diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-12-13 11:10:28 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-12-13 15:08:52 +0100 |
commit | d38748d64f5c7fb098b839b3c00a1f812d510d3b (patch) | |
tree | 48c205c3ac981bee6a732e98903e4407b3ff0a5e /ipalib | |
parent | 7fc35ced1d83d9901f4a1bf59482c3c4666d6079 (diff) | |
download | freeipa-d38748d64f5c7fb098b839b3c00a1f812d510d3b.tar.gz freeipa-d38748d64f5c7fb098b839b3c00a1f812d510d3b.tar.xz freeipa-d38748d64f5c7fb098b839b3c00a1f812d510d3b.zip |
Make sure SYSTEM permissions can be retreived with --all --raw
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/permission.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index f3f001b74..bdde3e32e 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -310,8 +310,16 @@ class permission(baseldap.LDAPObject): if options.get('raw'): # Retreive the ACI from LDAP to ensure we get the real thing - acientry, acistring = self._get_aci_entry_and_string(entry) - entry.single_value['aci'] = acistring + try: + acientry, acistring = self._get_aci_entry_and_string(entry) + except errors.NotFound: + if list(entry.get('ipapermissiontype')) == ['SYSTEM']: + # SYSTEM permissions don't have normal ACIs + pass + else: + raise + else: + entry.single_value['aci'] = acistring if not client_has_capability(options['version'], 'permissions2'): # Legacy clients expect some attributes as a single value |