Require uniqueness in the name/comment field of delegations

Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"

5 files changed, 63 insertions, 7 deletions

diff --git a/ipa-admintools/ipa-adddelegation b/ipa-admintools/ipa-adddelegation
index 8dde908f..3ac053e5 100644
--- a/ipa-admintools/ipa-adddelegation
+++ b/ipa-admintools/ipa-adddelegation
@@ -90,6 +90,25 @@ def main():
         new_aci.dest_group = target_grp[1].dn
         new_aci.attrs = attr_list
 
+        aci_entry = client.get_aci_entry(['*', 'aci'])
+
+        # Look for an existing ACI of the same name
+        aci_str_list = aci_entry.getValues('aci')
+        if aci_str_list is None:
+            aci_str_list = []
+        if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+            aci_str_list = [aci_str_list]
+
+        for aci_str in aci_str_list:
+            try:
+                old_aci = ipa.aci.ACI(aci_str)
+                if old_aci.name == new_aci.name:
+                    print "A delegation of that name already exists"
+                    return 2
+            except SyntaxError:
+                # ignore aci_str's that ACI can't parse
+                pass
+
         aci_entry = client.get_aci_entry(['dn'])
         aci_entry.setValue('aci', new_aci.export_to_string())
 
diff --git a/ipa-admintools/ipa-listdelegation b/ipa-admintools/ipa-listdelegation
index 54ab346b..4c059c4a 100644
--- a/ipa-admintools/ipa-listdelegation
+++ b/ipa-admintools/ipa-listdelegation
@@ -23,6 +23,7 @@ from optparse import OptionParser
 import ipa.ipaclient as ipaclient
 import ipa.config
 
+import operator
 import xmlrpclib
 import kerberos
 
@@ -75,7 +76,8 @@ def main():
 
     group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
-    for a in aci_list:
+    # the operator.itemgetter(0) lets us sort by the name field
+    for a in sorted(aci_list, key=operator.itemgetter(0)):
         labels = client.attrs_to_labels(a.attrs)
         print "Delegation Name: " + a.name
         print "Group " + group_dn_to_cn[a.source_group] 
diff --git a/ipa-python/aci.py b/ipa-python/aci.py
index 60e19075..d35da8da 100644
--- a/ipa-python/aci.py
+++ b/ipa-python/aci.py
@@ -37,6 +37,16 @@ class ACI:
         if acistr is not None:
             self.parse_acistr(acistr)
 
+    def __getitem__(self,key):
+        """Fake getting attributes by key for sorting"""
+        if key == 0:
+            return self.name
+        if key == 1:
+            return self.source_group
+        if key == 2:
+            return self.dest_group
+        raise TypeError("Unknown key value %s" % key)
+
     def export_to_string(self):
         """Converts the ACI to a string suitable for an LDAP aci attribute."""
         attrs_str = ' || '.join(self.attrs)
diff --git a/ipa-server/ipa-gui/ipagui/forms/delegate.py b/ipa-server/ipa-gui/ipagui/forms/delegate.py
index 89011f4a..419df4fc 100644
--- a/ipa-server/ipa-gui/ipagui/forms/delegate.py
+++ b/ipa-server/ipa-gui/ipagui/forms/delegate.py
@@ -44,7 +44,7 @@ aci_checkbox_attrs = [(field.name, field.label) for field in aci_attrs]
 aci_name_to_label = dict(aci_checkbox_attrs)
 
 class DelegateFields():
-    name = widgets.TextField(name="name", label="Name")
+    name = widgets.TextField(name="name", label="Delegation Name")
 
     source_group_dn = widgets.HiddenField(name="source_group_dn")
     dest_group_dn = widgets.HiddenField(name="dest_group_dn")
diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
index 1515b04c..d7149265 100644
--- a/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
+++ b/ipa-server/ipa-gui/ipagui/subcontrollers/delegation.py
@@ -19,6 +19,7 @@ import ipagui.forms.delegate
 import ipa.aci
 
 import ldap.dn
+import operator
 
 log = logging.getLogger(__name__)
 
@@ -63,11 +64,34 @@ class DelegationController(IPAController):
                     tg_template='ipagui.templates.delegatenew')
 
         try:
+            aci_entry = client.get_aci_entry(aci_fields)
+
             new_aci = ipa.aci.ACI()
             new_aci.name = kw.get('name')
             new_aci.source_group = kw.get('source_group_dn')
             new_aci.dest_group = kw.get('dest_group_dn')
             new_aci.attrs = kw.get('attrs')
+            if (new_aci.attrs, str):
+                new_aci.attrs = [new_aci.attrs]
+
+            # Look for an existing ACI of the same name
+            aci_str_list = aci_entry.getValues('aci')
+            if aci_str_list is None:
+                aci_str_list = []
+            if not(isinstance(aci_str_list,list) or isinstance(aci_str_list,tuple)):
+                aci_str_list = [aci_str_list]
+
+            for aci_str in aci_str_list:
+                try:
+                    old_aci = ipa.aci.ACI(aci_str)
+                    if old_aci.name == new_aci.name:
+                        turbogears.flash("Delgate add failed: a delegation of that name already exists")
+                        return dict(form=delegate_form, delegate=kw,
+                                tg_template='ipagui.templates.delegatenew')
+                except SyntaxError:
+                    # ignore aci_str's that ACI can't parse
+                    pass
+
 
             # not pulling down existing aci attributes
             aci_entry = client.get_aci_entry(['dn'])
@@ -75,7 +99,7 @@ class DelegationController(IPAController):
 
             client.update_entry(aci_entry)
         except ipaerror.IPAError, e:
-            turbogears.flash("Delgate add failed: " + str(e))
+            turbogears.flash("Delgate add failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=delegate_form, delegate=kw,
                     tg_template='ipagui.templates.delegatenew')
 
@@ -105,7 +129,7 @@ class DelegationController(IPAController):
 
             return dict(form=delegate_form, delegate=delegate)
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation edit failed: " + str(e))
+            turbogears.flash("Delegation edit failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/delegate/list')
 
 
@@ -162,7 +186,7 @@ class DelegationController(IPAController):
             turbogears.flash("delegate updated")
             raise turbogears.redirect('/delegate/list')
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation update failed: " + str(e))
+            turbogears.flash("Delegation update failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             return dict(form=delegate_form, delegate=kw,
                         tg_template='ipagui.templates.delegateedit')
 
@@ -175,7 +199,7 @@ class DelegationController(IPAController):
         try:
             aci_entry = client.get_aci_entry(aci_fields)
         except ipaerror.IPAError, e:
-            turbogears.flash("Delegation list failed: " + str(e))
+            turbogears.flash("Delegation list failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/')
 
         aci_str_list = aci_entry.getValues('aci')
@@ -194,6 +218,7 @@ class DelegationController(IPAController):
                 pass
         group_dn_to_cn = ipa.aci.extract_group_cns(aci_list, client)
 
+        aci_list = sorted(aci_list, key=operator.itemgetter(0))
         # The list page needs to display field labels, not raw
         # LDAP attributes
         for aci in aci_list:
@@ -237,7 +262,7 @@ class DelegationController(IPAController):
             turbogears.flash("delegate deleted")
             raise turbogears.redirect('/delegate/list')
         except (SyntaxError, ipaerror.IPAError), e:
-            turbogears.flash("Delegation deletion failed: " + str(e))
+            turbogears.flash("Delegation deletion failed: " + str(e) + "<br/>" + e.detail[0]['desc'])
             raise turbogears.redirect('/delegate/list')
 
     @expose("ipagui.templates.delegategroupsearch")