From bfd2e383dcb0cd5ce156775982e87d6ac32513a3 Mon Sep 17 00:00:00 2001 From: Jr Aquino Date: Mon, 4 Oct 2010 15:56:40 -0700 Subject: Added modifications to the sudorule plugin to reflect the schema update. --- ipalib/plugins/sudorule.py | 58 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 17 deletions(-) (limited to 'ipalib/plugins/sudorule.py') diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 3e7038605..434e23ab1 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -34,14 +34,15 @@ class sudorule(LDAPObject): object_name_plural = 'Sudo Rules' object_class = ['ipaassociation', 'ipasudorule'] default_attributes = [ - 'cn', 'accessruletype', 'description', + 'cn', 'description', ] uuid_attribute = 'ipauniqueid' attribute_members = { 'memberuser': ['user', 'group'], 'memberhost': ['host', 'hostgroup'], - 'membercmd': ['sudocmd', 'sudocmdgroup'], + 'memberallowcmd': ['sudocmd', 'sudocmdgroup'], + 'memberdenycmd': ['sudocmd', 'sudocmdgroup'], } label = _('SudoRule') @@ -55,12 +56,6 @@ class sudorule(LDAPObject): Str('description?', cli_name='desc', label=_('Description'), - ), - StrEnum('accessruletype', - cli_name='type', - doc=_('Rule type (allow or deny)'), - label=_('Rule type'), - values=(u'allow', u'deny'), ), Str('memberuser_user?', label=_('Users'), @@ -74,14 +69,23 @@ class sudorule(LDAPObject): label=_('Host Groups'), flags=['no_create', 'no_update', 'no_search'], ), - Str('membercmd_sudocmd?', - label=_('Sudo Commands'), + Str('memberallowcmd_sudocmd?', + label=_('Sudo Allow Commands'), + flags=['no_create', 'no_update', 'no_search'], + ), + Str('memberdenycmd_sudocmd?', + label=_('Sudo Deny Commands'), + flags=['no_create', 'no_update', 'no_search'], + ), + Str('memberallowcmd_sudocmdgroup?', + label=_('Sudo Command Groups'), flags=['no_create', 'no_update', 'no_search'], ), - Str('membercmd_sudocmdgroup?', + Str('memberdenycmd_sudocmdgroup?', label=_('Sudo Command Groups'), flags=['no_create', 'no_update', 'no_search'], ), + ) def get_dn(self, *keys, **kwargs): @@ -139,24 +143,44 @@ class sudorule_show(LDAPRetrieve): api.register(sudorule_show) -class sudorule_add_command(LDAPAddMember): +class sudorule_add_allow_command(LDAPAddMember): + """ + Add commands and sudo command groups affected by Sudo Rule. + """ + member_attributes = ['memberallowcmd'] + member_count_out = ('%i object added.', '%i objects added.') + +api.register(sudorule_add_allow_command) + + +class sudorule_remove_allow_command(LDAPRemoveMember): + """ + Remove commands and sudo command groups affected by Sudo Rule. + """ + member_attributes = ['memberallowcmd'] + member_count_out = ('%i object removed.', '%i objects removed.') + +api.register(sudorule_remove_allow_command) + + +class sudorule_add_deny_command(LDAPAddMember): """ Add commands and sudo command groups affected by Sudo Rule. """ - member_attributes = ['membercmd'] + member_attributes = ['memberdenycmd'] member_count_out = ('%i object added.', '%i objects added.') -api.register(sudorule_add_command) +api.register(sudorule_add_deny_command) -class sudorule_remove_command(LDAPRemoveMember): +class sudorule_remove_deny_command(LDAPRemoveMember): """ Remove commands and sudo command groups affected by Sudo Rule. """ - member_attributes = ['membercmd'] + member_attributes = ['memberdenycmd'] member_count_out = ('%i object removed.', '%i objects removed.') -api.register(sudorule_remove_command) +api.register(sudorule_remove_deny_command) class sudorule_add_user(LDAPAddMember): -- cgit