From 655aa0fcdfefe8582d7527ae3638a8e9368a7d51 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 4 Nov 2010 10:44:49 -0400
Subject: Add the --rights option to the LDAPUpdate base class.

ticket 437
---
 ipalib/plugins/baseldap.py | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

(limited to 'ipalib')

diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 708d1e4a..6bf9b3b3 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -149,6 +149,20 @@ def get_attributes(attrs):
     return attrlist
 
 
+def get_effective_rights(ldap, dn, attrs=None):
+    if attrs is None:
+        attrs = ['*', 'nsaccountlock']
+    rights = ldap.get_effective_rights(dn, attrs)
+    rdict = {}
+    if 'attributelevelrights' in rights[1]:
+        rights = rights[1]['attributelevelrights']
+        rights = rights[0].split(', ')
+        for r in rights:
+            (k,v) = r.split(':')
+            rdict[k.strip().lower()] = v
+
+    return rdict
+
 class LDAPObject(Object):
     """
     Object representing a LDAP entry.
@@ -562,15 +576,7 @@ class LDAPRetrieve(LDAPQuery):
                 self.obj.handle_not_found(*keys)
 
         if options.get('rights', False) and options.get('all', False):
-            rights = ldap.get_effective_rights(dn, ['*', 'nsaccountlock'])
-            if 'attributelevelrights' in rights[1]:
-                rights = rights[1]['attributelevelrights']
-                rights = rights[0].split(', ')
-                rdict = {}
-                for r in rights:
-                    (k,v) = r.split(':')
-                    rdict[k] = v
-                entry_attrs['attributelevelrights'] = rdict
+            entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
 
         for callback in self.POST_CALLBACKS:
             if hasattr(callback, 'im_self'):
@@ -599,7 +605,12 @@ class LDAPUpdate(LDAPQuery, crud.Update):
     Update an LDAP entry.
     """
 
-    takes_options = _attr_options
+    takes_options = _attr_options + (
+        Flag('rights',
+            label=_('Rights'),
+            doc=_('Display the access rights to modify this entry (requires --all)'),
+        ),
+    )
 
     has_output_params = global_output_params
 
@@ -704,6 +715,9 @@ class LDAPUpdate(LDAPQuery, crud.Update):
                     format=_('the entry was deleted while being modified')
                 )
 
+        if options.get('rights', False) and options.get('all', False):
+            entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
+
         for callback in self.POST_CALLBACKS:
             if hasattr(callback, 'im_self'):
                 dn = callback(ldap, dn, entry_attrs, *keys, **options)
-- 
cgit