summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2016-06-30 06:37:52 +0200
committerJan Cholasta <jcholast@redhat.com>2016-06-30 16:32:20 +0200
commit0f578ec36ccb3ceb91d64e3967a4fcd01b240895 (patch)
tree492d4aabe215f7b57c7a3fd5198c0cc6b03f2102
parentae5f11b4de1d5e353a2e1b8345e316949f4b75ed (diff)
downloadfreeipa-0f578ec36ccb3ceb91d64e3967a4fcd01b240895.tar.gz
freeipa-0f578ec36ccb3ceb91d64e3967a4fcd01b240895.tar.xz
freeipa-0f578ec36ccb3ceb91d64e3967a4fcd01b240895.zip
user: add object plugin for user_status
Change user_status from a method of user to a method of a new userstatus class, which defines the extra attributes returned by user_status. This fixes user_status CLI output. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
-rw-r--r--API.txt6
-rw-r--r--VERSION4
-rw-r--r--ipaserver/plugins/baseuser.py18
-rw-r--r--ipaserver/plugins/stageuser.py2
-rw-r--r--ipaserver/plugins/user.py52
5 files changed, 50 insertions, 32 deletions
diff --git a/API.txt b/API.txt
index 19922660a..085a7e0d8 100644
--- a/API.txt
+++ b/API.txt
@@ -5863,10 +5863,9 @@ output: Output('result', type=[<type 'dict'>])
output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
output: ListOfPrimaryKeys('value')
command: user_status/1
-args: 1,4,4
-arg: Str('uid', cli_name='login')
+args: 1,3,4
+arg: Str('useruid', cli_name='login')
option: Flag('all', autofill=True, cli_name='all', default=False)
-option: Flag('no_members', autofill=True, default=False)
option: Flag('raw', autofill=True, cli_name='raw', default=False)
option: Str('version?')
output: Output('count', type=[<type 'int'>])
@@ -6615,6 +6614,7 @@ default: user_stage/1
default: user_status/1
default: user_undel/1
default: user_unlock/1
+default: userstatus/1
default: vault/1
default: vault_add_internal/1
default: vault_add_member/1
diff --git a/VERSION b/VERSION
index 5c3aef2e4..656e472ce 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
# #
########################################################
IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=203
-# Last change: host: added authentication indicators
+IPA_API_VERSION_MINOR=204
+# Last change: user: add object plugin for user_status
diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py
index 8087418d1..9c4af66f9 100644
--- a/ipaserver/plugins/baseuser.py
+++ b/ipaserver/plugins/baseuser.py
@@ -61,24 +61,6 @@ baseuser_output_params = (
),
)
-status_baseuser_output_params = (
- Str('server',
- label=_('Server'),
- ),
- Str('krbloginfailedcount',
- label=_('Failed logins'),
- ),
- Str('krblastsuccessfulauth',
- label=_('Last successful authentication'),
- ),
- Str('krblastfailedauth',
- label=_('Last failed authentication'),
- ),
- Str('now',
- label=_('Time now'),
- ),
- )
-
UPG_DEFINITION_DN = DN(('cn', 'UPG Definition'),
('cn', 'Definitions'),
('cn', 'Managed Entries'),
diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py
index 9d5d40453..3b9388f60 100644
--- a/ipaserver/plugins/stageuser.py
+++ b/ipaserver/plugins/stageuser.py
@@ -40,7 +40,6 @@ from .baseuser import (
NO_UPG_MAGIC,
baseuser_pwdchars,
baseuser_output_params,
- status_baseuser_output_params,
baseuser_add_manager,
baseuser_remove_manager)
from ipalib.request import context
@@ -102,7 +101,6 @@ register = Registry()
stageuser_output_params = baseuser_output_params
-status_output_params = status_baseuser_output_params
@register()
class stageuser(baseuser):
diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py
index adc59fcba..7c5221c85 100644
--- a/ipaserver/plugins/user.py
+++ b/ipaserver/plugins/user.py
@@ -38,7 +38,6 @@ from .baseuser import (
NO_UPG_MAGIC,
UPG_DEFINITION_DN,
baseuser_output_params,
- status_baseuser_output_params,
baseuser_pwdchars,
validate_nsaccountlock,
convert_nsaccountlock,
@@ -48,6 +47,7 @@ from .baseuser import (
from .idviews import remove_ipaobject_overrides
from ipalib.plugable import Registry
from .baseldap import (
+ LDAPObject,
pkey_to_value,
LDAPCreate,
LDAPSearch,
@@ -118,8 +118,6 @@ register = Registry()
user_output_params = baseuser_output_params
-status_output_params = status_baseuser_output_params
-
def check_protected_member(user, protected_group_name=u'admins'):
'''
@@ -990,6 +988,38 @@ class user_unlock(LDAPQuery):
@register()
+class userstatus(LDAPObject):
+ parent_object = 'user'
+
+ takes_params = (
+ Bool('preserved?',
+ label=_('Preserved user'),
+ flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
+ ),
+ Str('server',
+ label=_('Server'),
+ flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
+ ),
+ Str('krbloginfailedcount',
+ label=_('Failed logins'),
+ flags={'no_create', 'no_update', 'no_search'},
+ ),
+ Str('krblastsuccessfulauth',
+ label=_('Last successful authentication'),
+ flags={'no_create', 'no_update', 'no_search'},
+ ),
+ Str('krblastfailedauth',
+ label=_('Last failed authentication'),
+ flags={'no_create', 'no_update', 'no_search'},
+ ),
+ Str('now',
+ label=_('Time now'),
+ flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'},
+ ),
+ )
+
+
+@register()
class user_status(LDAPQuery):
__doc__ = _("""
Lockout status of a user account
@@ -1013,12 +1043,20 @@ class user_status(LDAPQuery):
login attempt is older than the lockouttime of the password policy. This
means that the user may attempt a login again. """)
+ obj_name = 'userstatus'
+ attr_name = 'find'
+
has_output = output.standard_list_of_entries
- has_output_params = LDAPSearch.has_output_params + status_output_params
+
+ def get_args(self):
+ for arg in super(user_status, self).get_args():
+ if arg.name == 'useruid':
+ arg = arg.clone(cli_name='login')
+ yield arg
def execute(self, *keys, **options):
ldap = self.obj.backend
- dn = self.obj.get_either_dn(*keys, **options)
+ dn = self.api.Object.user.get_either_dn(*keys, **options)
attr_list = ['krbloginfailedcount', 'krblastsuccessfulauth', 'krblastfailedauth', 'nsaccountlock']
disabled = False
@@ -1074,11 +1112,11 @@ class user_status(LDAPQuery):
convert_nsaccountlock(entry)
if 'nsaccountlock' in entry:
disabled = entry['nsaccountlock']
- self.obj.get_preserved_attribute(entry, options)
+ self.api.Object.user.get_preserved_attribute(entry, options)
entries.append(newresult)
count += 1
except errors.NotFound:
- self.obj.handle_not_found(*keys)
+ self.api.Object.user.handle_not_found(*keys)
except Exception as e:
self.error("user_status: Retrieving status for %s failed with %s" % (dn, str(e)))
newresult = {'dn': dn}