5 files changed, 63 insertions, 7 deletions

diff --git a/ipa-admintools/ipa-adddelegation b/ipa-admintools/ipa-adddelegation
index 8dde908f..3ac053e5 100644
--- a/ipa-admintools/ipa-adddelegation
+++ b/ipa-admintools/ipa-adddelegation
@@ -90,6 +90,25 @@ def main():
         new_aci.dest_group = target_grp[1].dn
         new_aci.attrs = attr_list
 
+        aci_entry = client.get_aci_entry(['*', 'aci'])
+
+        # Look for an existing ACI of the same name
+        aci_str_list = aci_entry.getValues('aci')
+        if aci_str_list is None:
+            aci_str_list = []
+        if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+            aci_str_list = [aci_str_list]
+
+        for aci_str in aci_str_list:
+            try:
+                old_aci = ipa.aci.ACI(aci_str)
+                if old_aci.name == new_aci.name:
+                    print "A delegation of that name already exists"
+                    return 2
+            except SyntaxError:
+                # ignore aci_str's that ACI can't parse
+                pass
+
         aci_entry = client.get_aci_entry(['dn'])
         aci_entry.setValue('aci', new_aci.export_to_string())
 
diff --git a/ipa-admintools/ipa-listdelegation b/ipa-admintools/ipa-listdelegation
index 54ab346b..4c059c4a 100644
--- a/ipa-admintools/ipa-listdelegation
+++ b/ipa-admintools/ipa-listdelegation
@@ -23,6 +23,7 @@ from optparse import OptionParser
 import ipa.ipaclient as ipaclient
 import ipa.config
 
+import operator
 import xmlrpclib
 import kerberos
 
@@ -75,7 +76,8 @@ def main():
 
     group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
-    for a in aci_list:
+    # the operator.itemgetter(0) lets us sort by the name field
+    for a in sorted(aci_list, key=operator.itemgetter(0)):
         labels = client.attrs_to_labels(a.attrs)
         print "Delegation Name: " + a.name
         print "Group " + group_dn_to_cn[a.source_group] 
diff --git a/ipa-python/aci.py b/ipa-python/aci.py
index 60e19075..d35da8da 100644
--- a/ipa-python/aci.py
+++ b/ipa-python/aci.py
@@ -37,6 +37,16 @@ class ACI:
         if acistr is not None:
             self.parse_acistr(acistr)
 
+    def __getitem__(self,key):
+        """Fake getting attributes by key for sorting"""
+        if key == 0:
+            return self.name
+        if key == 1:
+            return self.source_group
+        if key == 2:
+            return self.dest_group
+        raise TypeError("Unknown key value %s" % key)
+
     def export_to_string(self):
         """Converts the ACI to a string suitable for an LDAP aci attribute."""
         attrs_str = ' || '.join(self.attrs)
diff --git a/ipa-server/ipa-gui/ipagui/forms/delegate.py b/ipa-server/ipa-gui/ipagui/forms/delegate.py
index 89011f4a..419df4fc 100644
--- a/ipa-server/ipa-gui/ipagui/forms/delegate.py
+++ b/ipa-server/ipa-gui/ipagui/forms/delegate.py
@@ -44,7 +44,7 @@ aci_checkbox_attrs = [(field.name, field.label) for field in aci_attrs]
 aci_name_to_label = dict(aci_checkbox_attrs)
 
 class DelegateFields():
-    name = widgets.TextField(name="name", label="Name")
+    name = widgets.TextField(name="name", label="Delegation Name")
 
     source_group_dn = widgets.HiddenField(name="source_group_dn")
     dest_group_dn = widgets.HiddenField(name="dest_group_dn")
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
index 1515b04c..d7149265 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
@@ -19,6 +19,7 @@ import ipagui.forms.delegate
 import ipa.aci
 
 import ldap.dn
+import operator
 
 log = logging.getLogger(__name__)
 
@@ -63,11 +64,34 @@ class DelegationController(IPAController):
                     tg_template='ipagui.templates.delegatenew')
 
         try:
+            aci_entry = client.get_aci_entry(aci_fields)
+
             new_aci = ipa.aci.ACI()
             new_aci.name = kw.get('name')
             new_aci.source_group = kw.get('source_group_dn')
             new_aci.dest_group = kw.get('dest_group_dn')
             new_aci.attrs = kw.get('attrs')
+            if (new_aci.attrs, str):
+                new_aci.attrs = [new_aci.attrs]
+
+            # Look for an existing ACI of the same name
+            aci_str_list = aci_entry.getValues('aci')
+            if aci_str_list is None:
+                aci_str_list = []
+            if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+                aci_str_list = [aci_str_list]
+
+            for aci_str in aci_str_list:
+                try:
+                    old_aci = ipa.aci.ACI(aci_str)
+                    if old_aci.name == new_aci.name:
+                        turbogears.flash("Delgate add failed: a delegation of that name already exists")
+                        return dict(form=delegate_form, delegate=kw,
+                                tg_template='ipagui.templates.delegatenew')
+                except SyntaxError:
+                    # ignore aci_str's that ACI can't parse
+                    pass
+
 
             # not pulling down existing aci attributes
             aci_entry = client.get_aci_entry(['dn'])
@@ -75,7 +99,7 @@ class DelegationController(IPAController):
 
             client.update_entry(aci_entry)
         except ipaerror.IPAError, e:
-            turbogears.flash("Delgate add failed: " + str(e))
+            turbogears.flash("Delgate add failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=delegate_form, delegate=kw,
                     tg_template='ipagui.templates.delegatenew')
 
@@ -105,7 +129,7 @@ class DelegationController(IPAController):
 
             return dict(form=delegate_form, delegate=delegate)
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation edit failed: " + str(e))
+            turbogears.flash("Delegation edit failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/delegate/list')
 
 
@@ -162,7 +186,7 @@ class DelegationController(IPAController):
             turbogears.flash("delegate updated")
             raise turbogears.redirect('/delegate/list')
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation update failed: " + str(e))
+            turbogears.flash("Delegation update failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=delegate_form, delegate=kw,
                         tg_template='ipagui.templates.delegateedit')
 
@@ -175,7 +199,7 @@ class DelegationController(IPAController):
         try:
             aci_entry = client.get_aci_entry(aci_fields)
         except ipaerror.IPAError, e:
-            turbogears.flash("Delegation list failed: " + str(e))
+            turbogears.flash("Delegation list failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/')
 
         aci_str_list = aci_entry.getValues('aci')
@@ -194,6 +218,7 @@ class DelegationController(IPAController):
                 pass
         group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
+        aci_list = sorted(aci_list, key=operator.itemgetter(0))
         # The list page needs to display field labels, not raw
         # LDAP attributes
         for aci in aci_list:
@@ -237,7 +262,7 @@ class DelegationController(IPAController):
             turbogears.flash("delegate deleted")
             raise turbogears.redirect('/delegate/list')
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation deletion failed: " + str(e))
+            turbogears.flash("Delegation deletion failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/delegate/list')
 
     @expose("ipagui.templates.delegategroupsearch")