Patch attached.

Ticket:https://fedorahosted.org/freeipa/ticket/4383
-- 
Martin^2 Basti
>From a01f6f623e7cf9261fa0029f271f8a310812f895 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 20 Jun 2014 13:52:12 +0200
Subject: [PATCH] Fix incompatible DNS permission

dns(forward)zone-add/remove-permission can work with permissions with
relative zone name

Ticket:https://fedorahosted.org/freeipa/ticket/4383
---
 ipalib/plugins/dns.py | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index a81fb575b4af8f8a7df577c6a6bf230056f6c660..4614fb49481b0caba06255d55eb6fdfa7e44cc5b 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1876,6 +1876,22 @@ class DNSZoneBase_add_permission(LDAPQuery):
                 self.obj.handle_not_found(*keys)
 
         permission_name = self.obj.permission_name(keys[-1])
+
+        # compatibility with older IPA versions which allows relative zonenames
+        permission_name_rel = self.obj.permission_name(
+            keys[-1].relativize(DNSName.root)
+        )
+        try:
+            api.Command['permission_show'](permission_name_rel)
+        except errors.NotFound:
+            pass
+        else:
+            # permission exists without absolute domain name
+            raise errors.DuplicateEntry(
+                message=_('permission "%(value)s" already exists' %
+                      {'value': permission_name})
+            )
+
         permission = api.Command['permission_add_noaci'](permission_name,
                          ipapermissiontype=u'SYSTEM'
                      )['result']
@@ -1922,7 +1938,19 @@ class DNSZoneBase_remove_permission(LDAPQuery):
             pass
 
         permission_name = self.obj.permission_name(keys[-1])
-        api.Command['permission_del'](permission_name, force=True)
+        try:
+            api.Command['permission_del'](permission_name, force=True)
+        except errors.NotFound, e:
+            # compatibility, older IPA versions which allows to create zone
+            # without absolute zone name
+            permission_name_rel = self.obj.permission_name(
+                keys[-1].relativize(DNSName.root)
+            )
+            try:
+                api.Command['permission_del'](permission_name_rel, force=True)
+            except errors.NotFound:
+                raise e  # re-raise original exception
+
 
         return dict(
             result=True,
-- 
1.8.3.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to