When re-adding an external user to a sudorule the wrong error message was showing (not found instead of already a member).

Also display external users by default.

This relies on my patch 919 to apply.

rob
>From 6fe688c6d568219f8b736077cd3082a2367e914f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 5 Jan 2012 17:34:44 -0500
Subject: [PATCH] Show proper error message when re-adding external user to
 sudorule

It was showing the error message from NotFound instead of
AlreadyGroupMember.

Also display external users by default.

https://fedorahosted.org/freeipa/ticket/1884
---
 ipalib/plugins/sudorule.py |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 8622cbefd9c211fcc4e4eb3d3e88c2b2472fe698..2ecf240ba62e96b5d456026deee01c6ace35c3dc 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -87,7 +87,7 @@ class sudorule(LDAPObject):
     object_name_plural = _('sudo rules')
     object_class = ['ipaassociation', 'ipasudorule']
     default_attributes = [
-        'cn', 'ipaenabledflag',
+        'cn', 'ipaenabledflag', 'externaluser',
         'description', 'usercategory', 'hostcategory',
         'cmdcategory', 'memberuser', 'memberhost',
         'memberallowcmd', 'memberdenycmd', 'ipasudoopt',
@@ -466,9 +466,18 @@ class sudorule_add_user(LDAPAddMember):
                 username = user[0].lower()
                 user_dn = self.api.Object['user'].get_dn(username)
                 if username not in external_users and user_dn not in members:
+                    # Not an IPA user, assume external
                     external_users.append(username)
                     completed_external += 1
+                elif username in external_users and user_dn not in members:
+                    # Already an external user, reset the error message
+                    msg = unicode(errors.AlreadyGroupMember().message)
+                    newerror = (user[0], msg)
+                    ind = failed['memberuser']['user'].index(user)
+                    failed['memberuser']['user'][ind] = newerror
+                    failed_users.append(username)
                 else:
+                    # Really a failure
                     failed_users.append(username)
             if completed_external:
                 try:
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to