From d781dbd04596a87b0b677a82cb9e704d26471662 Mon Sep 17 00:00:00 2001
From: Jr Aquino <jr.aquino@citrix.com>
Date: Wed, 16 Feb 2011 08:04:03 -0800
Subject: 17-2 Managed netgroups should be invisible
 https://fedorahosted.org/freeipa/ticket/963

---
 ipalib/plugins/netgroup.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'ipalib/plugins/netgroup.py')

diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index ad045eeb1..e89d8c8db 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -186,6 +186,24 @@ class netgroup_find(LDAPSearch):
         '%(count)d netgroup matched', '%(count)d netgroups matched'
     )
 
+    takes_options = LDAPSearch.takes_options + (
+        Flag('private',
+            cli_name='private',
+            doc=_('search for private groups'),
+        ),
+    )
+
+    def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options):
+        # Do not display private mepManagedEntry netgroups by default
+        # If looking for private groups, we need to omit the negation search filter
+
+        if not options['private']:
+            search_kw = self.args_options_2_entry(**options)
+            search_kw['objectclass'] = ['mepManagedEntry']
+            negation = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE)
+            filter = ldap.combine_filters((negation, filter), rules='&')
+        return (filter, base_dn, scope)
+
 api.register(netgroup_find)
 
 
-- 
cgit