From 44cdf8ef54ff761a5e38919b8cdce5128928985a Mon Sep 17 00:00:00 2001 From: Jr Aquino Date: Thu, 16 Jun 2011 11:57:13 -0700 Subject: Raise DuplicateEntry Error when adding a duplicate sudo option https://fedorahosted.org/freeipa/ticket/1276 https://fedorahosted.org/freeipa/ticket/1277 https://fedorahosted.org/freeipa/ticket/1308 Added new Exception: AttrValueNotFound Fixed XML Test for Sudorule remove_option 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option) --- ipalib/plugins/sudorule.py | 66 ++++++++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 26 deletions(-) (limited to 'ipalib/plugins/sudorule.py') diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 2759534e0..a7fd82775 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -52,7 +52,7 @@ class sudorule(LDAPObject): 'cn', 'ipaenabledflag', 'description', 'usercategory', 'hostcategory', 'cmdcategory', 'memberuser', 'memberhost', - 'memberallowcmd', 'memberdenycmd', + 'memberallowcmd', 'memberdenycmd', 'ipasudoopt', ] uuid_attribute = 'ipauniqueid' rdn_attribute = 'ipauniqueid' @@ -611,11 +611,19 @@ class sudorule_add_option(LDAPQuery): dn = self.obj.get_dn(cn) + if not options['ipasudoopt'].strip(): + raise errors.EmptyModlist() (dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt']) - entry_attrs.setdefault('ipasudoopt', []).append( - options['ipasudoopt'] - ) + try: + if options['ipasudoopt'] not in entry_attrs['ipasudoopt']: + entry_attrs.setdefault('ipasudoopt', []).append( + options['ipasudoopt']) + else: + raise errors.DuplicateEntry + except KeyError: + entry_attrs.setdefault('ipasudoopt', []).append( + options['ipasudoopt']) try: ldap.update_entry(dn, entry_attrs) except errors.EmptyModlist: @@ -623,15 +631,12 @@ class sudorule_add_option(LDAPQuery): except errors.NotFound: self.obj.handle_not_found(cn) - return dict(result=entry_attrs) - - def output_for_cli(self, textui, result, cn, **options): - textui.print_name(self.name) - textui.print_dashed( - 'Added option "%s" to Sudo rule "%s"' % ( - options['ipasudoopt'], cn + attrs_list = self.obj.default_attributes + (dn, entry_attrs) = ldap.get_entry( + dn, attrs_list, normalize=self.obj.normalize_dn ) - ) + + return dict(result=entry_attrs) api.register(sudorule_add_option) @@ -641,7 +646,7 @@ class sudorule_remove_option(LDAPQuery): Remove an option from Sudo rule. """ takes_options = ( - Str('ipasudoopt?', + Str('ipasudoopt', cli_name='sudooption', label=_('Sudo Option'), ), @@ -652,25 +657,34 @@ class sudorule_remove_option(LDAPQuery): dn = self.obj.get_dn(cn) + if not options['ipasudoopt'].strip(): + raise errors.EmptyModlist() (dn, entry_attrs) = ldap.get_entry(dn, ['ipasudoopt']) try: - entry_attrs.setdefault('ipasudoopt', []).remove( - options['ipasudoopt'] - ) - ldap.update_entry(dn, entry_attrs) - except (ValueError, errors.EmptyModlist): + if options['ipasudoopt'] in entry_attrs['ipasudoopt']: + entry_attrs.setdefault('ipasudoopt', []).remove( + options['ipasudoopt']) + ldap.update_entry(dn, entry_attrs) + else: + raise errors.AttrValueNotFound( + attr='ipasudoopt', + value=options['ipasudoopt'] + ) + except ValueError, e: pass + except KeyError: + raise errors.AttrValueNotFound( + attr='ipasudoopt', + value=options['ipasudoopt'] + ) except errors.NotFound: self.obj.handle_not_found(cn) - return dict(result=True) - - def output_for_cli(self, textui, result, cn, **options): - textui.print_name(self.name) - textui.print_dashed( - 'Removed option "%s" from Sudo rule "%s"' % ( - options['ipasudoopt'], cn + attrs_list = self.obj.default_attributes + (dn, entry_attrs) = ldap.get_entry( + dn, attrs_list, normalize=self.obj.normalize_dn ) - ) + + return dict(result=entry_attrs) api.register(sudorule_remove_option) -- cgit