On 08/18/2011 10:28 AM, Petr Vobornik wrote:
On 08/17/2011 05:38 PM, Petr Vobornik wrote:
Ticket #1628 - https://fedorahosted.org/freeipa/ticket/1628
Unreported insufficient access error
This patch is dependant on
freeipa-pvoborni-0004-1-error-dialog-for-batch-command.patch.
This may be only a checking if approach of this patch is good.
I was not sure if this type of error message (result.failed property) is
more general or it only appears in adding members. So I put error
handling in serial_associator instead of command. If it would be put in
command and success will be transformed to error, it will change the
behaviour of executing commands - other commands after error won't be
executed. If the approach is good, it could be probably better to change
it a little and offer same logic for batch_associator.
It should be working for adding users to groups, netgroups, roles and
assigning hbac rules (tested as non admin user).
Modified association test - data in success handler should not be
undefined.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Modified to work with bulk association.
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
After implementation error notification in associations. I noticed one
'bug?' :
After adding users to hbac rule, batch error notification is shown
saying 'no modifications to be performed'.
Reproduce:
- create hbacrule named 'aa'
- add several users - in example 'admin' and 'ttest'
Request:
{"method":"batch","params":[[{"method":"hbacrule_mod","params":[["aa"],{"all":true,"rights":true,"usercategory":""}]},{"method":"hbacrule_add_user","params":[["aa"],{"user":"admin,ttest"}]}],{}]}
Response:
============================================================
{
"error": null,
"id": null,
"result": {
"count": 2,
"results": [
{
"error": "no modifications to be performed"
},
{
"completed": 2,
"error": null,
"failed": {
"memberuser": {
"group": [],
"user": []
}
},
"result": {
"cn": [
"aa"
],
"dn":
"ipauniqueid=cfb492f2-c8dc-11e0-9504-00163e06af05,cn=hbac,dc=vm-021,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
"ipaenabledflag": [
"TRUE"
],
"memberuser_group": [
"admins"
],
"memberuser_user": [
"admin",
"ttest"
]
}
}
]
}
}
============================================================
I think the problem is that the first command should be included only if
something changed.
It isn't a bug in this patch, but with it it is a new annoyance (you
have to click OK).
--
Petr Vobornik
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel