After upgrade, sshkeys of existing users and hosts are not editable because attribute level rights are not send to Web UI due to lack of ipasshuser object class.

'w_if_no_aci' attribute flag was introduced to bypass this issue. It makes attribute writable when AttributeLevelRights are not present. It was set for sshkeys_field.


https://fedorahosted.org/freeipa/ticket/3260
--
Petr Vobornik
From 24e794a42c8650c78d8a9d761a8be8c03d6d663c Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Mon, 19 Nov 2012 13:22:36 +0100
Subject: [PATCH] Editable sshkey field after upgrade

After upgrade, sshkeys of existing users and hosts are not editable because attribute level rights are not send to Web UI due to lack of ipasshuser object class.

'w_if_no_aci' attribute flag was introduced to bypass this issue. It makes attribute writable when AttributeLevelRights are not present. It was set for sshkeys_field.

https://fedorahosted.org/freeipa/ticket/3260
---
 install/ui/field.js | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/install/ui/field.js b/install/ui/field.js
index c5c999e685500765f09af084531def144bbbd10b..e072c72a1d2948a97ff15f7b4ff42c4c749adfcf 100644
--- a/install/ui/field.js
+++ b/install/ui/field.js
@@ -190,7 +190,14 @@ IPA.field = function(spec) {
 
         if (record.attributelevelrights) {
             var rights = record.attributelevelrights[that.param];
-            if (!rights || rights.indexOf('w') < 0) {
+
+            // Some objects in LDAP may not have set proper object class and
+            // therefore server doesn't send proper attribute rights. Flag
+            // 'w_if_no_aci' should be used when we want to ensure that UI
+            // shows edit interface in such cases.
+            // For all others lack of rights means no write.
+            if ((!rights && that.flags.indexOf('w_if_no_aci') < 0) ||
+                  (rights && rights.indexOf('w') < 0)) {
                 that.writable = false;
             }
         }
@@ -644,7 +651,10 @@ IPA.sshkeys_field = function(spec) {
 
     var that = IPA.multivalued_field(spec);
 
-    that.sshfp_attr = 'sshpubkeyfp' || spec.sshfp_attr;
+    // Fixes upgrade issue. When attr rights are missing due to lack of object class.
+    that.flags = spec.flags || ['w_if_no_aci'];
+
+    that.sshfp_attr = spec.sshfp_attr || 'sshpubkeyfp';
 
     that.load = function(record) {
 
-- 
1.7.11.7

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to