diff options
author | Jan Cholasta <jcholast@redhat.com> | 2016-04-28 10:30:05 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-06-03 09:00:34 +0200 |
commit | 6e44557b601f769d23ee74555a72e8b5cc62c0c9 (patch) | |
tree | eedd3e054b0709341b9f58c190ea54f999f7d13a /ipaserver/plugins/delegation.py | |
parent | ec841e5d7ab29d08de294b3fa863a631cd50e30a (diff) | |
download | freeipa-6e44557b601f769d23ee74555a72e8b5cc62c0c9.tar.gz freeipa-6e44557b601f769d23ee74555a72e8b5cc62c0c9.tar.xz freeipa-6e44557b601f769d23ee74555a72e8b5cc62c0c9.zip |
ipalib: move server-side plugins to ipaserver
Move the remaining plugin code from ipalib.plugins to ipaserver.plugins.
Remove the now unused ipalib.plugins package.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/plugins/delegation.py')
-rw-r--r-- | ipaserver/plugins/delegation.py | 226 |
1 files changed, 226 insertions, 0 deletions
diff --git a/ipaserver/plugins/delegation.py b/ipaserver/plugins/delegation.py new file mode 100644 index 000000000..0443f0e48 --- /dev/null +++ b/ipaserver/plugins/delegation.py @@ -0,0 +1,226 @@ +# Authors: +# Rob Crittenden <rcritten@redhat.com> +# Martin Kosek <mkosek@redhat.com> +# +# Copyright (C) 2010 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from ipalib import _, ngettext +from ipalib import Str +from ipalib import api, crud +from ipalib import output +from ipalib import Object +from ipalib.plugable import Registry +from .baseldap import gen_pkey_only_option, pkey_to_value + +__doc__ = _(""" +Group to Group Delegation + +A permission enables fine-grained delegation of permissions. Access Control +Rules, or instructions (ACIs), grant permission to permissions to perform +given tasks such as adding a user, modifying a group, etc. + +Group to Group Delegations grants the members of one group to update a set +of attributes of members of another group. + +EXAMPLES: + + Add a delegation rule to allow managers to edit employee's addresses: + ipa delegation-add --attrs=street --group=managers --membergroup=employees "managers edit employees' street" + + When managing the list of attributes you need to include all attributes + in the list, including existing ones. Add postalCode to the list: + ipa delegation-mod --attrs=street --attrs=postalCode --group=managers --membergroup=employees "managers edit employees' street" + + Display our updated rule: + ipa delegation-show "managers edit employees' street" + + Delete a rule: + ipa delegation-del "managers edit employees' street" +""") + +register = Registry() + +ACI_PREFIX=u"delegation" + +output_params = ( + Str('aci', + label=_('ACI'), + ), +) + +@register() +class delegation(Object): + """ + Delegation object. + """ + + bindable = False + object_name = _('delegation') + object_name_plural = _('delegations') + label = _('Delegations') + label_singular = _('Delegation') + + takes_params = ( + Str('aciname', + cli_name='name', + label=_('Delegation name'), + doc=_('Delegation name'), + primary_key=True, + ), + Str('permissions*', + cli_name='permissions', + label=_('Permissions'), + doc=_('Permissions to grant (read, write). Default is write.'), + ), + Str('attrs+', + cli_name='attrs', + label=_('Attributes'), + doc=_('Attributes to which the delegation applies'), + normalizer=lambda value: value.lower(), + ), + Str('memberof', + cli_name='membergroup', + label=_('Member user group'), + doc=_('User group to apply delegation to'), + ), + Str('group', + cli_name='group', + label=_('User group'), + doc=_('User group ACI grants access to'), + ), + ) + + def __json__(self): + json_friendly_attributes = ( + 'label', 'label_singular', 'takes_params', 'bindable', 'name', + 'object_name', 'object_name_plural', + ) + json_dict = dict( + (a, getattr(self, a)) for a in json_friendly_attributes + ) + json_dict['primary_key'] = self.primary_key.name + + json_dict['methods'] = [m for m in self.methods] + return json_dict + + def postprocess_result(self, result): + try: + # do not include prefix in result + del result['aciprefix'] + except KeyError: + pass + + + +@register() +class delegation_add(crud.Create): + __doc__ = _('Add a new delegation.') + + msg_summary = _('Added delegation "%(value)s"') + has_output_params = output_params + + def execute(self, aciname, **kw): + if not 'permissions' in kw: + kw['permissions'] = (u'write',) + kw['aciprefix'] = ACI_PREFIX + result = api.Command['aci_add'](aciname, **kw)['result'] + self.obj.postprocess_result(result) + + return dict( + result=result, + value=pkey_to_value(aciname, kw), + ) + + + +@register() +class delegation_del(crud.Delete): + __doc__ = _('Delete a delegation.') + + has_output = output.standard_boolean + msg_summary = _('Deleted delegation "%(value)s"') + + def execute(self, aciname, **kw): + kw['aciprefix'] = ACI_PREFIX + result = api.Command['aci_del'](aciname, **kw) + self.obj.postprocess_result(result) + return dict( + result=True, + value=pkey_to_value(aciname, kw), + ) + + + +@register() +class delegation_mod(crud.Update): + __doc__ = _('Modify a delegation.') + + msg_summary = _('Modified delegation "%(value)s"') + has_output_params = output_params + + def execute(self, aciname, **kw): + kw['aciprefix'] = ACI_PREFIX + result = api.Command['aci_mod'](aciname, **kw)['result'] + self.obj.postprocess_result(result) + + return dict( + result=result, + value=pkey_to_value(aciname, kw), + ) + + + +@register() +class delegation_find(crud.Search): + __doc__ = _('Search for delegations.') + + msg_summary = ngettext( + '%(count)d delegation matched', '%(count)d delegations matched', 0 + ) + + takes_options = (gen_pkey_only_option("name"),) + has_output_params = output_params + + def execute(self, term=None, **kw): + kw['aciprefix'] = ACI_PREFIX + results = api.Command['aci_find'](term, **kw)['result'] + + for aci in results: + self.obj.postprocess_result(aci) + + return dict( + result=results, + count=len(results), + truncated=False, + ) + + + +@register() +class delegation_show(crud.Retrieve): + __doc__ = _('Display information about a delegation.') + + has_output_params = output_params + + def execute(self, aciname, **kw): + result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX, **kw)['result'] + self.obj.postprocess_result(result) + return dict( + result=result, + value=pkey_to_value(aciname, kw), + ) + |