The last allowed/mapping rule can be removed in SPs

If you created rule(s) in an SP for either allowed attributes or
attribute mapping there was no way to remove the last rule meaning
it could never go back to use the global defaults.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

3 files changed, 41 insertions, 25 deletions

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index f0456c1..f8163f7 100644
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -172,15 +172,21 @@ class SPAdminPage(AdminPage):
                     value = get_complex_list_value(name,
                                                    current,
                                                    **kwargs)
+                    # if current value is None do nothing
                     if value is None:
-                        continue
+                        if option.get_value() is None:
+                            continue
+                        # else pass and let it continue as None
                 elif type(option) is pconfig.MappingList:
                     current = deepcopy(option.get_value())
                     value = get_mapping_list_value(name,
                                                    current,
                                                    **kwargs)
+                    # if current value is None do nothing
                     if value is None:
-                        continue
+                        if option.get_value() is None:
+                            continue
+                        # else pass and let it continue as None
                 else:
                     continue
 
@@ -210,26 +216,28 @@ class SPAdminPage(AdminPage):
                 # Make changes in current config
                 for name, option in conf.iteritems():
                     value = new_db_values.get(name, False)
-                    if value:
-                        if name == 'Name':
-                            if not self.sp.is_valid_name(value):
-                                raise InvalidValueFormat(
-                                    'Invalid name! Use only numbers and'
-                                    ' letters'
-                                )
-                            self.sp.name = value
-                            self.url = '%s/sp/%s' % (self.parent.url, value)
-                            self.parent.rename_sp(option.get_value(), value)
-                        elif name == 'User Owner':
-                            self.sp.owner = value
-                        elif name == 'Default NameID':
-                            self.sp.default_nameid = value
-                        elif name == 'Allowed NameIDs':
-                            self.sp.allowed_nameids = value
-                        elif name == 'Attribute Mapping':
-                            self.sp.attribute_mappings = value
-                        elif name == 'Allowed Attributes':
-                            self.sp.allowed_attributes = value
+                    # A value of None means remove from the data store
+                    if value is False or value == []:
+                        continue
+                    if name == 'Name':
+                        if not self.sp.is_valid_name(value):
+                            raise InvalidValueFormat(
+                                'Invalid name! Use only numbers and'
+                                ' letters'
+                            )
+                        self.sp.name = value
+                        self.url = '%s/sp/%s' % (self.parent.url, value)
+                        self.parent.rename_sp(option.get_value(), value)
+                    elif name == 'User Owner':
+                        self.sp.owner = value
+                    elif name == 'Default NameID':
+                        self.sp.default_nameid = value
+                    elif name == 'Allowed NameIDs':
+                        self.sp.allowed_nameids = value
+                    elif name == 'Attribute Mapping':
+                        self.sp.attribute_mappings = value
+                    elif name == 'Allowed Attributes':
+                        self.sp.allowed_attributes = value
             except InvalidValueFormat, e:
                 message = str(e)
                 message_type = ADMIN_STATUS_WARN
diff --git a/ipsilon/util/config.py b/ipsilon/util/config.py
index 523601d..5366a96 100644
--- a/ipsilon/util/config.py
+++ b/ipsilon/util/config.py
@@ -178,6 +178,8 @@ class List(Option):
 class ComplexList(List):
 
     def _check_value(self, value):
+        if value is None:
+            return
         if type(value) is not list:
             raise ValueError('The value type must be a list, not "%s"' %
                              type(value))
@@ -202,6 +204,8 @@ class ComplexList(List):
 class MappingList(ComplexList):
 
     def _check_value(self, value):
+        if value is None:
+            return
         if type(value) is not list:
             raise ValueError('The value type must be a list, not "%s"' %
                              type(value))
diff --git a/ipsilon/util/data.py b/ipsilon/util/data.py
index 72e7f96..b06f00c 100644
--- a/ipsilon/util/data.py
+++ b/ipsilon/util/data.py
@@ -377,10 +377,14 @@ class Store(Log):
                 datum = data[uid]
                 for name in datum:
                     if name in curvals:
-                        q.update({'value': datum[name]},
-                                 {'uuid': uid, 'name': name})
+                        if datum[name] is None:
+                            q.delete({'uuid': uid, 'name': name})
+                        else:
+                            q.update({'value': datum[name]},
+                                     {'uuid': uid, 'name': name})
                     else:
-                        q.insert((uid, name, datum[name]))
+                        if datum[name] is not None:
+                            q.insert((uid, name, datum[name]))
 
             q.commit()
         except Exception, e:  # pylint: disable=broad-except