David O'Brien wrote:
Rob Crittenden wrote:
I added some more documentation and examples to the aci plugin on
targets.

ticket 310

rob

NACK

Running behind with reviews, sorry. Just a few minor fixes:

s/targetted/targeted/
s/"This is primarily meant to be able to allow users to add/remove
members of a specific group only."/"This is primarily designed to enable
users to add or remove members of a specific group."

(I _think_ I understood that ok, and didn't change the meaning. Further,
if this target is only designed for this purpose, you don't need
"primarily". If it does something else, what is it?)

I couldn't grok 100% the "subtree" target description.

s/"... the ACI is allowed to do, they are one or more of:"/"... the ACI
is allowed to do, and are one or more of:"

For consistency's sake, s/lets/allows/ etc. Also see below:
allows members of the "addusers" taskgroup
lets members of the editors... group?
lets members of the admin group

You might need to review the examples a bit.

cheers

Updated patch.

rob
>From 973c42462f1e1d7b453c513c9ea74d878b5acf1c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 2 Dec 2010 11:05:54 -0500
Subject: [PATCH] Provide list of available attributes for use in ACI UI.

Also include flag indicating whether the object is bindable. This will
be used to determine if the object can have a selfservice ACI.

ticket 446
---
 install/share/bootstrap-template.ldif |    1 -
 ipalib/plugins/baseldap.py            |   23 ++++++++++++++++++++++-
 ipalib/plugins/host.py                |    1 +
 ipalib/plugins/internal.py            |    2 +-
 ipalib/plugins/service.py             |    1 +
 ipalib/plugins/user.py                |    1 +
 6 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 7946526..4f10f07 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -218,7 +218,6 @@ ipaUserObjectClasses: inetuser
 ipaUserObjectClasses: posixaccount
 ipaUserObjectClasses: krbprincipalaux
 ipaUserObjectClasses: krbticketpolicyaux
-ipaUserObjectClasses: radiusprofile
 ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 3894e18..7d382f9 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -197,6 +197,8 @@ class LDAPObject(Object):
     uuid_attribute = ''
     attribute_members = {}
     rdnattr = None
+    # Can bind as this entry (has userPassword or krbPrincipalKey)
+    bindable = False
 
     container_not_found_msg = _('container entry (%(container)s) not found')
     parent_not_found_msg = _('%(parent)s: %(oname)s not found')
@@ -293,14 +295,33 @@ class LDAPObject(Object):
         'parent_object', 'container_dn', 'object_name', 'object_name_plural',
         'object_class', 'object_class_config', 'default_attributes', 'label',
         'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
-        'takes_params', 'rdn_attribute',
+        'takes_params', 'rdn_attribute', 'bindable',
     )
+
     def __json__(self):
+        ldap = self.backend
         json_dict = dict(
             (a, getattr(self, a)) for a in self.json_friendly_attributes
         )
         if self.primary_key:
             json_dict['primary_key'] = self.primary_key.name
+        objectclasses = self.object_class
+        if self.object_class_config:
+            config = ldap.get_ipa_config()[1]
+            objectclasses = config.get(
+                self.object_class_config, objectclasses
+            )
+        # Get list of available attributes for this object for use
+        # in the ACI UI.
+        attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
+        attrlist = []
+        # Go through the MUST first
+        for (oid, attr) in attrs[0].iteritems():
+            attrlist.append(attr.names[0])
+        # And now the MAY
+        for (oid, attr) in attrs[1].iteritems():
+            attrlist.append(attr.names[0])
+        json_dict['aciattrs'] = attrlist
         json_dict['methods'] = [m for m in self.methods]
         return json_dict
 
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index a9589c6..437b7d5 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -165,6 +165,7 @@ class host(LDAPObject):
         'memberof': ['hostgroup', 'netgroup', 'role'],
         'managedby': ['host'],
     }
+    bindable = True
 
     label = _('Hosts')
 
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 708d829..ddef160 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -56,7 +56,7 @@ class json_metadata(Command):
                     ((objname, json_serialize(self.api.Object[objname])), )
                 )
             )
-            retval= dict([("metadata",meta), ("messages",dict())])
+            retval= dict([("metadata",meta)])
 
         else:
             meta=dict(
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index fbb1ff2..1e55599 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -237,6 +237,7 @@ class service(LDAPObject):
     attribute_members = {
         'managedby': ['host'],
     }
+    bindable = True
 
     label = _('Services')
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 1bbb9b1..07b8e82 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -73,6 +73,7 @@ class user(LDAPObject):
         'memberof': ['group', 'netgroup', 'role'],
     }
     rdnattr = 'uid'
+    bindable = True
 
     label = _('Users')
 
-- 
1.7.2.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to