diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-12-20 13:53:35 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2010-12-20 15:18:42 -0500 |
commit | ffd467bd7e12faad3f1574fe3c1e505820bdf459 (patch) | |
tree | b13ac45f2a75c4d7e5e26c3f652615218b80e1ca | |
parent | 3a9210f06f2a1d28689d8b12179607b77078f8ea (diff) | |
download | freeipa-ffd467bd7e12faad3f1574fe3c1e505820bdf459.tar.gz freeipa-ffd467bd7e12faad3f1574fe3c1e505820bdf459.tar.xz freeipa-ffd467bd7e12faad3f1574fe3c1e505820bdf459.zip |
Translate the membergroup dn into a group name.
Drop filter from the output, it is superfluous.
ticket 634
-rw-r--r-- | ipalib/plugins/delegation.py | 33 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_delegation_plugin.py | 17 |
2 files changed, 29 insertions, 21 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index c233784d1..468e0174b 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -50,7 +50,7 @@ from ipalib import api, crud, errors from ipalib import output from ipalib import Object, Command -def convert_delegation(aci): +def convert_delegation(ldap, aci): """ memberOf is in filter but we want to pull out the group for easier displaying. @@ -61,11 +61,19 @@ def convert_delegation(aci): raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname'])) en = filter.find(')', st) membergroup = filter[st+9:en] - aci['membergroup'] = membergroup + try: + (dn, entry_attrs) = ldap.get_entry(membergroup, ['cn']) + except Exception, e: + # Uh oh, the group we're granting access to has an error + msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e)) + raise errors.NonFatalError(reason=msg) + aci['membergroup'] = entry_attrs['cn'] + + del aci['filter'] return aci -def is_delegation(aciname): +def is_delegation(ldap, aciname): """ Determine if the ACI is a Delegation ACI and raise an exception if it isn't. @@ -75,7 +83,7 @@ def is_delegation(aciname): """ result = api.Command['aci_show'](aciname)['result'] if 'filter' in result: - result = convert_delegation(result) + result = convert_delegation(ldap, result) else: raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname)) return result @@ -144,11 +152,12 @@ class delegation_add(crud.Create): msg_summary = _('Added delegation "%(value)s"') def execute(self, aciname, **kw): + ldap = self.api.Backend.ldap2 if not 'permissions' in kw: kw['permissions'] = (u'write',) result = api.Command['aci_add'](aciname, **kw)['result'] if 'filter' in result: - result = convert_delegation(result) + result = convert_delegation(ldap, result) return dict( result=result, @@ -167,7 +176,8 @@ class delegation_del(crud.Delete): msg_summary = _('Deleted delegation "%(value)s"') def execute(self, aciname, **kw): - is_delegation(aciname) + ldap = self.api.Backend.ldap2 + is_delegation(ldap, aciname) result = api.Command['aci_del'](aciname, **kw) return dict( result=True, @@ -185,10 +195,11 @@ class delegation_mod(crud.Update): msg_summary = _('Modified delegation "%(value)s"') def execute(self, aciname, **kw): - is_delegation(aciname) + ldap = self.api.Backend.ldap2 + is_delegation(ldap, aciname) result = api.Command['aci_mod'](aciname, **kw)['result'] if 'filter' in result: - result = convert_delegation(result) + result = convert_delegation(ldap, result) return dict( result=result, value=aciname, @@ -207,12 +218,13 @@ class delegation_find(crud.Search): ) def execute(self, term, **kw): + ldap = self.api.Backend.ldap2 acis = api.Command['aci_find'](term, **kw)['result'] results = [] for aci in acis: try: if 'filter' in aci: - aci = convert_delegation(aci) + aci = convert_delegation(ldap, aci) results.append(aci) except errors.NotFound: pass @@ -237,7 +249,8 @@ class delegation_show(crud.Retrieve): ) def execute(self, aciname, **kw): - result = is_delegation(aciname) + ldap = self.api.Backend.ldap2 + result = is_delegation(ldap, aciname) return dict( result=result, value=aciname, diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py index a4520f430..b2b24d98a 100644 --- a/tests/test_xmlrpc/test_delegation_plugin.py +++ b/tests/test_xmlrpc/test_delegation_plugin.py @@ -26,7 +26,7 @@ from tests.test_xmlrpc import objectclasses from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid delegation1 = u'testdelegation' -memberdn1 = u'cn=admins,cn=groups,cn=accounts,%s' % api.env.basedn +member1 = u'admins' class test_delegation(Declarative): @@ -89,8 +89,7 @@ class test_delegation(Declarative): permissions=[u'write'], aciname=delegation1, group=u'editors', - membergroup=u'%s' % memberdn1, - filter = u'(memberOf=%s)' % memberdn1 + membergroup=[member1], ), ), ), @@ -121,8 +120,7 @@ class test_delegation(Declarative): 'permissions': [u'write'], 'aciname': delegation1, 'group': u'editors', - 'filter': u'(memberOf=%s)' % memberdn1, - 'membergroup': u'%s' % memberdn1 + 'membergroup': [member1], }, ), ), @@ -141,8 +139,7 @@ class test_delegation(Declarative): 'permissions': [u'write'], 'aciname': delegation1, 'group': u'editors', - 'membergroup': u'%s' % memberdn1, - 'filter': u'(memberOf=%s)' % memberdn1 + 'membergroup': [member1], }, ], ), @@ -162,8 +159,7 @@ class test_delegation(Declarative): permissions=[u'read'], aciname=delegation1, group=u'editors', - membergroup=u'%s' % memberdn1, - filter=u'(memberOf=%s)' % memberdn1 + membergroup=[member1], ), ), ), @@ -180,8 +176,7 @@ class test_delegation(Declarative): 'permissions': [u'read'], 'aciname': delegation1, 'group': u'editors', - 'membergroup': u'%s' % memberdn1, - 'filter': u'(memberOf=%s)' % memberdn1 + 'membergroup': [member1], }, ), ), |