permission-mod prompts for all parameters

ipa permission-mod was prompting for all parameters because they had
specified flag 'ask_update'. The flag was removed. Additionally the
exec_callback for permission-mod was updated to unify the behaviour with
other ipa commands (raise exception when no modification was specified).

https://fedorahosted.org/freeipa/ticket/2280

3 files changed, 14 insertions, 21 deletions

diff --git a/API.txt b/API.txt
index 1d32913c..82a6bc65 100644
--- a/API.txt
+++ b/API.txt
@@ -2097,12 +2097,12 @@ command: permission_mod
 args: 1,15,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
 option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, required=False)
-option: Str('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=False, required=False)
-option: StrEnum('type', alwaysask=True, attribute=True, autofill=False, cli_name='type', multivalue=False, query=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
-option: Str('memberof', alwaysask=True, attribute=True, autofill=False, cli_name='memberof', multivalue=False, query=False, required=False)
-option: Str('filter', alwaysask=True, attribute=True, autofill=False, cli_name='filter', multivalue=False, query=False, required=False)
-option: Str('subtree', alwaysask=True, attribute=True, autofill=False, cli_name='subtree', multivalue=False, query=False, required=False)
-option: Str('targetgroup', alwaysask=True, attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, query=False, required=False)
+option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, required=False)
+option: StrEnum('type', attribute=True, autofill=False, cli_name='type', multivalue=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
+option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', multivalue=False, required=False)
+option: Str('filter', attribute=True, autofill=False, cli_name='filter', multivalue=False, required=False)
+option: Str('subtree', attribute=True, autofill=False, cli_name='subtree', multivalue=False, required=False)
+option: Str('targetgroup', attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, required=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Str('delattr*', cli_name='delattr', exclude='webui')
diff --git a/VERSION b/VERSION
index a8327a05..f27fb473 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=34
+IPA_API_VERSION_MINOR=35
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index ff38f852..18fdcddd 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -133,38 +133,38 @@ class permission(LDAPObject):
             doc=_('Comma-separated list of attributes'),
             csv=True,
             normalizer=lambda value: value.lower(),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
         ),
         StrEnum('type?',
             cli_name='type',
             label=_('Type'),
             doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)'),
             values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord',),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
         ),
         Str('memberof?',
             cli_name='memberof',
             label=_('Member of group'),  # FIXME: Does this label make sense?
             doc=_('Target members of a group'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
         ),
         Str('filter?',
             cli_name='filter',
             label=_('Filter'),
             doc=_('Legal LDAP filter (e.g. ou=Engineering)'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
         ),
         Str('subtree?',
             cli_name='subtree',
             label=_('Subtree'),
             doc=_('Subtree to apply permissions to'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
         ),
         Str('targetgroup?',
             cli_name='targetgroup',
             label=_('Target group'),
             doc=_('User group to apply permissions to'),
-            flags=('ask_create', 'ask_update'),
+            flags=('ask_create'),
         ),
     )
 
@@ -314,14 +314,7 @@ class permission_mod(LDAPUpdate):
         if call_func.func_name == 'update_entry':
             if isinstance(exc, errors.EmptyModlist):
                 aciupdate = getattr(context, 'aciupdate')
-                opts = copy.copy(options)
-                # Clear the aci attributes out of the permission entry
-                for o in self.obj.aci_attributes + ['all', 'raw', 'rights']:
-                    try:
-                        del opts[o]
-                    except:
-                        pass
-                if len(opts) == 0 or aciupdate:
+                if aciupdate:
                     return
         raise exc