From 233a4cb5fd7db54c6e312c105e70db949335d5a8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 23 Mar 2009 15:09:54 -0400
Subject: Raise a more specific error when a user lacks the proper permissions.

The info part of the message will contain details on what permission
failed on what attribute.
---
 ipaserver/ipaldap.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ipaserver/ipaldap.py')

diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index af17988b..01370b86 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -387,6 +387,8 @@ class IPAdmin(SimpleLDAPObject):
                 raise errors2.DuplicateEntry
             else:
                 raise errors.DatabaseError, e
+        except ldap.INSUFFICIENT_ACCESS, e:
+            raise errors2.ACIError(info=e.args[0].get('info',''))
         except ldap.LDAPError, e:
             raise errors.DatabaseError, e
         return True
@@ -428,6 +430,8 @@ class IPAdmin(SimpleLDAPObject):
         # update, making the oldentry stale.
         except ldap.NO_SUCH_ATTRIBUTE:
             raise errors.MidairCollision
+        except ldap.INSUFFICIENT_ACCESS, e:
+            raise errors2.ACIError(info=e.args[0].get('info',''))
         except ldap.LDAPError, e:
             raise errors.DatabaseError, e
         return True
@@ -500,7 +504,7 @@ class IPAdmin(SimpleLDAPObject):
                 self.set_option(ldap.OPT_SERVER_CONTROLS, sctrl)
             self.delete_s(*args)
         except ldap.INSUFFICIENT_ACCESS, e:
-             raise errors.InsufficientAccess, e
+            raise errors2.ACIError(info=e.args[0].get('info',''))
         except ldap.LDAPError, e:
              raise errors.DatabaseError, e
         return True
-- 
cgit