From 348fcbcbaf5c686cdb077c9bed53ded95ad04b49 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Wed, 8 Apr 2015 16:13:55 -0400 Subject: The last allowed/mapping rule can be removed in SPs If you created rule(s) in an SP for either allowed attributes or attribute mapping there was no way to remove the last rule meaning it could never go back to use the global defaults. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden Reviewed-by: Simo Sorce --- ipsilon/providers/saml2/admin.py | 52 +++++++++++++++++++++++----------------- ipsilon/util/config.py | 4 ++++ ipsilon/util/data.py | 10 +++++--- 3 files changed, 41 insertions(+), 25 deletions(-) diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py index f0456c1..f8163f7 100644 --- a/ipsilon/providers/saml2/admin.py +++ b/ipsilon/providers/saml2/admin.py @@ -172,15 +172,21 @@ class SPAdminPage(AdminPage): value = get_complex_list_value(name, current, **kwargs) + # if current value is None do nothing if value is None: - continue + if option.get_value() is None: + continue + # else pass and let it continue as None elif type(option) is pconfig.MappingList: current = deepcopy(option.get_value()) value = get_mapping_list_value(name, current, **kwargs) + # if current value is None do nothing if value is None: - continue + if option.get_value() is None: + continue + # else pass and let it continue as None else: continue @@ -210,26 +216,28 @@ class SPAdminPage(AdminPage): # Make changes in current config for name, option in conf.iteritems(): value = new_db_values.get(name, False) - if value: - if name == 'Name': - if not self.sp.is_valid_name(value): - raise InvalidValueFormat( - 'Invalid name! Use only numbers and' - ' letters' - ) - self.sp.name = value - self.url = '%s/sp/%s' % (self.parent.url, value) - self.parent.rename_sp(option.get_value(), value) - elif name == 'User Owner': - self.sp.owner = value - elif name == 'Default NameID': - self.sp.default_nameid = value - elif name == 'Allowed NameIDs': - self.sp.allowed_nameids = value - elif name == 'Attribute Mapping': - self.sp.attribute_mappings = value - elif name == 'Allowed Attributes': - self.sp.allowed_attributes = value + # A value of None means remove from the data store + if value is False or value == []: + continue + if name == 'Name': + if not self.sp.is_valid_name(value): + raise InvalidValueFormat( + 'Invalid name! Use only numbers and' + ' letters' + ) + self.sp.name = value + self.url = '%s/sp/%s' % (self.parent.url, value) + self.parent.rename_sp(option.get_value(), value) + elif name == 'User Owner': + self.sp.owner = value + elif name == 'Default NameID': + self.sp.default_nameid = value + elif name == 'Allowed NameIDs': + self.sp.allowed_nameids = value + elif name == 'Attribute Mapping': + self.sp.attribute_mappings = value + elif name == 'Allowed Attributes': + self.sp.allowed_attributes = value except InvalidValueFormat, e: message = str(e) message_type = ADMIN_STATUS_WARN diff --git a/ipsilon/util/config.py b/ipsilon/util/config.py index 523601d..5366a96 100644 --- a/ipsilon/util/config.py +++ b/ipsilon/util/config.py @@ -178,6 +178,8 @@ class List(Option): class ComplexList(List): def _check_value(self, value): + if value is None: + return if type(value) is not list: raise ValueError('The value type must be a list, not "%s"' % type(value)) @@ -202,6 +204,8 @@ class ComplexList(List): class MappingList(ComplexList): def _check_value(self, value): + if value is None: + return if type(value) is not list: raise ValueError('The value type must be a list, not "%s"' % type(value)) diff --git a/ipsilon/util/data.py b/ipsilon/util/data.py index 72e7f96..b06f00c 100644 --- a/ipsilon/util/data.py +++ b/ipsilon/util/data.py @@ -377,10 +377,14 @@ class Store(Log): datum = data[uid] for name in datum: if name in curvals: - q.update({'value': datum[name]}, - {'uuid': uid, 'name': name}) + if datum[name] is None: + q.delete({'uuid': uid, 'name': name}) + else: + q.update({'value': datum[name]}, + {'uuid': uid, 'name': name}) else: - q.insert((uid, name, datum[name])) + if datum[name] is not None: + q.insert((uid, name, datum[name])) q.commit() except Exception, e: # pylint: disable=broad-except -- cgit