diff options
-rw-r--r-- | ipalib/plugins/delegation.py | 53 | ||||
-rw-r--r-- | ipalib/plugins/permission.py | 36 | ||||
-rw-r--r-- | ipalib/plugins/selfservice.py | 46 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_delegation_plugin.py | 31 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 37 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_selfservice_plugin.py | 29 |
6 files changed, 166 insertions, 66 deletions
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index 660425013..b707cd785 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -55,6 +55,12 @@ EXAMPLES: ACI_PREFIX=u"delegation" +output_params = ( + Str('aci', + label=_('ACI'), + ), +) + class delegation(Object): """ Delegation object. @@ -112,6 +118,13 @@ class delegation(Object): json_dict['methods'] = [m for m in self.methods] return json_dict + def postprocess_result(self, result): + try: + # do not include prefix in result + del result['aciprefix'] + except KeyError: + pass + api.register(delegation) @@ -119,19 +132,14 @@ class delegation_add(crud.Create): __doc__ = _('Add a new delegation.') msg_summary = _('Added delegation "%(value)s"') + has_output_params = output_params def execute(self, aciname, **kw): - ldap = self.api.Backend.ldap2 if not 'permissions' in kw: kw['permissions'] = (u'write',) kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_add'](aciname, **kw)['result'] - - # do not include prefix in result - try: - del result['aciprefix'] - except KeyError: - pass + self.obj.postprocess_result(result) return dict( result=result, @@ -150,6 +158,7 @@ class delegation_del(crud.Delete): def execute(self, aciname, **kw): kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_del'](aciname, **kw) + self.obj.postprocess_result(result) return dict( result=True, value=aciname, @@ -162,16 +171,12 @@ class delegation_mod(crud.Update): __doc__ = _('Modify a delegation.') msg_summary = _('Modified delegation "%(value)s"') + has_output_params = output_params def execute(self, aciname, **kw): kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_mod'](aciname, **kw)['result'] - - # do not include prefix in result - try: - del result['aciprefix'] - except KeyError: - pass + self.obj.postprocess_result(result) return dict( result=result, @@ -189,18 +194,14 @@ class delegation_find(crud.Search): ) takes_options = (gen_pkey_only_option("name"),) + has_output_params = output_params def execute(self, term, **kw): - ldap = self.api.Backend.ldap2 kw['aciprefix'] = ACI_PREFIX results = api.Command['aci_find'](term, **kw)['result'] for aci in results: - # do not include prefix in result - try: - del aci['aciprefix'] - except KeyError: - pass + self.obj.postprocess_result(aci) return dict( result=results, @@ -214,19 +215,11 @@ api.register(delegation_find) class delegation_show(crud.Retrieve): __doc__ = _('Display information about a delegation.') - has_output_params = ( - Str('aci', - label=_('ACI'), - ), - ) + has_output_params = output_params def execute(self, aciname, **kw): - result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX)['result'] - # do not include prefix in result - try: - del result['aciprefix'] - except KeyError: - pass + result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX, **kw)['result'] + self.obj.postprocess_result(result) return dict( result=result, value=aciname, diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index e4d11f0d8..e3b6309e0 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -84,6 +84,9 @@ output_params = ( Str('ipapermissiontype', label=_('Permission Type'), ), + Str('aci', + label=_('ACI'), + ), ) class permission(LDAPObject): @@ -97,7 +100,7 @@ class permission(LDAPObject): default_attributes = ['cn', 'member', 'memberof', 'memberindirect', 'ipapermissiontype', ] - aci_attributes = ['group', 'permissions', 'attrs', 'type', + aci_attributes = ['aci', 'group', 'permissions', 'attrs', 'type', 'filter', 'subtree', 'targetgroup', 'memberof', ] attribute_members = { @@ -180,6 +183,7 @@ class permission_add(LDAPCreate): __doc__ = _('Add a new permission.') msg_summary = _('Added permission "%(value)s"') + has_output_params = LDAPCreate.has_output_params + output_params def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): # Test the ACI before going any further @@ -335,11 +339,15 @@ class permission_mod(LDAPUpdate): newname=options['rename'], newprefix=ACI_PREFIX) cn = options['rename'] # rename finished + print "permission_rename1", entry_attrs + print "permission_rename1 result options", options result = self.api.Command.permission_show(cn, **options)['result'] + print "permission_rename1 result", result for r in result: if not r.startswith('member_'): entry_attrs[r] = result[r] + print "permission_rename2", entry_attrs return dn api.register(permission_mod) @@ -359,7 +367,7 @@ class permission_find(LDAPSearch): for entry in entries: (dn, attrs) = entry try: - aci = self.api.Command.aci_show(attrs['cn'][0], aciprefix=ACI_PREFIX)['result'] + aci = self.api.Command.aci_show(attrs['cn'][0], aciprefix=ACI_PREFIX, **options)['result'] # copy information from respective ACI to permission entry for attr in self.obj.aci_attributes: @@ -372,7 +380,13 @@ class permission_find(LDAPSearch): # aren't already in the list along with their permission info. options['aciprefix'] = ACI_PREFIX - aciresults = self.api.Command.aci_find(*args, **options) + opts = copy.copy(options) + try: + # permission ACI attribute is needed + del opts['raw'] + except: + pass + aciresults = self.api.Command.aci_find(*args, **opts) truncated = truncated or aciresults['truncated'] results = aciresults['result'] @@ -385,15 +399,11 @@ class permission_find(LDAPSearch): found = True break if not found: - permission = self.api.Command.permission_show(aci['permission']) - attrs = permission['result'] - for attr in self.obj.aci_attributes: - if attr in aci: - attrs[attr] = aci[attr] - dn = attrs['dn'] - del attrs['dn'] - if (dn, attrs) not in entries: - entries.append((dn, attrs)) + permission = self.api.Command.permission_show(aci['permission'], **options)['result'] + dn = permission['dn'] + del permission['dn'] + if (dn, permission) not in entries: + entries.append((dn, permission)) api.register(permission_find) @@ -404,7 +414,7 @@ class permission_show(LDAPRetrieve): has_output_params = LDAPRetrieve.has_output_params + output_params def post_callback(self, ldap, dn, entry_attrs, *keys, **options): try: - aci = self.api.Command.aci_show(keys[-1], aciprefix=ACI_PREFIX)['result'] + aci = self.api.Command.aci_show(keys[-1], aciprefix=ACI_PREFIX, **options)['result'] for attr in self.obj.aci_attributes: if attr in aci: entry_attrs[attr] = aci[attr] diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index 2db376479..6f843d469 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -54,17 +54,11 @@ EXAMPLES: ACI_PREFIX=u"selfservice" -def is_selfservice(aciname): - """ - Determine if the ACI is a Self-service ACI and raise an exception if it - isn't. - - Return the result if it is a self-service ACI. - """ - result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX)['result'] - if 'selfaci' not in result or result['selfaci'] == False: - raise errors.NotFound(reason=_('Self-service permission \'%(permission)s\' not found') % dict(permission=aciname)) - return result +output_params = ( + Str('aci', + label=_('ACI'), + ), +) class selfservice(Object): """ @@ -112,6 +106,13 @@ class selfservice(Object): json_dict['methods'] = [m for m in self.methods] return json_dict + def postprocess_result(self, result): + try: + # do not include prefix in result + del result['aciprefix'] + except KeyError: + pass + api.register(selfservice) @@ -119,6 +120,7 @@ class selfservice_add(crud.Create): __doc__ = _('Add a new self-service permission.') msg_summary = _('Added selfservice "%(value)s"') + has_output_params = output_params def execute(self, aciname, **kw): if not 'permissions' in kw: @@ -126,7 +128,7 @@ class selfservice_add(crud.Create): kw['selfaci'] = True kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_add'](aciname, **kw)['result'] - del result['aciprefix'] # do not include prefix in result + self.obj.postprocess_result(result) return dict( result=result, @@ -143,9 +145,9 @@ class selfservice_del(crud.Delete): msg_summary = _('Deleted selfservice "%(value)s"') def execute(self, aciname, **kw): - is_selfservice(aciname) kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_del'](aciname, **kw) + self.obj.postprocess_result(result) return dict( result=True, @@ -159,15 +161,16 @@ class selfservice_mod(crud.Update): __doc__ = _('Modify a self-service permission.') msg_summary = _('Modified selfservice "%(value)s"') + has_output_params = output_params def execute(self, aciname, **kw): - is_selfservice(aciname) if 'attrs' in kw and kw['attrs'] is None: raise errors.RequirementError(name='attrs') kw['aciprefix'] = ACI_PREFIX result = api.Command['aci_mod'](aciname, **kw)['result'] - del result['aciprefix'] # do not include prefix in result + self.obj.postprocess_result(result) + return dict( result=result, value=aciname, @@ -184,6 +187,7 @@ class selfservice_find(crud.Search): ) takes_options = (gen_pkey_only_option("name"),) + has_output_params = output_params def execute(self, term, **kw): kw['selfaci'] = True @@ -191,7 +195,7 @@ class selfservice_find(crud.Search): result = api.Command['aci_find'](term, **kw)['result'] for aci in result: - del aci['aciprefix'] # do not include prefix in result + self.obj.postprocess_result(aci) return dict( result=result, @@ -205,15 +209,11 @@ api.register(selfservice_find) class selfservice_show(crud.Retrieve): __doc__ = _('Display information about a self-service permission.') - has_output_params = ( - Str('aci', - label=_('ACI'), - ), - ) + has_output_params = output_params def execute(self, aciname, **kw): - result = is_selfservice(aciname) - del result['aciprefix'] # do not include prefix in result + result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX, **kw)['result'] + self.obj.postprocess_result(result) return dict( result=result, value=aciname, diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py index dbfa5ff75..1a9c36743 100644 --- a/tests/test_xmlrpc/test_delegation_plugin.py +++ b/tests/test_xmlrpc/test_delegation_plugin.py @@ -127,6 +127,20 @@ class test_delegation(Declarative): dict( + desc='Retrieve %r with --raw' % delegation1, + command=('delegation_show', [delegation1], {'raw' : True}), + expected=dict( + value=delegation1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn) + }, + ), + ), + + + dict( desc='Search for %r' % delegation1, command=('delegation_find', [delegation1], {}), expected=dict( @@ -163,6 +177,23 @@ class test_delegation(Declarative): dict( + desc='Search for %r with --raw' % delegation1, + command=('delegation_find', [delegation1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 delegation matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(targetfilter = "(memberOf=cn=admins,cn=groups,cn=accounts,%s)")(version 3.0;acl "delegation:testdelegation";allow (write) groupdn = "ldap:///cn=editors,cn=groups,cn=accounts,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + + dict( desc='Update %r' % delegation1, command=( 'delegation_mod', [delegation1], dict(permissions=u'read') diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index b71921174..50d368197 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -181,6 +181,23 @@ class test_permission(Declarative): dict( + desc='Retrieve %r with --raw' % permission1, + command=('permission_show', [permission1], {'raw' : True}), + expected=dict( + value=permission1, + summary=None, + result={ + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ), + ), + + + dict( desc='Search for %r' % permission1, command=('permission_find', [permission1], {}), expected=dict( @@ -221,6 +238,26 @@ class test_permission(Declarative): dict( + desc='Search for %r with --raw' % permission1, + command=('permission_find', [permission1], {'raw' : True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 permission matched', + result=[ + { + 'dn': unicode(permission1_dn), + 'cn': [permission1], + 'member': [unicode(privilege1_dn)], + 'aci': u'(target = "ldap:///uid=*,cn=users,cn=accounts,%s")(version 3.0;acl "permission:testperm";allow (write) groupdn = "ldap:///cn=testperm,cn=permissions,cn=pbac,%s";)' \ + % (api.env.basedn, api.env.basedn), + }, + ], + ), + ), + + + dict( desc='Create %r' % permission2, command=( 'permission_add', [permission2], dict( diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py index 670e353d8..2ddff50ea 100644 --- a/tests/test_xmlrpc/test_selfservice_plugin.py +++ b/tests/test_xmlrpc/test_selfservice_plugin.py @@ -120,6 +120,19 @@ class test_selfservice(Declarative): dict( + desc='Retrieve %r with --raw' % selfservice1, + command=('selfservice_show', [selfservice1], {'raw':True}), + expected=dict( + value=selfservice1, + summary=None, + result={ + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)', + }, + ), + ), + + + dict( desc='Search for %r' % selfservice1, command=('selfservice_find', [selfservice1], {}), expected=dict( @@ -173,6 +186,22 @@ class test_selfservice(Declarative): dict( + desc='Search for %r with --raw' % selfservice1, + command=('selfservice_find', [selfservice1], {'raw':True}), + expected=dict( + count=1, + truncated=False, + summary=u'1 selfservice matched', + result=[ + { + 'aci': u'(targetattr = "street || c || l || st || postalcode")(version 3.0;acl "selfservice:testself";allow (write) userdn = "ldap:///self";)' + }, + ], + ), + ), + + + dict( desc='Update %r' % selfservice1, command=( 'selfservice_mod', [selfservice1], dict(permissions=u'read') |