Translate the membergroup dn into a group name.
Drop filter from the output, it is superfluous.
ticket 634
>From b8077ae7945f5395afc47f5d6d317e07d283fe3e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 20 Dec 2010 13:53:35 -0500
Subject: [PATCH] Translate the membergroup dn into a group name.
Drop filter from the output, it is superfluous.
ticket 634
---
ipalib/plugins/delegation.py | 33 ++++++++++++++++++--------
tests/test_xmlrpc/test_delegation_plugin.py | 17 +++++---------
2 files changed, 29 insertions(+), 21 deletions(-)
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py
index c233784..468e017 100644
--- a/ipalib/plugins/delegation.py
+++ b/ipalib/plugins/delegation.py
@@ -50,7 +50,7 @@ from ipalib import api, crud, errors
from ipalib import output
from ipalib import Object, Command
-def convert_delegation(aci):
+def convert_delegation(ldap, aci):
"""
memberOf is in filter but we want to pull out the group for easier
displaying.
@@ -61,11 +61,19 @@ def convert_delegation(aci):
raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname']))
en = filter.find(')', st)
membergroup = filter[st+9:en]
- aci['membergroup'] = membergroup
+ try:
+ (dn, entry_attrs) = ldap.get_entry(membergroup, ['cn'])
+ except Exception, e:
+ # Uh oh, the group we're granting access to has an error
+ msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e))
+ raise errors.NonFatalError(reason=msg)
+ aci['membergroup'] = entry_attrs['cn']
+
+ del aci['filter']
return aci
-def is_delegation(aciname):
+def is_delegation(ldap, aciname):
"""
Determine if the ACI is a Delegation ACI and raise an exception if it
isn't.
@@ -75,7 +83,7 @@ def is_delegation(aciname):
"""
result = api.Command['aci_show'](aciname)['result']
if 'filter' in result:
- result = convert_delegation(result)
+ result = convert_delegation(ldap, result)
else:
raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname))
return result
@@ -144,11 +152,12 @@ class delegation_add(crud.Create):
msg_summary = _('Added delegation "%(value)s"')
def execute(self, aciname, **kw):
+ ldap = self.api.Backend.ldap2
if not 'permissions' in kw:
kw['permissions'] = (u'write',)
result = api.Command['aci_add'](aciname, **kw)['result']
if 'filter' in result:
- result = convert_delegation(result)
+ result = convert_delegation(ldap, result)
return dict(
result=result,
@@ -167,7 +176,8 @@ class delegation_del(crud.Delete):
msg_summary = _('Deleted delegation "%(value)s"')
def execute(self, aciname, **kw):
- is_delegation(aciname)
+ ldap = self.api.Backend.ldap2
+ is_delegation(ldap, aciname)
result = api.Command['aci_del'](aciname, **kw)
return dict(
result=True,
@@ -185,10 +195,11 @@ class delegation_mod(crud.Update):
msg_summary = _('Modified delegation "%(value)s"')
def execute(self, aciname, **kw):
- is_delegation(aciname)
+ ldap = self.api.Backend.ldap2
+ is_delegation(ldap, aciname)
result = api.Command['aci_mod'](aciname, **kw)['result']
if 'filter' in result:
- result = convert_delegation(result)
+ result = convert_delegation(ldap, result)
return dict(
result=result,
value=aciname,
@@ -207,12 +218,13 @@ class delegation_find(crud.Search):
)
def execute(self, term, **kw):
+ ldap = self.api.Backend.ldap2
acis = api.Command['aci_find'](term, **kw)['result']
results = []
for aci in acis:
try:
if 'filter' in aci:
- aci = convert_delegation(aci)
+ aci = convert_delegation(ldap, aci)
results.append(aci)
except errors.NotFound:
pass
@@ -237,7 +249,8 @@ class delegation_show(crud.Retrieve):
)
def execute(self, aciname, **kw):
- result = is_delegation(aciname)
+ ldap = self.api.Backend.ldap2
+ result = is_delegation(ldap, aciname)
return dict(
result=result,
value=aciname,
diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py
index a4520f4..b2b24d9 100644
--- a/tests/test_xmlrpc/test_delegation_plugin.py
+++ b/tests/test_xmlrpc/test_delegation_plugin.py
@@ -26,7 +26,7 @@ from tests.test_xmlrpc import objectclasses
from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid
delegation1 = u'testdelegation'
-memberdn1 = u'cn=admins,cn=groups,cn=accounts,%s' % api.env.basedn
+member1 = u'admins'
class test_delegation(Declarative):
@@ -89,8 +89,7 @@ class test_delegation(Declarative):
permissions=[u'write'],
aciname=delegation1,
group=u'editors',
- membergroup=u'%s' % memberdn1,
- filter = u'(memberOf=%s)' % memberdn1
+ membergroup=[member1],
),
),
),
@@ -121,8 +120,7 @@ class test_delegation(Declarative):
'permissions': [u'write'],
'aciname': delegation1,
'group': u'editors',
- 'filter': u'(memberOf=%s)' % memberdn1,
- 'membergroup': u'%s' % memberdn1
+ 'membergroup': [member1],
},
),
),
@@ -141,8 +139,7 @@ class test_delegation(Declarative):
'permissions': [u'write'],
'aciname': delegation1,
'group': u'editors',
- 'membergroup': u'%s' % memberdn1,
- 'filter': u'(memberOf=%s)' % memberdn1
+ 'membergroup': [member1],
},
],
),
@@ -162,8 +159,7 @@ class test_delegation(Declarative):
permissions=[u'read'],
aciname=delegation1,
group=u'editors',
- membergroup=u'%s' % memberdn1,
- filter=u'(memberOf=%s)' % memberdn1
+ membergroup=[member1],
),
),
),
@@ -180,8 +176,7 @@ class test_delegation(Declarative):
'permissions': [u'read'],
'aciname': delegation1,
'group': u'editors',
- 'membergroup': u'%s' % memberdn1,
- 'filter': u'(memberOf=%s)' % memberdn1
+ 'membergroup': [member1],
},
),
),
--
1.7.2.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
