From 9c0e86530ec693606ca4f69e74a9dfe4118a21aa Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 18 Jan 2017 13:24:29 +0100 Subject: stageuser: Add stageuser-{add,remove}-cert Move {add,remove}-cert implementation from user to baseuser and inherit {,stage}user-{add,remove}-cert from it. https://fedorahosted.org/freeipa/ticket/6623 Reviewed-By: Martin Basti --- ipaserver/plugins/baseuser.py | 36 +++++++++++++++++++++++++++++++++++- ipaserver/plugins/stageuser.py | 14 ++++++++++++++ ipaserver/plugins/user.py | 42 +++++------------------------------------- 3 files changed, 54 insertions(+), 38 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index 85ad41768..75cf7d81a 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -26,7 +26,7 @@ from ipalib.plugable import Registry from .baseldap import ( DN, LDAPObject, LDAPCreate, LDAPUpdate, LDAPSearch, LDAPDelete, LDAPRetrieve, LDAPAddAttribute, LDAPRemoveAttribute, LDAPAddMember, - LDAPRemoveMember) + LDAPRemoveMember, LDAPAddAttributeViaOption, LDAPRemoveAttributeViaOption) from ipaserver.plugins.service import ( validate_certificate, validate_realm, normalize_principal) from ipalib.request import context @@ -694,3 +694,37 @@ class baseuser_remove_principal(LDAPRemoveAttribute): def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): ensure_last_krbprincipalname(ldap, entry_attrs, *keys) return dn + + +class baseuser_add_cert(LDAPAddAttributeViaOption): + attribute = 'usercertificate' + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, + **options): + self.obj.convert_usercertificate_pre(entry_attrs) + + return dn + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + assert isinstance(dn, DN) + + self.obj.convert_usercertificate_post(entry_attrs, **options) + + return dn + + +class baseuser_remove_cert(LDAPRemoveAttributeViaOption): + attribute = 'usercertificate' + + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, + **options): + self.obj.convert_usercertificate_pre(entry_attrs) + + return dn + + def post_callback(self, ldap, dn, entry_attrs, *keys, **options): + assert isinstance(dn, DN) + + self.obj.convert_usercertificate_post(entry_attrs, **options) + + return dn diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index afd402ea2..b2f75a169 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -39,6 +39,8 @@ from .baseuser import ( baseuser_show, NO_UPG_MAGIC, baseuser_output_params, + baseuser_add_cert, + baseuser_remove_cert, baseuser_add_manager, baseuser_remove_manager) from ipalib.request import context @@ -744,3 +746,15 @@ class stageuser_add_manager(baseuser_add_manager): @register() class stageuser_remove_manager(baseuser_remove_manager): __doc__ = _("Remove a manager to the stage user entry") + + +@register() +class stageuser_add_cert(baseuser_add_cert): + __doc__ = _("Add one or more certificates to the stageuser entry") + msg_summary = _('Added certificates to stageuser "%(value)s"') + + +@register() +class stageuser_remove_cert(baseuser_remove_cert): + __doc__ = _("Remove one or more certificates to the stageuser entry") + msg_summary = _('Removed certificates from stageuser "%(value)s"') diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index 64405483a..1ef71d2a5 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -43,6 +43,8 @@ from .baseuser import ( fix_addressbook_permission_bindrule, baseuser_add_manager, baseuser_remove_manager, + baseuser_add_cert, + baseuser_remove_cert, baseuser_add_principal, baseuser_remove_principal) from .idviews import remove_ipaobject_overrides @@ -53,9 +55,7 @@ from .baseldap import ( LDAPCreate, LDAPSearch, LDAPQuery, - LDAPMultiQuery, - LDAPAddAttributeViaOption, - LDAPRemoveAttributeViaOption) + LDAPMultiQuery) from . import baseldap from ipalib.request import context from ipalib import _, ngettext @@ -1157,47 +1157,15 @@ class user_status(LDAPQuery): @register() -class user_add_cert(LDAPAddAttributeViaOption): +class user_add_cert(baseuser_add_cert): __doc__ = _('Add one or more certificates to the user entry') msg_summary = _('Added certificates to user "%(value)s"') - attribute = 'usercertificate' - - def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, - **options): - dn = self.obj.get_either_dn(*keys, **options) - - self.obj.convert_usercertificate_pre(entry_attrs) - - return dn - - def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - - self.obj.convert_usercertificate_post(entry_attrs, **options) - - return dn @register() -class user_remove_cert(LDAPRemoveAttributeViaOption): +class user_remove_cert(baseuser_remove_cert): __doc__ = _('Remove one or more certificates to the user entry') msg_summary = _('Removed certificates from user "%(value)s"') - attribute = 'usercertificate' - - def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, - **options): - dn = self.obj.get_either_dn(*keys, **options) - - self.obj.convert_usercertificate_pre(entry_attrs) - - return dn - - def post_callback(self, ldap, dn, entry_attrs, *keys, **options): - assert isinstance(dn, DN) - - self.obj.convert_usercertificate_post(entry_attrs, **options) - - return dn @register() -- cgit