On Fri, 2011-12-09 at 19:33 -0600, Endi Sukma Dewata wrote:
> On 12/9/2011 9:47 AM, Martin Kosek wrote:
> > pkey-only functionality has to be implemented separately for these
> > modules as they are based on crud.Search instead of standard
> > LDAPSearch.
> >
> > Delegation commands were modified in the process to allow ACIs
> > without 'memberof' as delegation ACIs. This check is no longer
> > needed since delegation ACI prefixe ensures the ACI type.
> >
> > https://fedorahosted.org/freeipa/ticket/2092
> 
>  From UI perspective this is ACKed. I'm sending a patch to enable paging 
> on these pages.
> 

Thanks for the UI review Endi. If there are no objections from server
people too we can push this.

A rebased version for current master is attached.

Martin
>From a9425cee7fb3fcd57a5861328da5c48b171ca1e4 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 2 Jan 2012 09:33:05 +0100
Subject: [PATCH] Add missing --pkey-only option for selfservice and
 delegation

pkey-only functionality has to be implemented separately for these
modules as they are based on crud.Search instead of standard
LDAPSearch.

Delegation commands were modified in the process to allow ACIs
without 'memberof' as delegation ACIs. This check is no longer
needed since delegation ACI prefixe ensures the ACI type.

https://fedorahosted.org/freeipa/ticket/2092
---
 API.txt                                      |    9 +++-
 VERSION                                      |    2 +-
 ipalib/plugins/aci.py                        |   11 ++++-
 ipalib/plugins/baseldap.py                   |   12 +++--
 ipalib/plugins/delegation.py                 |   56 ++++++++++++--------------
 ipalib/plugins/selfservice.py                |    3 +
 tests/test_xmlrpc/test_delegation_plugin.py  |   16 +++++++
 tests/test_xmlrpc/test_permission_plugin.py  |   21 ++++++++++
 tests/test_xmlrpc/test_selfservice_plugin.py |   15 +++++++
 9 files changed, 103 insertions(+), 42 deletions(-)

diff --git a/API.txt b/API.txt
index aba3d8aa0250113d137878c97903922ff14ee664..d2a418dd53379be281f612d30bcf90f24c8323d3 100644
--- a/API.txt
+++ b/API.txt
@@ -27,7 +27,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'bool'>, None)
 output: Output('value', <type 'unicode'>, None)
 command: aci_find
-args: 1,15,4
+args: 1,16,4
 arg: Str('criteria?')
 option: Str('aciname', attribute=False, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
 option: Str('permission', attribute=False, autofill=False, cli_name='permission', multivalue=False, query=True, required=False)
@@ -41,6 +41,7 @@ option: Str('subtree', attribute=False, autofill=False, cli_name='subtree', mult
 option: Str('targetgroup', attribute=False, autofill=False, cli_name='targetgroup', multivalue=False, query=True, required=False)
 option: Bool('selfaci', attribute=False, autofill=False, cli_name='self', default=False, multivalue=False, query=True, required=False)
 option: StrEnum('aciprefix?', cli_name='prefix', multivalue=False, required=False, values=(u'permission', u'delegation', u'selfservice', u'none'))
+option: Flag('pkey_only?', autofill=True, default=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -560,13 +561,14 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'bool'>, None)
 output: Output('value', <type 'unicode'>, None)
 command: delegation_find
-args: 1,8,4
+args: 1,9,4
 arg: Str('criteria?')
 option: Str('aciname', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
 option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, query=True, required=False)
 option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=True, required=False)
 option: Str('memberof', attribute=True, autofill=False, cli_name='membergroup', multivalue=False, query=True, required=False)
 option: Str('group', attribute=True, autofill=False, cli_name='group', multivalue=False, query=True, required=False)
+option: Flag('pkey_only?', autofill=True, default=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
@@ -2284,11 +2286,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('result', <type 'bool'>, None)
 output: Output('value', <type 'unicode'>, None)
 command: selfservice_find
-args: 1,6,4
+args: 1,7,4
 arg: Str('criteria?')
 option: Str('aciname', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
 option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, query=True, required=False)
 option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=True, required=False)
+option: Flag('pkey_only?', autofill=True, default=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('version?', exclude='webui')
diff --git a/VERSION b/VERSION
index 081643745c47e78e7739f2b1092be762acd14e5f..b6ef09fc5119d04cc54e031762fa3e21987d2867 100644
--- a/VERSION
+++ b/VERSION
@@ -79,4 +79,4 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=18
+IPA_API_VERSION_MINOR=19
diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index 7ace05eb4a19b5bf9443a1f274c9e7e548fb062b..59cf3ec8954cef5fe6fe6073d53c6a5753573152 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -122,6 +122,7 @@ from ipalib import api, crud, errors
 from ipalib import Object, Command
 from ipalib import Flag, Int, Str, StrEnum
 from ipalib.aci import ACI
+from ipalib.plugins.baseldap import gen_pkey_only_option
 from ipalib import output
 from ipalib import _, ngettext
 if api.env.in_server and api.env.context in ['lite', 'server']:
@@ -295,7 +296,7 @@ def _make_aci(ldap, current, aciname, kw):
 
     return a
 
-def _aci_to_kw(ldap, a, test=False):
+def _aci_to_kw(ldap, a, test=False, pkey_only=False):
     """Convert an ACI into its equivalent keywords.
 
        This is used for the modify operation so we can merge the
@@ -304,6 +305,8 @@ def _aci_to_kw(ldap, a, test=False):
     """
     kw = {}
     kw['aciprefix'], kw['aciname'] = _parse_aci_name(a.name)
+    if pkey_only:
+        return kw
     kw['permissions'] = tuple(a.permissions)
     if 'targetattr' in a.target:
         kw['attrs'] = list(a.target['targetattr']['expression'])
@@ -665,7 +668,8 @@ class aci_find(crud.Search):
     NO_CLI = True
     msg_summary = ngettext('%(count)d ACI matched', '%(count)d ACIs matched', 0)
 
-    takes_options = (_prefix_option.clone_rename("aciprefix?", required=False),)
+    takes_options = (_prefix_option.clone_rename("aciprefix?", required=False),
+                     gen_pkey_only_option("name"),)
 
     def execute(self, term, **kw):
         ldap = self.api.Backend.ldap2
@@ -820,7 +824,8 @@ class aci_find(crud.Search):
             if kw.get('raw', False):
                 aci = dict(aci=unicode(result))
             else:
-                aci = _aci_to_kw(ldap, result)
+                aci = _aci_to_kw(ldap, result,
+                        pkey_only=kw.get('pkey_only', False))
             acis.append(aci)
 
         return dict(
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 2fdcd2b744e1abc78189a1a81de78189e86f5f92..7c7053b8559d502a78a3d38e304b35d1c48c0f03 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -1540,6 +1540,12 @@ class LDAPRemoveMember(LDAPModMember):
         return
 
 
+def gen_pkey_only_option(cli_name):
+    return Flag('pkey_only?',
+                label=_('Primary key only'),
+                doc=_('Results should contain primary key attribute only ("%s")') \
+                    % to_cli(cli_name),)
+
 class LDAPSearch(BaseLDAPCommand, crud.Search):
     """
     Retrieve all LDAP entries matching the given criteria.
@@ -1582,11 +1588,7 @@ class LDAPSearch(BaseLDAPCommand, crud.Search):
             yield option
         if self.obj.primary_key and \
                 'no_output' not in self.obj.primary_key.flags:
-            yield Flag('pkey_only?',
-                       label=_('Primary key only'),
-                       doc=_('Results should contain primary key attribute only ("%s")') \
-                               % to_cli(self.obj.primary_key.cli_name),
-                      )
+            yield gen_pkey_only_option(self.obj.primary_key.cli_name)
         for attr in self.member_attributes:
             for ldap_obj_name in self.obj.attribute_members[attr]:
                 ldap_obj = self.api.Object[ldap_obj_name]
diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py
index 5fe1511f2318af24c2a23279f0a3ab40fc4fae07..c8136d473bbdde5582f367bb4752b7b9629e267f 100644
--- a/ipalib/plugins/delegation.py
+++ b/ipalib/plugins/delegation.py
@@ -24,6 +24,7 @@ from ipalib.request import context
 from ipalib import api, crud, errors
 from ipalib import output
 from ipalib import Object, Command
+from ipalib.plugins.baseldap import gen_pkey_only_option
 
 __doc__ = _("""
 Group to Group Delegation
@@ -58,25 +59,26 @@ def convert_delegation(ldap, aci):
     memberOf is in filter but we want to pull out the group for easier
     displaying.
     """
-    filter = aci['memberof']
-    st = filter.find('memberOf=')
-    if st == -1:
-        raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname']))
-    en = filter.find(')', st)
-    membergroup = filter[st+9:en]
-    try:
-        (dn, entry_attrs) = ldap.get_entry(membergroup, ['cn'])
-    except Exception, e:
-        # Uh oh, the group we're granting access to has an error
-        msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e))
-        raise errors.NonFatalError(reason=msg)
-    aci['memberof'] = entry_attrs['cn'][0]
+    if 'memberof' in aci:
+        filter = aci['memberof']
+        st = filter.find('memberOf=')
+        if st == -1:
+            raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aci['aciname']))
+        en = filter.find(')', st)
+        membergroup = filter[st+9:en]
+        try:
+            (dn, entry_attrs) = ldap.get_entry(membergroup, ['cn'])
+        except Exception, e:
+            # Uh oh, the group we're granting access to has an error
+            msg = _('Error retrieving member group %(group)s: %(error)s') % (membergroup, str(e))
+            raise errors.NonFatalError(reason=msg)
+        aci['memberof'] = entry_attrs['cn'][0]
 
     del aci['aciprefix']     # do not include prefix in result
 
     return aci
 
-def is_delegation(ldap, aciname):
+def get_delegation_aci(ldap, aciname):
     """
     Determine if the ACI is a Delegation ACI and raise an exception if it
     isn't.
@@ -85,12 +87,7 @@ def is_delegation(ldap, aciname):
     membergroup.
     """
     result = api.Command['aci_show'](aciname, aciprefix=ACI_PREFIX)['result']
-    if 'memberof' in result:
-        result = convert_delegation(ldap, result)
-    else:
-        raise errors.NotFound(reason=_('Delegation \'%(permission)s\' not found') % dict(permission=aciname))
-    return result
-
+    return convert_delegation(ldap, result)
 
 class delegation(Object):
     """
@@ -163,8 +160,7 @@ class delegation_add(crud.Create):
             kw['permissions'] = (u'write',)
         kw['aciprefix'] = ACI_PREFIX
         result = api.Command['aci_add'](aciname, **kw)['result']
-        if 'memberof' in result:
-            result = convert_delegation(ldap, result)
+        result = convert_delegation(ldap, result)
 
         return dict(
             result=result,
@@ -182,7 +178,7 @@ class delegation_del(crud.Delete):
 
     def execute(self, aciname, **kw):
         ldap = self.api.Backend.ldap2
-        is_delegation(ldap, aciname)
+        get_delegation_aci(ldap, aciname)
         kw['aciprefix'] = ACI_PREFIX
         result = api.Command['aci_del'](aciname, **kw)
         return dict(
@@ -200,11 +196,10 @@ class delegation_mod(crud.Update):
 
     def execute(self, aciname, **kw):
         ldap = self.api.Backend.ldap2
-        is_delegation(ldap, aciname)
+        get_delegation_aci(ldap, aciname)
         kw['aciprefix'] = ACI_PREFIX
         result = api.Command['aci_mod'](aciname, **kw)['result']
-        if 'memberof' in result:
-            result = convert_delegation(ldap, result)
+        result = convert_delegation(ldap, result)
         return dict(
             result=result,
             value=aciname,
@@ -220,6 +215,8 @@ class delegation_find(crud.Search):
         '%(count)d delegation matched', '%(count)d delegations matched', 0
     )
 
+    takes_options = (gen_pkey_only_option("name"),)
+
     def execute(self, term, **kw):
         ldap = self.api.Backend.ldap2
         kw['aciprefix'] = ACI_PREFIX
@@ -227,9 +224,8 @@ class delegation_find(crud.Search):
         results = []
         for aci in acis:
             try:
-                if 'memberof' in aci:
-                    aci = convert_delegation(ldap, aci)
-                    results.append(aci)
+                aci = convert_delegation(ldap, aci)
+                results.append(aci)
             except errors.NotFound:
                 pass
 
@@ -253,7 +249,7 @@ class delegation_show(crud.Retrieve):
 
     def execute(self, aciname, **kw):
         ldap = self.api.Backend.ldap2
-        result = is_delegation(ldap, aciname)
+        result = get_delegation_aci(ldap, aciname)
         return dict(
             result=result,
             value=aciname,
diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py
index 902e16baf813508708c570b6cc7544612f4ab544..2db3764797aa2edbd4770498ed79e4773ddbe09f 100644
--- a/ipalib/plugins/selfservice.py
+++ b/ipalib/plugins/selfservice.py
@@ -24,6 +24,7 @@ from ipalib.request import context
 from ipalib import api, crud, errors
 from ipalib import output
 from ipalib import Object, Command
+from ipalib.plugins.baseldap import gen_pkey_only_option
 
 __doc__ = _("""
 Self-service Permissions
@@ -182,6 +183,8 @@ class selfservice_find(crud.Search):
         '%(count)d selfservice matched', '%(count)d selfservices matched', 0
     )
 
+    takes_options = (gen_pkey_only_option("name"),)
+
     def execute(self, term, **kw):
         kw['selfaci'] = True
         kw['aciprefix'] = ACI_PREFIX
diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py
index 2131c5ad7796cdb3e2f420bc9f19533fbcc48110..dbfa5ff75fdc5ce9a7c1ff53a20da98f805db9c5 100644
--- a/tests/test_xmlrpc/test_delegation_plugin.py
+++ b/tests/test_xmlrpc/test_delegation_plugin.py
@@ -147,6 +147,22 @@ class test_delegation(Declarative):
 
 
         dict(
+            desc='Search for %r with --pkey-only' % delegation1,
+            command=('delegation_find', [delegation1], {'pkey_only' : True}),
+            expected=dict(
+                count=1,
+                truncated=False,
+                summary=u'1 delegation matched',
+                result=[
+                    {
+                    'aciname': delegation1,
+                    },
+                ],
+            ),
+        ),
+
+
+        dict(
             desc='Update %r' % delegation1,
             command=(
                 'delegation_mod', [delegation1], dict(permissions=u'read')
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index a116a66ea29384859f729ed8a95889ba9c05095a..e924339bfb985bee1ac78dbd51653d75a1046cc4 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -269,6 +269,27 @@ class test_permission(Declarative):
 
 
         dict(
+            desc='Search for %r with --pkey-only' % permission1,
+            command=('permission_find', [permission1], {'pkey_only' : True}),
+            expected=dict(
+                count=2,
+                truncated=False,
+                summary=u'2 permissions matched',
+                result=[
+                    {
+                        'dn': lambda x: DN(x) == permission1_dn,
+                        'cn': [permission1],
+                    },
+                    {
+                        'dn': lambda x: DN(x) == permission2_dn,
+                        'cn': [permission2],
+                    },
+                ],
+            ),
+        ),
+
+
+        dict(
             desc='Search for %r' % privilege1,
             command=('privilege_find', [privilege1], {}),
             expected=dict(
diff --git a/tests/test_xmlrpc/test_selfservice_plugin.py b/tests/test_xmlrpc/test_selfservice_plugin.py
index 6a304a9858abaae9ceaa90d43fc762a420b2d1b2..5b97a0bb58e2a98dc401d6efd0c8436e4d6947ab 100644
--- a/tests/test_xmlrpc/test_selfservice_plugin.py
+++ b/tests/test_xmlrpc/test_selfservice_plugin.py
@@ -137,6 +137,21 @@ class test_selfservice(Declarative):
             ),
         ),
 
+        dict(
+            desc='Search for %r with --pkey-only' % selfservice1,
+            command=('selfservice_find', [selfservice1], {'pkey_only' : True}),
+            expected=dict(
+                count=1,
+                truncated=False,
+                summary=u'1 selfservice matched',
+                result=[
+                    {
+                        'aciname': selfservice1,
+                    },
+                ],
+            ),
+        ),
+
 
         dict(
             desc='Update %r' % selfservice1,
-- 
1.7.7.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to