From fc28fae03fd1510d571a5011ef9d712c7778e578 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 20 Jan 2011 16:35:34 -0500
Subject: Add some basic filter validation to permissions and disallow empty
 filters

Try a query with a filter to see if it is at least legal. This doesn't
guarantee that the filter is at all otherwise sane.

ticket 808
---
 ipalib/errors.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'ipalib/errors.py')

diff --git a/ipalib/errors.py b/ipalib/errors.py
index 225019041..faa9e8119 100644
--- a/ipalib/errors.py
+++ b/ipalib/errors.py
@@ -1347,6 +1347,22 @@ class InvalidSyntax(ExecutionError):
     format = _('%(attr)s: Invalid syntax.')
 
 
+class BadSearchFilter(ExecutionError):
+    """
+    **4209** Raised when an invalid LDAP search filter is used
+
+    For example:
+
+    >>> raise BadSearchFilter(info='')
+    Traceback (most recent call last):
+      ...
+    BadSearchFilter: Bad search filter
+    """
+
+    errno = 4209
+    format = _('Bad search filter %(info)s')
+
+
 class CertificateError(ExecutionError):
     """
     **4300** Base class for Certificate execution errors (*4300 - 4399*).
-- 
cgit