From c9807f4b252055107118493b7d6b66309e3e0d27 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 10 Dec 2010 22:52:44 -0500 Subject: Better handle permission object updates versus aci object updates. permissions are a real group pointed to by an aci, managed by the same plugin. Any given update can update one or both or neither. Do a better job at determining what it is that needs to be updated and handle the case where only the ACI is updated so that EmptyModList is not thrown. ticket 603 --- ipalib/plugins/permission.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'ipalib/plugins/permission.py') diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 4ad53c74..18dd577e 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -220,13 +220,16 @@ class permission_mod(LDAPUpdate): msg_summary = _('Modified permission "%(value)s"') def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): - (dn, attrs) = ldap.get_entry( - dn, attrs_list, normalize=self.obj.normalize_dn - ) + try: + (dn, attrs) = ldap.get_entry( + dn, attrs_list, normalize=self.obj.normalize_dn + ) + except errors.NotFound: + self.obj.handle_not_found(*keys) opts = copy.copy(options) if 'description' in opts: del opts['description'] - for o in self.obj.aci_attributes + ['all', 'raw', 'rights']: + for o in ['all', 'raw', 'rights', 'description']: if o in opts: del opts[o] setattr(context, 'aciupdate', False) @@ -249,8 +252,8 @@ class permission_mod(LDAPUpdate): pass if 'description' in options: - (dn, attrs) = ldap.get_entry(dn, ['description']) - self.api.Command.aci_rename(attrs['description'][0], newname=options['description']) + if attrs['description'][0] != options['description']: + self.api.Command.aci_rename(attrs['description'][0], newname=options['description']) return dn @@ -265,7 +268,7 @@ class permission_mod(LDAPUpdate): except: pass - if len(opts) > 0: + if len(opts) > 0 and not aciupdate: raise exc else: raise exc -- cgit