-041-4/+4
| | | | | | | There is a rather large API.txt change but it is only due to changes in the doc string in parameters. ticket 729
* Add handling for indirect memberof other entries.Rob Crittenden2011-02-211-1/+2
| | | | | | | | | | | | | | | This creates a new custom attribute, memberofindirect_[plugin]. Using this you can tell the difference between being an actual memberof another entry and being a memberof as the result if inheritence. This is particularly useful when trying to remove members of an entry, you can only remove direct members. I had to add a couple of short sleep calls to make things work a little better. The memberof plugin runs as a postop and we have no way of knowing when it has done its work. If we don't pause we may show some stale data that memberof hasn't updated yet. .3 seconds is an arbitrary choice. ticket 966
* Inconsistent error message for ipa group-detachMartin Kosek2011-02-031-1/+4
| | | | | | | | When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other topic commands. This patch adds a standard message. https://fedorahosted.org/freeipa/ticket/291
* Fix assorted bugs found by pylintJakub Hrozek2011-01-251-1/+1
|
* Improve filtering of enrollments search results.Pavel Zuna2011-01-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | This is required for effective filtering of enrollments search results in the webUI and also gives an edge to the CLI. After this patch, each LDAPObject can define its relationships to other LDAPObjects. For now, this is used only for filtering search results by enrollments, but there are probably more benefits to come. You can do this for example: # search for all users not enrolled in group admins ipa user-find --not-in-groups=admins # search for all groups not enrolled in group global with user Pavel ipa group-find --users=Pavel --not-in-groups=global # more examples: ipa group-find --users=Pavel,Jakub --no-users=Honza ipa hostgroup-find --hosts=webui.pzuna
* In meta data make ACI attributes lower-case, sorted. Add possible attributes.Rob Crittenden2010-12-211-0/+1
| | | | | | | | | | | | The metadata contains a list of possible attributes that an ACI for that object might need. Add a new variable to hold possible objectclasses for optional elements (like posixGroup for groups). To make the list easier to handle sort it and make it all lower-case. Fix a couple of missed camel-case attributes in the default ACI list. ticket 641
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Enable filtering search results by member attributes.Pavel Zuna2010-12-201-0/+2
| | | | | | | | | | | | | | LDAPSearch base class has now the ability to generate additional options for objects with member attributes. These options are used to filter search results - search only for objects without the specified members. Example: ipa group-find --no-users=admin Only direct members are taken into account. Ticket #288
* This is the second half of a patch. Only the part that had to beRob Crittenden2010-12-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | re-based got pushed for some reason. Use better description for group names in help and always prompt for members When running <foo>-[add|remove]-member completely interactively it didn't prompt for managing membership, it just reported that 0 members were handled which was rather confusing. This will work via a shell if you want to echo too: $ echo "" | ipa group-add-member g1 This returns 0 members because nothing is read for users or group members. $ echo -e "g1\nadmin\n" | ipa group-add-member This adds the user admin to the group g1. It adds it as a user because user membership is prompted for first. ticket 415
* Re-implement access control using an updated model.Rob Crittenden2010-12-011-2/+2
| | | | | | | | | | | | | | | | | | | The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445
* Create user private groups with a uniqueid.Rob Crittenden2010-11-301-1/+1
| | | | | | | | | | If we don't then we need to add it when a group is detached causing aci issues. I had to move where we create the UPG template until after the DS restart so the schema is available. ticket 542
* Change signature of LDAPSearch.pre_callback.Pavel Zuna2010-11-231-2/+2
| | | | Add the opportunity to change base DN and scope in the callback.
* Give a detached group a full set of group objectclasses.Rob Crittenden2010-11-191-8/+21
| | | | | | | The UUID plugin handles adding ipaUniqueId for us as well as the access control for it. ticket 250
* Increase # of chars in users and groups to 255 and default username to 32.Rob Crittenden2010-11-121-2/+2
| | | | ticket 434
* Populate indirect members when showing a group object.Rob Crittenden2010-10-281-9/+3
| | | | | | | | | | | | | | | This is done by creating a new attribute, memberindirect, to hold this indirect membership. The new function get_members() can return all members or just indirect or direct. We are only using it to retrieve indirect members currently. This also: * Moves all member display attributes into baseldap.py to reduce duplication * Adds netgroup nesting * Use a unique object name in hbacsvc and hbacsvcgroup ticket 296
* Allow RDN changes for users, groups, rolegroups and taskgroups.Rob Crittenden2010-10-281-0/+1
| | | | | | | | | | | | To do a change right now you have to perform a setattr like: ipa user-mod --setattr uid=newuser olduser The RDN change is performed before the rest of the mods. If the RDN change is the only change done then the EmptyModlist that update_entry() throws is ignored. ticket 323
* Add flag to group-find to only search on private groups.Pavel Zuna2010-10-201-2/+29
| | | | ticket #251
* Fix group deletionRob Crittenden2010-10-131-3/+4
| | | | ticket 347
* Fix inconsistent error message when deleting groups that don't exist.Pavel Zuna2010-10-061-1/+3
| | | | Ticket #292
* Groups are now created as POSIX by default.Rob Crittenden2010-10-011-14/+15
| | | | ticket 241
* Update command documentation based on feedback from docs team.Rob Crittenden2010-08-271-18/+24
| | | | ticket #158
* Allow decoupling of user-private groups.Rob Crittenden2010-08-101-0/+59
| | | | | | | | | | | To do this we need to break the link manually on both sides, the user and the group. We also have to verify in advance that the user performing this is allowed to do both. Otherwise the user could be decoupled but not the group leaving it in a quasi broken state that only ldapmodify could fix. ticket 75
* Properly show the members when an add/remove operation fails.Rob Crittenden2010-08-061-12/+0
| | | | | | | | | | | | The remove member function in baseldap was not returning failures at all. The add member function was only showing them in the group object. Most of the magic is handled in baseldap. Each plugin just needs to define object_name and object_name_plural. object_name must be all lower-case because fake-attributes are created so membership can be broken out per-object type. I left the plural name lower case as well. ticket 85
* Add optional error message to pattern validatorRob Crittenden2010-08-061-0/+3
| | | | | | | | | The pattern validator by default displays the pattern that is being matched against. This isn't helpful, particularly for very hairy patterns. This adds a new parameter, pattern_errmsg, that is displayed on errors if set. ticket #11
* Add separate var for search attributes and config attribute for search fieldsRob Crittenden2010-07-131-0/+1
| | | | | | | | Add an optional search_attributes variable in case the attributes you want to display by default aren't what you want to search on. Also link in any cn=ipaconfig attributes that contain a comma-separated list of attributes to search on.
* Add support for User-Private GroupsRob Crittenden2010-07-061-0/+4
| | | | | | | | | | | | | | | This uses a new 389-ds plugin, Managed Entries, to automatically create a group entry when a user is created. The DNA plugin ensures that the group has a gidNumber that matches the users uidNumber. When the user is removed the group is automatically removed as well. If the managed entries plugin is not available or if a specific, separate range for gidNumber is passed in at install time then User-Private Groups will not be configured. The code checking for the Managed Entries plugin may be removed at some point. This is there because this plugin is only available in a 389-ds alpha release currently (1.2.6-a4).
* First pass at per-command documentationRob Crittenden2010-06-221-0/+39
|
* Replace old pwpolicy plugin with new one using baseldap, fix tests.Rob Crittenden2010-05-171-1/+1
| | | | Fix deletion of policy when a group is removed.
* localize doc stringsJohn Dennis2010-03-081-1/+1
| | | | | | | | | | | | A number of doc strings were not localized, wrap them in _(). Some messages were not localized, wrap them in _() Fix a couple of failing tests: The method name in RPC should not be unicode. The doc attribute must use the .msg attribute for comparison. Also clean up imports of _() The import should come from ipalib or ipalib.text, not ugettext from request.
* Code cleanup: remove unused stuff, take 1.Pavel Zuna2010-03-011-10/+0
|
* Translatable Param.label, Param.docJason Gerard DeRose2010-02-241-11/+11
|
* Use the Output tuple to determine the order of outputRob Crittenden2010-02-151-6/+26
| | | | | | | | | | | | | | The attributes displayed is now dependant upon their definition in a Param. This enhances that, giving some level of control over how the result is displayed to the user. This also fixes displaying group membership, including failures of adding/removing entries. All tests pass now though there is still one problem. We need to return the dn as well. Once that is fixed we just need to comment out all the dn entries in the tests and they should once again pass.
* Add Object.label class attribute, enable in webUIJason Gerard DeRose2010-02-121-0/+2
|
* Remove group-specific password policy on group deletionRob Crittenden2010-01-291-0/+8
|
* Add --all to LDAPCreate and make LDAP commands always display default ↵Pavel Zuna2010-01-111-1/+1
| | | | attributes.
* Take 2: Extensible return values and validation; steps toward a single ↵Jason Gerard DeRose2009-12-101-3/+19
| | | | output_for_cli(); enable more webUI stuff
* Display membership attributes (member, memberOf) by default in show/find.Pavel Zuna2009-10-211-1/+3
|
* Fix bug in group plugin. Was using wrong variable for attributes.Pavel Zuna2009-10-081-1/+1
| | | | Fix bug #527537.
* Make the group plugin use baseldap classes.Pavel Zuna2009-10-051-124/+65
|
* Clean up additional issues discovered with pylint and pycheckerRob Crittenden2009-08-201-1/+1
|
* Change command names from *group-del-member to *group-remove-member.Pavel Zuna2009-07-091-3/+3
| | | | Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
* Fix minor bugs, typos, etc. discovered by unit tests in plugins.Pavel Zuna2009-07-021-7/+10
|
* Rename *-create/*-delete commands to *-add/*-del respectively.Pavel Zuna2009-07-021-7/+7
|
* Rename plugins2 to plugins.Pavel Zuna2009-07-021-25/+25
|
generated by cgit (git 2.34.1) at 2024-05-01 17:00:56 +0000