diff options
-rw-r--r-- | ipa-admintools/ipa-adddelegation | 19 | ||||
-rw-r--r-- | ipa-admintools/ipa-listdelegation | 4 | ||||
-rw-r--r-- | ipa-python/aci.py | 10 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/forms/delegate.py | 2 | ||||
-rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py | 35 |
5 files changed, 63 insertions, 7 deletions
diff --git a/ipa-admintools/ipa-adddelegation b/ipa-admintools/ipa-adddelegation index 8dde908f..3ac053e5 100644 --- a/ipa-admintools/ipa-adddelegation +++ b/ipa-admintools/ipa-adddelegation @@ -90,6 +90,25 @@ def main(): new_aci.dest_group = target_grp[1].dn new_aci.attrs = attr_list + aci_entry = client.get_aci_entry(['*', 'aci']) + + # Look for an existing ACI of the same name + aci_str_list = aci_entry.getValues('aci') + if aci_str_list is None: + aci_str_list = [] + if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): + aci_str_list = [aci_str_list] + + for aci_str in aci_str_list: + try: + old_aci = ipa.aci.ACI(aci_str) + if old_aci.name == new_aci.name: + print "A delegation of that name already exists" + return 2 + except SyntaxError: + # ignore aci_str's that ACI can't parse + pass + aci_entry = client.get_aci_entry(['dn']) aci_entry.setValue('aci', new_aci.export_to_string()) diff --git a/ipa-admintools/ipa-listdelegation b/ipa-admintools/ipa-listdelegation index 54ab346b..4c059c4a 100644 --- a/ipa-admintools/ipa-listdelegation +++ b/ipa-admintools/ipa-listdelegation @@ -23,6 +23,7 @@ from optparse import OptionParser import ipa.ipaclient as ipaclient import ipa.config +import operator import xmlrpclib import kerberos @@ -75,7 +76,8 @@ def main(): group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client) - for a in aci_list: + # the operator.itemgetter(0) lets us sort by the name field + for a in sorted(aci_list, key=operator.itemgetter(0)): labels = client.attrs_to_labels(a.attrs) print "Delegation Name: " + a.name print "Group " + group_dn_to_cn[a.source_group] diff --git a/ipa-python/aci.py b/ipa-python/aci.py index 60e19075..d35da8da 100644 --- a/ipa-python/aci.py +++ b/ipa-python/aci.py @@ -37,6 +37,16 @@ class ACI: if acistr is not None: self.parse_acistr(acistr) + def __getitem__(self,key): + """Fake getting attributes by key for sorting""" + if key == 0: + return self.name + if key == 1: + return self.source_group + if key == 2: + return self.dest_group + raise TypeError("Unknown key value %s" % key) + def export_to_string(self): """Converts the ACI to a string suitable for an LDAP aci attribute.""" attrs_str = ' || '.join(self.attrs) diff --git a/ipa-server/ipa-gui/ipagui/forms/delegate.py b/ipa-server/ipa-gui/ipagui/forms/delegate.py index 89011f4a..419df4fc 100644 --- a/ipa-server/ipa-gui/ipagui/forms/delegate.py +++ b/ipa-server/ipa-gui/ipagui/forms/delegate.py @@ -44,7 +44,7 @@ aci_checkbox_attrs = [(field.name, field.label) for field in aci_attrs] aci_name_to_label = dict(aci_checkbox_attrs) class DelegateFields(): - name = widgets.TextField(name="name", label="Name") + name = widgets.TextField(name="name", label="Delegation Name") source_group_dn = widgets.HiddenField(name="source_group_dn") dest_group_dn = widgets.HiddenField(name="dest_group_dn") diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py index 1515b04c..d7149265 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py @@ -19,6 +19,7 @@ import ipagui.forms.delegate import ipa.aci import ldap.dn +import operator log = logging.getLogger(__name__) @@ -63,11 +64,34 @@ class DelegationController(IPAController): tg_template='ipagui.templates.delegatenew') try: + aci_entry = client.get_aci_entry(aci_fields) + new_aci = ipa.aci.ACI() new_aci.name = kw.get('name') new_aci.source_group = kw.get('source_group_dn') new_aci.dest_group = kw.get('dest_group_dn') new_aci.attrs = kw.get('attrs') + if (new_aci.attrs, str): + new_aci.attrs = [new_aci.attrs] + + # Look for an existing ACI of the same name + aci_str_list = aci_entry.getValues('aci') + if aci_str_list is None: + aci_str_list = [] + if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)): + aci_str_list = [aci_str_list] + + for aci_str in aci_str_list: + try: + old_aci = ipa.aci.ACI(aci_str) + if old_aci.name == new_aci.name: + turbogears.flash("Delgate add failed: a delegation of that name already exists") + return dict(form=delegate_form, delegate=kw, + tg_template='ipagui.templates.delegatenew') + except SyntaxError: + # ignore aci_str's that ACI can't parse + pass + # not pulling down existing aci attributes aci_entry = client.get_aci_entry(['dn']) @@ -75,7 +99,7 @@ class DelegationController(IPAController): client.update_entry(aci_entry) except ipaerror.IPAError, e: - turbogears.flash("Delgate add failed: " + str(e)) + turbogears.flash("Delgate add failed: " + str(e) + "<br/>" + e.detail[0]['desc']) return dict(form=delegate_form, delegate=kw, tg_template='ipagui.templates.delegatenew') @@ -105,7 +129,7 @@ class DelegationController(IPAController): return dict(form=delegate_form, delegate=delegate) except (SyntaxError, ipaerror.IPAError), e: - turbogears.flash("Delegation edit failed: " + str(e)) + turbogears.flash("Delegation edit failed: " + str(e) + "<br/>" + e.detail[0]['desc']) raise turbogears.redirect('/delegate/list') @@ -162,7 +186,7 @@ class DelegationController(IPAController): turbogears.flash("delegate updated") raise turbogears.redirect('/delegate/list') except (SyntaxError, ipaerror.IPAError), e: - turbogears.flash("Delegation update failed: " + str(e)) + turbogears.flash("Delegation update failed: " + str(e) + "<br/>" + e.detail[0]['desc']) return dict(form=delegate_form, delegate=kw, tg_template='ipagui.templates.delegateedit') @@ -175,7 +199,7 @@ class DelegationController(IPAController): try: aci_entry = client.get_aci_entry(aci_fields) except ipaerror.IPAError, e: - turbogears.flash("Delegation list failed: " + str(e)) + turbogears.flash("Delegation list failed: " + str(e) + "<br/>" + e.detail[0]['desc']) raise turbogears.redirect('/') aci_str_list = aci_entry.getValues('aci') @@ -194,6 +218,7 @@ class DelegationController(IPAController): pass group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client) + aci_list = sorted(aci_list, key=operator.itemgetter(0)) # The list page needs to display field labels, not raw # LDAP attributes for aci in aci_list: @@ -237,7 +262,7 @@ class DelegationController(IPAController): turbogears.flash("delegate deleted") raise turbogears.redirect('/delegate/list') except (SyntaxError, ipaerror.IPAError), e: - turbogears.flash("Delegation deletion failed: " + str(e)) + turbogears.flash("Delegation deletion failed: " + str(e) + "<br/>" + e.detail[0]['desc']) raise turbogears.redirect('/delegate/list') @expose("ipagui.templates.delegategroupsearch") |