[Freeipa-devel] [PATCH] Enable custom list of attributes to retrieve effective rights.
LDAPObject sub-classes can define a custom list of attributes for
effective rights retrieval.
Fix #677
Pavel
From 98b7456f1c4d872e265ea4e8c26ab42e206375e8 Mon Sep 17 00:00:00 2001
From: Pavel Zuna pz...@redhat.com
Date: Thu, 30 Dec 2010 08:48:12 -0500
Subject: [PATCH 2/4] Enable custom list of attributes to retrieve effective rights.
Fix #677
---
ipalib/plugins/baseldap.py | 38 --
ipalib/plugins/config.py |4
2 files changed, 24 insertions(+), 18 deletions(-)
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 259d02b..1cd181c 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -162,20 +162,6 @@ def get_attributes(attrs):
return attrlist
-def get_effective_rights(ldap, dn, attrs=None):
-if attrs is None:
-attrs = ['*', 'nsaccountlock', 'cospriority']
-rights = ldap.get_effective_rights(dn, attrs)
-rdict = {}
-if 'attributelevelrights' in rights[1]:
-rights = rights[1]['attributelevelrights']
-rights = rights[0].split(', ')
-for r in rights:
-(k,v) = r.split(':')
-rdict[k.strip().lower()] = v
-
-return rdict
-
def wait_for_memberof(keys, entry_start, completed, show_command, adding=True):
When adding or removing reverse members we are faking an update to
@@ -240,6 +226,7 @@ class LDAPObject(Object):
search_attributes_config = None
default_attributes = []
hidden_attributes = ['objectclass', 'aci']
+rights_attributes = ['*', 'nsaccountlock', 'cospriority']
# set rdn_attribute only if RDN attribute differs from primary key!
rdn_attribute = ''
uuid_attribute = ''
@@ -288,6 +275,19 @@ class LDAPObject(Object):
pass
return dn[len(self.primary_key.name) + 1:dn.find(',')]
+def get_effective_rights(self, dn, attrs=None):
+rdict = {}
+if attrs is None:
+attrs = self.rights_attributes
+rights = self.backend.get_effective_rights(dn, attrs)
+if 'attributelevelrights' in rights[1]:
+rights = rights[1]['attributelevelrights']
+rights = rights[0].split(', ')
+for r in rights:
+(k, v) = r.split(':')
+rdict[k.strip().lower()] = v
+return rdict
+
def get_ancestor_primary_keys(self):
if self.parent_object:
parent_obj = self.api.Object[self.parent_object]
@@ -674,8 +674,9 @@ class LDAPRetrieve(LDAPQuery):
except errors.NotFound:
self.obj.handle_not_found(*keys)
-if options.get('rights', False) and options.get('all', False):
-entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
+if options.get('rights', False):
+rights = self.obj.get_effective_rights(dn)
+entry_attrs['attributelevelrights'] = rights
for callback in self.POST_CALLBACKS:
if hasattr(callback, 'im_self'):
@@ -830,8 +831,9 @@ class LDAPUpdate(LDAPQuery, crud.Update):
format=_('the entry was deleted while being modified')
)
-if options.get('rights', False) and options.get('all', False):
-entry_attrs['attributelevelrights'] = get_effective_rights(ldap, dn)
+if options.get('rights', False):
+rights = self.obj.get_effective_rights(dn)
+entry_attrs['attributelevelrights'] = rights
for callback in self.POST_CALLBACKS:
if hasattr(callback, 'im_self'):
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py
index cabfd76..7c9f458 100644
--- a/ipalib/plugins/config.py
+++ b/ipalib/plugins/config.py
@@ -81,6 +81,9 @@ class config(LDAPObject):
'ipasearchrecordslimit', 'ipausersearchfields', 'ipagroupsearchfields',
'ipamigrationenabled', 'ipacertificatesubjectbase',
]
+rights_attributes = LDAPObject.rights_attributes + [
+'ipahomesrootdir', 'ipagroupsearchfields',
+]
label = _('Configuration')
@@ -200,3 +203,4 @@ class config_show(LDAPRetrieve):
api.register(config_show)
+
--
1.7.1.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Translate IA5Str paramaters the editable text fields in the webUI.
Fix #684
Pavel
From ea2cd3c1c97c11c216c0c2baff07615d2f14298e Mon Sep 17 00:00:00 2001
From: Pavel Zuna pz...@redhat.com
Date: Thu, 30 Dec 2010 09:11:58 -0500
Subject: [PATCH 3/4] Translate IA5Str paramaters the editable text fields in the webUI.
Fix #684
---
install/static/details.js |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/install/static/details.js b/install/static/details.js
index 1aeffb1..6afe743 100644
--- a/install/static/details.js
+++ b/install/static/details.js
@@ -75,7 +75,9 @@ function ipa_details_field(spec) {
var rights = 'rsc';
if (that.record.attributelevelrights){
+alert(this.name);
rights = that.record.attributelevelrights[this.name] || rights ;
+alert(rights);
}
if (that.values) {
@@ -724,6 +726,7 @@ function ipa_insert_dd(jobj, content, dd_class){
/* mapping of parameter types to handlers used to create inputs */
var _ipa_param_type_2_handler_map = {
'Str': _ipa_create_text_input,
+'IA5Str': _ipa_create_text_input,
'Int': _ipa_create_text_input,
'Bool': _ipa_create_text_input,
'List': _ipa_create_text_input
--
1.7.1.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Fix 'ipa help permissions'; add 'dns' in allowed types.
Pavel
From 08534b8e0fe9ab9713599de166a5bfb4232c1776 Mon Sep 17 00:00:00 2001
From: Pavel Zuna pz...@redhat.com
Date: Thu, 30 Dec 2010 09:12:35 -0500
Subject: [PATCH 4/4] Fix 'ipa help permissions'; add 'dns' in allowed types.
---
ipalib/plugins/permission.py |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 1a707c4..43bb263 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -120,7 +120,7 @@ class permission(LDAPObject):
StrEnum('type?',
cli_name='type',
label=_('Type'),
-doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup)'),
+doc=_('Type of IPA object (user, group, host, hostgroup, service, netgroup, dns)'),
values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dns',),
),
Str('memberof?',
--
1.7.1.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] Translate IA5Str paramaters the editable text fields in the webUI.
On 2010-12-30 10:29, Pavel Zůna wrote:
Fix #684
Pavel
Left some debugging output in the original patch. Fixed version attached.
Pavel
From 508a68cc41f812683cbf62640c3dc2de02dd2981 Mon Sep 17 00:00:00 2001
From: Pavel Zuna pz...@redhat.com
Date: Thu, 30 Dec 2010 09:11:58 -0500
Subject: [PATCH] Translate IA5Str paramaters the editable text fields in the webUI.
Fix #684
---
install/static/details.js |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/install/static/details.js b/install/static/details.js
index 1aeffb1..77dc88f 100644
--- a/install/static/details.js
+++ b/install/static/details.js
@@ -724,6 +724,7 @@ function ipa_insert_dd(jobj, content, dd_class){
/* mapping of parameter types to handlers used to create inputs */
var _ipa_param_type_2_handler_map = {
'Str': _ipa_create_text_input,
+'IA5Str': _ipa_create_text_input,
'Int': _ipa_create_text_input,
'Bool': _ipa_create_text_input,
'List': _ipa_create_text_input
--
1.7.1.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] Disable action panel links when the selected entry is deleted.
Fix #685
Pavel
From 2dd2304d8f10272d3e376090cbe2565e21ff627d Mon Sep 17 00:00:00 2001
From: Pavel Zuna pz...@redhat.com
Date: Thu, 30 Dec 2010 16:41:50 -0500
Subject: [PATCH] Disable action panel links when the selected entry is deleted.
Fix #685
---
install/static/search.js |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/install/static/search.js b/install/static/search.js
index 061824c..a111e0c 100644
--- a/install/static/search.js
+++ b/install/static/search.js
@@ -206,6 +206,11 @@ function ipa_search_widget(spec) {
function on_success(data, text_status, xhr) {
+var action_panel = that.facet.get_action_panel();
+$('li.entity-facet', action_panel).
+addClass('entity-facet-disabled');
+$('input', action_panel).val(null);
+
that.tbody.empty();
var result = data.result.result;
@@ -215,7 +220,6 @@ function ipa_search_widget(spec) {
}
var summary = $('span[name=summary]', that.tfoot);
-
if (data.result.truncated) {
summary.text(
'Query returned results than configured size limit will show.' +
--
1.7.1.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
