On Wed, 2014-06-25 at 15:54 +0200, Petr Viktorin wrote: > On 06/20/2014 03:28 PM, Martin Basti wrote: > > Patch attached. > > > > Ticket:https://fedorahosted.org/freeipa/ticket/4383 > > This works, just two comments: > > To check if an entry exists, instead of calling > api.Command['permission_show'](permission_name_rel) > you should call the more light-weight > api.Object[permission].get_dn_if_exists(permission_name_rel) > > And for translated messages, use: > _('message about %(topic)s") % {...} > rather than: > _('message about %(topic)s" % {...}) > In other words, _() must be called on a literal string. Otherwise it > couldn't be looked up in the translation database (or even picked up by > gettext). >
Thank you for review. Updated patch attached. -- Martin^2 Basti
>From bc11e3a533756714aca9dd44ef982d3284844dcd Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 20 Jun 2014 13:52:12 +0200 Subject: [PATCH] Fix incompatible DNS permission dns(forward)zone-add/remove-permission can work with permissions with relative zone name Ticket:https://fedorahosted.org/freeipa/ticket/4383 --- ipalib/plugins/dns.py | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index a81fb575b4af8f8a7df577c6a6bf230056f6c660..890d2cceb01faf0e8933a884d812aa2af9f08ab9 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -1876,6 +1876,23 @@ class DNSZoneBase_add_permission(LDAPQuery): self.obj.handle_not_found(*keys) permission_name = self.obj.permission_name(keys[-1]) + + # compatibility with older IPA versions which allows relative zonenames + permission_name_rel = self.obj.permission_name( + keys[-1].relativize(DNSName.root) + ) + try: + api.Object['permission'].get_dn_if_exists(permission_name_rel) + except errors.NotFound: + pass + else: + # permission exists without absolute domain name + raise errors.DuplicateEntry( + message=_('permission "%(value)s" already exists') % { + 'value': permission_name + } + ) + permission = api.Command['permission_add_noaci'](permission_name, ipapermissiontype=u'SYSTEM' )['result'] @@ -1922,7 +1939,19 @@ class DNSZoneBase_remove_permission(LDAPQuery): pass permission_name = self.obj.permission_name(keys[-1]) - api.Command['permission_del'](permission_name, force=True) + try: + api.Command['permission_del'](permission_name, force=True) + except errors.NotFound, e: + # compatibility, older IPA versions which allows to create zone + # without absolute zone name + permission_name_rel = self.obj.permission_name( + keys[-1].relativize(DNSName.root) + ) + try: + api.Command['permission_del'](permission_name_rel, force=True) + except errors.NotFound: + raise e # re-raise original exception + return dict( result=True, -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel