summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Viktorin <pviktori@redhat.com>2014-01-21 12:13:47 +0100
committerMartin Kosek <mkosek@redhat.com>2014-02-21 14:33:49 +0100
commit773e006ddd98cf9beabfada9d2830276826ab043 (patch)
treee5a3bb82c9cd49f282343a70d814b6009ad806bb
parenteef5acd9d73c81133969521ed9fc7e82d5f180ab (diff)
downloadfreeipa.git-773e006ddd98cf9beabfada9d2830276826ab043.zip
freeipa.git-773e006ddd98cf9beabfada9d2830276826ab043.tar.gz
freeipa.git-773e006ddd98cf9beabfada9d2830276826ab043.tar.xz
permission plugin: Do not assume attribute-level rights for new attributes are present
With the --all --raw options, the code assumed attribute-level rights were set on ipaPermissionV2 attributes, even on permissions that did not have the objectclass. Add a check that the data is present before using it. https://fedorahosted.org/freeipa/ticket/4121 Reviewed-By: Martin Kosek <mkosek@redhat.com>
-rw-r--r--ipalib/plugins/permission.py17
1 files changed, 10 insertions, 7 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 64deb99..670e3f1 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -342,13 +342,16 @@ class permission(baseldap.LDAPObject):
rights = entry.get('attributelevelrights')
if rights:
- rights['memberof'] = rights['ipapermtargetfilter']
- rights['targetgroup'] = rights['ipapermtarget']
-
- type_rights = set(rights['ipapermtargetfilter'])
- type_rights.intersection_update(rights['ipapermlocation'])
- rights['type'] = ''.join(sorted(
- type_rights, key=rights['ipapermtargetfilter'].index))
+ if 'ipapermtarget' in rights:
+ rights['targetgroup'] = rights['ipapermtarget']
+ if 'ipapermtargetfilter' in rights:
+ rights['memberof'] = rights['ipapermtargetfilter']
+
+ type_rights = set(rights['ipapermtargetfilter'])
+ location_rights = set(rights.get('ipapermlocation', ''))
+ type_rights.intersection_update(location_rights)
+ rights['type'] = ''.join(sorted(
+ type_rights, key=rights['ipapermtargetfilter'].index))
if 'ipapermincludedattr' in rights:
rights['attrs'] = ''.join(sorted(