diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-02-24 10:36:47 +0100 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 14:18:12 +0100 |
| commit | 427317efa67c0f4b0dc27f7e605c30c944e64536 (patch) | |
| tree | 9986b61e880b94067e9f5b3e0918ec868c22f35c /ipalib | |
| parent | 4f302f650070ea50975c0f2bd778a4f864040e43 (diff) | |
| download | freeipa-427317efa67c0f4b0dc27f7e605c30c944e64536.tar.gz freeipa-427317efa67c0f4b0dc27f7e605c30c944e64536.tar.xz freeipa-427317efa67c0f4b0dc27f7e605c30c944e64536.zip | |
permission-find: Fix handling of the search term for legacy permissions
Previously the search term was only applied to the name.
Fix it so that it filters results based on any attribute.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/permission.py | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 1697311d8..b9aedbee7 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -1173,8 +1173,9 @@ class permission_find(baseldap.LDAPSearch): filters = ['(objectclass=ipaPermission)', '(!(ipaPermissionType=V2))'] - if args: - filters.append(ldap.make_filter_from_attr('cn', args[0], + if 'name' in options: + filters.append(ldap.make_filter_from_attr('cn', + options['name'], exact=False)) attrs_list = list(self.obj.default_attributes) attrs_list += list(self.obj.attribute_members) @@ -1206,22 +1207,28 @@ class permission_find(baseldap.LDAPSearch): break self.obj.upgrade_permission(entry, output_only=True, cached_acientry=root_entry) - cn = entry.single_value['cn'] - if any(a.lower() in cn.lower() for a in args if a): - entries.append(entry) + # If all given options match, include the entry + # Do a case-insensitive match, on any value if multi-valued + for opt in attribute_options: + optval = options[opt] + if not isinstance(optval, (tuple, list)): + optval = [optval] + value = entry.get(opt) + if not value: + break + if not all(any(str(ov).lower() in str(v).lower() + for v in value) for ov in optval): + break else: - # If all given options match, include the entry - # Do a case-insensitive match, on any value if multi-valued - for opt in attribute_options: - optval = options[opt] - if not isinstance(optval, (tuple, list)): - optval = [optval] - value = entry.get(opt) - if not value: - break - if not all(any(str(ov).lower() in str(v).lower() - for v in value) for ov in optval): - break + # Each search term must be present in some + # attribute value + for arg in args: + if arg: + arg = arg.lower() + if not any(arg in str(value).lower() + for values in entry.values() + for value in values): + break else: entries.append(entry) |