From 95bb8d0f45c3061035633c7b9c3b1609b11a158d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 11 May 2012 15:28:03 -0400
Subject: Fix overlapping cn param/option issue, pass cn as aciname in find

permission-find --name wasn't working for two reasons. The first
was that the cn to search on in options ended up overlapping the
primary key name causing the request to fail.

The second reason was aci uses aciname, not cn, as its name field.
So searching on --name matched everything because it was as if you
were searching on nothing.

https://fedorahosted.org/freeipa/ticket/2320
---
 ipalib/plugins/permission.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'ipalib/plugins/permission.py')

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 2cf42bbc..9bf17944 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -387,10 +387,17 @@ class permission_find(LDAPSearch):
             del opts['raw']
         except:
             pass
+        if 'cn' in options:
+            # the attribute for name is difference in acis
+            opts['aciname'] = options['cn']
         aciresults = self.api.Command.aci_find(*args, **opts)
         truncated = truncated or aciresults['truncated']
         results = aciresults['result']
 
+        if 'cn' in options:
+            # there is an option/param overlap if --name is in the
+            # search list, we don't need cn anymore so drop it.
+            options.pop('cn')
         for aci in results:
             found = False
             if 'permission' in aci:
-- 
cgit