diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2017-03-09 19:02:49 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-14 18:37:10 +0100 |
| commit | 544d66b7109300e570fb6849f0f9bab8020f3b66 (patch) | |
| tree | 3f6d8df2ce9eeda44fcfc133928e22cbc4ee4455 /ipaserver | |
| parent | 1b5f56d15455b6019dd532cb9635fa2c44cb0022 (diff) | |
| download | freeipa-544d66b7109300e570fb6849f0f9bab8020f3b66.tar.gz freeipa-544d66b7109300e570fb6849f0f9bab8020f3b66.tar.xz freeipa-544d66b7109300e570fb6849f0f9bab8020f3b66.zip | |
idview: add domain_resolution_order attribute
`idview-add` and `idview-mod` can now set and validate the attribute.
The required objectclass is added on-demand after modification
https://pagure.io/freeipa/issue/6372
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/plugins/idviews.py | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/ipaserver/plugins/idviews.py b/ipaserver/plugins/idviews.py index b38a4ad17..732043283 100644 --- a/ipaserver/plugins/idviews.py +++ b/ipaserver/plugins/idviews.py @@ -95,7 +95,8 @@ class idview(LDAPObject): object_name = _('ID View') object_name_plural = _('ID Views') object_class = ['ipaIDView', 'top'] - default_attributes = ['cn', 'description'] + possible_objectclasses = ['ipaNameResolutionData'] + default_attributes = ['cn', 'description', 'ipadomainresolutionorder'] rdn_is_primary_key = True label = _('ID Views') @@ -123,6 +124,14 @@ class idview(LDAPObject): label=_('Hosts the view applies to'), flags={'virtual_attribute', 'no_create', 'no_update', 'no_search'}, ), + Str( + 'ipadomainresolutionorder?', + cli_name='domain_resolution_order', + label=_('Domain resolution order'), + doc=_('colon-separated list of domains used for short name' + ' qualification'), + flags={'no_search'} + ) ) permission_filter_objectclasses = ['nsContainer'] @@ -131,17 +140,34 @@ class idview(LDAPObject): 'ipapermbindruletype': 'all', 'ipapermright': {'read', 'search', 'compare'}, 'ipapermdefaultattr': { - 'cn', 'description', 'objectClass', + 'cn', 'description', 'ipadomainresolutionorder', 'objectClass', }, }, } + def ensure_possible_objectclasses(self, ldap, dn, entry_attrs): + orig_entry_attrs = ldap.get_entry(dn, ['objectclass']) + + orig_objectclasses = { + o.lower() for o in orig_entry_attrs.get('objectclass', [])} + + entry_attrs['objectclass'] = orig_entry_attrs['objectclass'] + + for obj_class_name in self.possible_objectclasses: + if obj_class_name.lower() not in orig_objectclasses: + entry_attrs['objectclass'].append(obj_class_name) + @register() class idview_add(LDAPCreate): __doc__ = _('Add a new ID View.') msg_summary = _('Added ID View "%(value)s"') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + self.api.Object.config.validate_domain_resolution_order(entry_attrs) + + return dn + @register() class idview_del(LDAPDelete): @@ -166,6 +192,9 @@ class idview_mod(LDAPUpdate): if key.lower() == DEFAULT_TRUST_VIEW_NAME: raise protected_default_trust_view_error + self.api.Object.config.validate_domain_resolution_order(entry_attrs) + self.obj.ensure_possible_objectclasses(ldap, dn, entry_attrs) + return dn |