This patch fixes an internal error in the permission plugin that would become more noticeable when CSV is dropped.

https://fedorahosted.org/freeipa/ticket/3420

--
PetrĀ³
From c9928467ea776d444208d329cd03bff3eac3b597 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 14 Feb 2013 07:23:06 -0500
Subject: [PATCH] Fix permission validation and normalization in aci.py

The code split the permission string on commas, essentially doing
poor man's CSV parsing. So if a permission contained a
comma-separated list of valid permissions, validation would pass
but we'd get errors later.

https://fedorahosted.org/freeipa/ticket/3420
---
 ipalib/plugins/aci.py |   23 ++++++++++-------------
 1 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/ipalib/plugins/aci.py b/ipalib/plugins/aci.py
index 7c4e8a549797a9893d6343d0c7126e0754dbf561..2860ac8b1d33664139ec5b64583c9078c8c1b0ad 100644
--- a/ipalib/plugins/aci.py
+++ b/ipalib/plugins/aci.py
@@ -392,21 +392,18 @@ def _find_aci_by_name(acis, aciprefix, aciname):
             return a
     raise errors.NotFound(reason=_('ACI with name "%s" not found') % aciname)
 
-def validate_permissions(ugettext, permissions):
-    valid_permissions = []
-    permissions = permissions.split(',')
-    for p in permissions:
-        p = p.strip().lower()
-        if not p in _valid_permissions_values:
-             return '"%s" is not a valid permission' % p
 
-def _normalize_permissions(permissions):
+def validate_permissions(ugettext, perm):
+    perm = perm.strip().lower()
+    if perm not in _valid_permissions_values:
+        return '"%s" is not a valid permission' % perm
+
+
+def _normalize_permissions(perm):
     valid_permissions = []
-    permissions = permissions.split(',')
-    for p in permissions:
-        p = p.strip().lower()
-        if p not in valid_permissions:
-            valid_permissions.append(p)
+    perm = perm.strip().lower()
+    if perm not in valid_permissions:
+        valid_permissions.append(perm)
     return ','.join(valid_permissions)
 
 _prefix_option = StrEnum('aciprefix',
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to