Hello,
This fixes https://fedorahosted.org/freeipa/ticket/4121
Apply on top of my patches 0464-0466.
--
PetrĀ³
From 494c25e8a5409d66edc9651b6b5a9aba07917eb7 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Tue, 21 Jan 2014 12:13:47 +0100
Subject: [PATCH] permission plugin: Do not assume attribute-level rights for
new attributes are present
With the --all --raw options, the code assumed attribute-level rights
were set on ipaPermissionV2 attributes, even on permissions that did not
have the objectclass.
Add a check that the data is present before using it.
https://fedorahosted.org/freeipa/ticket/4121
---
ipalib/plugins/permission.py | 15 +--
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 947bdda975fc7f820dfaa80203febdee261e26fc..622f5118de44b1f3de65a6b329b231a3018959c0 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -337,13 +337,16 @@ def postprocess_result(self, entry, options):
rights = entry.get('attributelevelrights')
if rights:
-rights['memberof'] = rights['ipapermtargetfilter']
-rights['targetgroup'] = rights['ipapermtarget']
+if 'ipapermtarget' in rights:
+rights['targetgroup'] = rights['ipapermtarget']
+if 'ipapermtargetfilter' in rights:
+rights['memberof'] = rights['ipapermtargetfilter']
-type_rights = set(rights['ipapermtargetfilter'])
-type_rights.intersection_update(rights['ipapermlocation'])
-rights['type'] = ''.join(sorted(
-type_rights, key=rights['ipapermtargetfilter'].index))
+type_rights = set(rights['ipapermtargetfilter'])
+location_rights = set(rights.get('ipapermlocation', ''))
+type_rights.intersection_update(location_rights)
+rights['type'] = ''.join(sorted(
+type_rights, key=rights['ipapermtargetfilter'].index))
if 'ipapermincludedattr' in rights:
rights['attrs'] = ''.join(sorted(
--
1.8.5.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
