summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/pwpolicy.py
Commit message (Collapse)AuthorAgeFilesLines
* ticket 1669 - improve i18n docstring extractionJohn Dennis2011-08-241-25/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reverts the use of pygettext for i18n string extraction. It was originally introduced because the help documentation for commands are in the class docstring and module docstring. Docstrings are a Python construct whereby any string which immediately follows a class declaration, function/method declaration or appears first in a module is taken to be the documentation for that object. Python automatically assigns that string to the __doc__ variable associated with the object. Explicitly assigning to the __doc__ variable is equivalent and permitted. We mark strings in the source for i18n translation by embedding them in _() or ngettext(). Specialized extraction tools (e.g. xgettext) scan the source code looking for strings with those markers and extracts the string for inclusion in a translation catalog. It was mistakingly assumed one could not mark for translation Python docstrings. Since some docstrings are vital for our command help system some method had to be devised to extract docstrings for the translation catalog. pygettext has the ability to locate and extract docstrings and it was introduced to acquire the documentation for our commands located in module and class docstrings. However pygettext was too large a hammer for this task, it lacked any fined grained ability to extract only the docstrings we were interested in. In practice it extracted EVERY docstring in each file it was presented with. This caused a large number strings to be extracted for translation which had no reason to be translated, the string might have been internal code documentation never meant to be seen by users. Often the superfluous docstrings were long, complex and likely difficult to translate. This placed an unnecessary burden on our volunteer translators. Instead what is needed is some method to extract only those strings intended for translation. We already have such a mechanism and it is already widely used, namely wrapping strings intended for translation in calls to _() or _negettext(), i.e. marking a string for i18n translation. Thus the solution to the docstring translation problem is to mark the docstrings exactly as we have been doing, it only requires that instead of a bare Python docstring we instead assign the marked string to the __doc__ variable. Using the hypothetical class foo as an example. class foo(Command): ''' The foo command takes out the garbage. ''' Would become: class foo(Command): __doc__ = _('The foo command takes out the garbage.') But which docstrings need to be marked for translation? The makeapi tool knows how to iterate over every command in our public API. It was extended to validate every command's documentation and report if any documentation is missing or not marked for translation. That information was then used to identify each docstring in the code which needed to be transformed. In summary what this patch does is: * Remove the use of pygettext (modification to install/po/Makefile.in) * Replace every docstring with an explicit assignment to __doc__ where the rhs of the assignment is an i18n marking function. * Single line docstrings appearing in multi-line string literals (e.g. ''' or """) were replaced with single line string literals because the multi-line literals were introducing unnecessary whitespace and newlines in the string extracted for translation. For example: ''' The foo command takes out the garbage. ''' Would appear in the translation catalog as: "\n The foo command takes out the garbage.\n " The superfluous whitespace and newlines are confusing to translators and requires us to strip leading and trailing whitespace from the translation at run time. * Import statements were moved from below the docstring to above it. This was necessary because the i18n markers are imported functions and must be available before the the doc is parsed. Technically only the import of the i18n markers had to appear before the doc but stylistically it's better to keep all the imports together. * It was observed during the docstring editing process that the command documentation was inconsistent with respect to the use of periods to terminate a sentence. Some doc had a trailing period, others didn't. Consistency was enforced by adding a period to end of every docstring if one was missing.
* Fixed label capitalizationEndi S. Dewata2011-07-141-1/+1
| | | | | | | | The CSS text-transform sometimes produces incorrect capitalization, so the code has been modified to use translated labels that already contain the correct capitalization. Ticket #1424
* Fixed object_name and object_name_plural internationalizationEndi S. Dewata2011-07-121-2/+2
| | | | | | | | | The object_name, object_name_plural and messages that use these attributes have been converted to support translation. The label attribute in the Param class has been modified to accept unicode string. Ticket #1435
* Fixed entity labels.Endi S. Dewata2011-06-271-1/+1
| | | | | | | | | | | | | | | | The entity labels in the following locations have been fixed: - search facet title: plural - details facet title: singular - association facet title: singular - breadcrumb: plural - adder dialog title: singular - deleter dialog title: plural Some entity labels have been changed into the correct plural form. Unused file install/ui/test/data/i18n_messages.json has been removed. Ticket #1249 Ticket #1387
* Added singular entity labels.Endi S. Dewata2011-06-271-0/+1
| | | | | | | | | | | | | | | A new attribute label_singular has been added to all entities which contains the singular form of the entity label in lower cases except for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web UI, this label can be capitalized using CSS text-transform. The existing 'label' attribute is intentionally left unchanged due to inconsistencies in the current values. It contains mostly the plural form of capitalized entity label, but some are singular. Also, it seems currently there is no comparable capitalization method on the server-side. So more work is needed before the label can be changed. Ticket #1249
* pwpolicy-mod doesn't accept old attribute valuesMartin Kosek2011-04-291-8/+19
| | | | | | | | | | When the pwpolicy attribute "cospriority" is passed to pwpolicy-mod command and the old value is kept, the command should succeed if there was at least one other attribute changed. Current pwpolicy-mod raises exception in this case which may lead to issues in the WebUI. https://fedorahosted.org/freeipa/ticket/1104
* Password policy commands do not include cospriorityMartin Kosek2011-04-111-32/+24
| | | | | | | | | Most of the pwpolicy_* commands do include cospriority in the result and potentially in the attribute rights (--all --rights). Especially when --raw output is requested. This patch fixes it for all pwpolicy commands. https://fedorahosted.org/freeipa/ticket/1103
* Rename INTERNAL to NO_CLI for commands we hide from the cli.Rob Crittenden2011-01-211-6/+6
| | | | | | Also make i18n_messages and json_metadata NO_CLI. ticket 821
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Don't look up the CoS entry with the global password policy.Rob Crittenden2010-12-031-2/+2
| | | | ticket 523
* Fix returning effective rights for password policy.Rob Crittenden2010-11-191-1/+5
| | | | | | This also returns the rights for cospriority if the policy is for a group. ticket 449
* Use distutil.version to check for min versionSimo Sorce2010-11-181-2/+8
|
* Use kerberos password policy.Rob Crittenden2010-11-011-15/+34
| | | | | | | | | | | | | | | | | | | | | | | This lets the KDC count password failures and can lock out accounts for a period of time. This only works for KDC >= 1.8. There currently is no way to unlock a locked account across a replica. MIT Kerberos 1.9 is adding support for doing so. Once that is available unlock will be added. The concept of a "global" password policy has changed. When we were managing the policy using the IPA password plugin it was smart enough to search up the tree looking for a policy. The KDC is not so smart and relies on the krbpwdpolicyreference to find the policy. For this reason every user entry requires this attribute. I've created a new global_policy entry to store the default password policy. All users point at this now. The group policy works the same and can override this setting. As a result the special "GLOBAL" name has been replaced with global_policy. This policy works like any other and is the default if a name is not provided on the command-line. ticket 51
* Don't allow managed groups to have group password policy.Rob Crittenden2010-10-281-1/+4
| | | | | | | UPG cannot have members and we use memberOf in class of service to determine which policy to apply. ticket 160
* policy and configAdam Young2010-10-071-0/+2
| | | | | | | | Population of the policy and entites tabs. DNS and ACI are broken due to PLugin issues Fix for entities without search Added new files to Makefile.am used rolegroup.js file as the start point, renamed to serverconfig.js
* Generate additional positional arguments for baseldap commands from takes_args.Pavel Zuna2010-10-061-1/+3
|
* Update command documentation based on feedback from docs team.Rob Crittenden2010-08-271-20/+22
| | | | ticket #158
* First pass at per-command documentationRob Crittenden2010-06-221-0/+37
|
* Enforce that max password lifetime is greater than the min lifetimeRob Crittenden2010-05-171-3/+28
| | | | 461325
* Replace old pwpolicy plugin with new one using baseldap, fix tests.Rob Crittenden2010-05-171-358/+229
| | | | Fix deletion of policy when a group is removed.
* Use escapes in DNs instead of quoting.Rob Crittenden2010-04-191-15/+28
| | | | Based on initial patch from Pavel Zuna.
* Fix cut-and-paste error in pwpolicy pluginRob Crittenden2010-03-231-2/+2
|
* Do a better query so we can optimize seeing if a cospriority is uniqueRob Crittenden2010-03-231-7/+11
|
* Use ldap2.make_*dn* methods in pwpolicy plugin.Pavel Zuna2010-03-221-1/+5
| | | | Fixes #572423.
* Ensure that the group policy priority is unique.Rob Crittenden2010-03-191-10/+54
| | | | | | We use CoS to determine the order in which group policy is applied. The behavior in CoS is undefined for multiple entries with the same cospriority.
* Fix a number of bugs in the pwpolicy pluginRob Crittenden2010-03-191-8/+22
| | | | | | | | | | This fixes: - Consistent usage of priority vs cospriority in options - Fixes bug introduced with recent patch where global policy couldn't be updated - Doesn't allow cospriority to be removed for groups (#570536) - returns the priority with group policy so it can be displayed - Properly unicode encode group names for display
* Catch modifications with no updates and raise an errorRob Crittenden2010-03-171-2/+8
| | | | 569848
* localize doc stringsJohn Dennis2010-03-081-1/+1
| | | | | | | | | | | | A number of doc strings were not localized, wrap them in _(). Some messages were not localized, wrap them in _() Fix a couple of failing tests: The method name in RPC should not be unicode. The doc attribute must use the .msg attribute for comparison. Also clean up imports of _() The import should come from ipalib or ipalib.text, not ugettext from request.
* Don't calculate min/max lifetime if None is passed in.Rob Crittenden2010-03-071-2/+2
| | | | | | | | None is passed if the option is set with --minlife=''. This is a valid use case to delete a non-required attribute. In this case we simply don't do the math on None and things work as expected. 569847
* Translatable Param.label, Param.docJason Gerard DeRose2010-02-241-19/+24
|
* Convert password policy integer values to unicode instead of str.Pavel Zuna2010-02-171-2/+2
|
* Fix the pwpolicy plugin to work better with new output system.Rob Crittenden2010-02-171-9/+24
|
* Implement pwplicy_find to show all group password policiesRob Crittenden2010-02-031-0/+32
| | | | | find is a bit of a misnomer here because we consider no search terms, it is all or nothing.
* Allow cospriority to be updated and fix description of priority orderingRob Crittenden2010-01-191-7/+27
| | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work.
* Take 2: Extensible return values and validation; steps toward a single ↵Jason Gerard DeRose2009-12-101-42/+25
| | | | output_for_cli(); enable more webUI stuff
* Add support for per-group kerberos password policy.Rob Crittenden2009-10-051-17/+217
| | | | | | | | | | Use a Class of Service template to do per-group password policy. The design calls for non-overlapping groups but with cospriority we can still make sense of things. The password policy entries stored under the REALM are keyed only on the group name because the MIT ldap plugin can't handle quotes in the DN. It also can't handle spaces between elements in the DN.
* Rename plugins2 to plugins.Pavel Zuna2009-07-021-4/+4
|
* Rename plugins2 files (remove '2' suffix').Pavel Zuna2009-07-021-0/+148
|
* Delete plugins using old LDAP backend.Pavel Zuna2009-07-021-127/+0
|
* Renamed remaining plugins still using f_* b_* conventionJason Gerard DeRose2009-04-011-0/+127
generated by cgit (git 2.34.1) at 2024-05-04 14:33:02 +0000