diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-03-23 15:09:54 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2009-03-25 11:02:44 -0400 |
commit | 233a4cb5fd7db54c6e312c105e70db949335d5a8 (patch) | |
tree | a7e4a10d89d4b3ef7fb65054b02153934d2af748 | |
parent | 65e6259075e148d2bb88d3644837d62472f4c8d7 (diff) | |
download | freeipa.git-233a4cb5fd7db54c6e312c105e70db949335d5a8.tar.gz freeipa.git-233a4cb5fd7db54c6e312c105e70db949335d5a8.tar.xz freeipa.git-233a4cb5fd7db54c6e312c105e70db949335d5a8.zip |
Raise a more specific error when a user lacks the proper permissions.
The info part of the message will contain details on what permission
failed on what attribute.
-rw-r--r-- | ipalib/errors.py | 4 | ||||
-rw-r--r-- | ipalib/errors2.py | 1 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 6 |
3 files changed, 6 insertions, 5 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index 722de765..c27d85de 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -396,10 +396,6 @@ class DefaultGroup(ConfigurationError): """You cannot remove the default users group""" faultCode = 1025 -class InsufficientAccess(GenericError): - """You do not have permission to perform this task""" - faultCode = 1027 - class InvalidUserPrincipal(GenericError): """Invalid user principal""" faultCode = 1028 diff --git a/ipalib/errors2.py b/ipalib/errors2.py index 260a51e8..33db5ccf 100644 --- a/ipalib/errors2.py +++ b/ipalib/errors2.py @@ -475,6 +475,7 @@ class ACIError(AuthorizationError): """ errno = 2100 + format = _('Insufficient access: %(info)r') diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index af17988b..01370b86 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -387,6 +387,8 @@ class IPAdmin(SimpleLDAPObject): raise errors2.DuplicateEntry else: raise errors.DatabaseError, e + except ldap.INSUFFICIENT_ACCESS, e: + raise errors2.ACIError(info=e.args[0].get('info','')) except ldap.LDAPError, e: raise errors.DatabaseError, e return True @@ -428,6 +430,8 @@ class IPAdmin(SimpleLDAPObject): # update, making the oldentry stale. except ldap.NO_SUCH_ATTRIBUTE: raise errors.MidairCollision + except ldap.INSUFFICIENT_ACCESS, e: + raise errors2.ACIError(info=e.args[0].get('info','')) except ldap.LDAPError, e: raise errors.DatabaseError, e return True @@ -500,7 +504,7 @@ class IPAdmin(SimpleLDAPObject): self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl) self.delete_s(*args) except ldap.INSUFFICIENT_ACCESS, e: - raise errors.InsufficientAccess, e + raise errors2.ACIError(info=e.args[0].get('info','')) except ldap.LDAPError, e: raise errors.DatabaseError, e return True |