Provide available attributes for all objects for use in creating permissions (ACIs). This is provided in the meta data call.

Also tell whether an object is bindable (has password or kerberos key) for use in the future selfservice plugin.


rob
>From 7ccf39c8797b74853d279f1c6698b33d06a1e319 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 2 Dec 2010 11:05:54 -0500
Subject: [PATCH] Provide list of available attributes for use in ACI UI.

Also include flag indicating whether the object is bindable. This will
be used to determine if the object can have a selfservice ACI.

ticket 446
---
 install/share/bootstrap-template.ldif |    1 -
 ipalib/plugins/baseldap.py            |   23 ++++++++++++++++++++++-
 ipalib/plugins/host.py                |    1 +
 ipalib/plugins/internal.py            |    2 +-
 ipalib/plugins/service.py             |    1 +
 ipalib/plugins/user.py                |    1 +
 6 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 7946526..4f10f07 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -218,7 +218,6 @@ ipaUserObjectClasses: inetuser
 ipaUserObjectClasses: posixaccount
 ipaUserObjectClasses: krbprincipalaux
 ipaUserObjectClasses: krbticketpolicyaux
-ipaUserObjectClasses: radiusprofile
 ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 3894e18..7d382f9 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -197,6 +197,8 @@ class LDAPObject(Object):
     uuid_attribute = ''
     attribute_members = {}
     rdnattr = None
+    # Can bind as this entry (has userPassword or krbPrincipalKey)
+    bindable = False
 
     container_not_found_msg = _('container entry (%(container)s) not found')
     parent_not_found_msg = _('%(parent)s: %(oname)s not found')
@@ -293,14 +295,33 @@ class LDAPObject(Object):
         'parent_object', 'container_dn', 'object_name', 'object_name_plural',
         'object_class', 'object_class_config', 'default_attributes', 'label',
         'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
-        'takes_params', 'rdn_attribute',
+        'takes_params', 'rdn_attribute', 'bindable',
     )
+
     def __json__(self):
+        ldap = self.backend
         json_dict = dict(
             (a, getattr(self, a)) for a in self.json_friendly_attributes
         )
         if self.primary_key:
             json_dict['primary_key'] = self.primary_key.name
+        objectclasses = self.object_class
+        if self.object_class_config:
+            config = ldap.get_ipa_config()[1]
+            objectclasses = config.get(
+                self.object_class_config, objectclasses
+            )
+        # Get list of available attributes for this object for use
+        # in the ACI UI.
+        attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
+        attrlist = []
+        # Go through the MUST first
+        for (oid, attr) in attrs[0].iteritems():
+            attrlist.append(attr.names[0])
+        # And now the MAY
+        for (oid, attr) in attrs[1].iteritems():
+            attrlist.append(attr.names[0])
+        json_dict['aciattrs'] = attrlist
         json_dict['methods'] = [m for m in self.methods]
         return json_dict
 
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index a9589c6..437b7d5 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -165,6 +165,7 @@ class host(LDAPObject):
         'memberof': ['hostgroup', 'netgroup', 'role'],
         'managedby': ['host'],
     }
+    bindable = True
 
     label = _('Hosts')
 
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 708d829..ddef160 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -56,7 +56,7 @@ class json_metadata(Command):
                     ((objname, json_serialize(self.api.Object[objname])), )
                 )
             )
-            retval= dict([("metadata",meta), ("messages",dict())])
+            retval= dict([("metadata",meta)])
 
         else:
             meta=dict(
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index fbb1ff2..1e55599 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -237,6 +237,7 @@ class service(LDAPObject):
     attribute_members = {
         'managedby': ['host'],
     }
+    bindable = True
 
     label = _('Services')
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 1bbb9b1..07b8e82 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -73,6 +73,7 @@ class user(LDAPObject):
         'memberof': ['group', 'netgroup', 'role'],
     }
     rdnattr = 'uid'
+    bindable = True
 
     label = _('Users')
 
-- 
1.7.2.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to