From ccde1154215c89ac6ad0982425555be59ab1c699 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 20 Apr 2011 13:26:20 -0400
Subject: Provide attributelevelrights for the aci components in
 permission_show.

Since the broken-out components are just part of the aci just copy right
access rights for aci.

ticket 943
---
 ipalib/plugins/permission.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'ipalib')

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index ac8b09b1d..7988b33c2 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -339,7 +339,7 @@ class permission_mod(LDAPUpdate):
 
             cn = options['rename']     # rename finished
 
-        result = self.api.Command.permission_show(cn)['result']
+        result = self.api.Command.permission_show(cn, **options)['result']
         for r in result:
             if not r.startswith('member'):
                 entry_attrs[r] = result[r]
@@ -414,6 +414,11 @@ class permission_show(LDAPRetrieve):
                     entry_attrs[attr] = aci[attr]
         except errors.NotFound:
             self.debug('ACI not found for %s' % entry_attrs['cn'][0])
+        if options.get('rights', False) and options.get('all', False):
+            # The ACI attributes are just broken-out components of aci so
+            # the rights should all match it.
+            for attr in self.obj.aci_attributes:
+                entry_attrs['attributelevelrights'][attr] = entry_attrs['attributelevelrights']['aci']
         return dn
 
 api.register(permission_show)
-- 
cgit