Re: [Freeipa-devel] [PATCH] 625 Provide attrs for ACI UI

2010-12-03 Thread Adam Young 

On 12/02/2010 11:09 AM, Rob Crittenden wrote:
Provide available attributes for all objects for use in creating 
permissions (ACIs). This is provided in the meta data call.


Also tell whether an object is bindable (has password or kerberos key) 
for use in the future selfservice plugin.


rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

ACK. pushed to master
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 625 Provide attrs for ACI UI

2010-12-02 Thread Rob Crittenden 
Provide available attributes for all objects for use in creating 
permissions (ACIs). This is provided in the meta data call.


Also tell whether an object is bindable (has password or kerberos key) 
for use in the future selfservice plugin.


rob
From 7ccf39c8797b74853d279f1c6698b33d06a1e319 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 2 Dec 2010 11:05:54 -0500
Subject: [PATCH] Provide list of available attributes for use in ACI UI.

Also include flag indicating whether the object is bindable. This will
be used to determine if the object can have a selfservice ACI.

ticket 446
---
 install/share/bootstrap-template.ldif |1 -
 ipalib/plugins/baseldap.py|   23 ++-
 ipalib/plugins/host.py|1 +
 ipalib/plugins/internal.py|2 +-
 ipalib/plugins/service.py |1 +
 ipalib/plugins/user.py|1 +
 6 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 7946526..4f10f07 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -218,7 +218,6 @@ ipaUserObjectClasses: inetuser
 ipaUserObjectClasses: posixaccount
 ipaUserObjectClasses: krbprincipalaux
 ipaUserObjectClasses: krbticketpolicyaux
-ipaUserObjectClasses: radiusprofile
 ipaUserObjectClasses: ipaobject
 ipaDefaultEmailDomain: $DOMAIN
 ipaMigrationEnabled: FALSE
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 3894e18..7d382f9 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -197,6 +197,8 @@ class LDAPObject(Object):
 uuid_attribute = ''
 attribute_members = {}
 rdnattr = None
+# Can bind as this entry (has userPassword or krbPrincipalKey)
+bindable = False
 
 container_not_found_msg = _('container entry (%(container)s) not found')
 parent_not_found_msg = _('%(parent)s: %(oname)s not found')
@@ -293,14 +295,33 @@ class LDAPObject(Object):
 'parent_object', 'container_dn', 'object_name', 'object_name_plural',
 'object_class', 'object_class_config', 'default_attributes', 'label',
 'hidden_attributes', 'uuid_attribute', 'attribute_members', 'name',
-'takes_params', 'rdn_attribute',
+'takes_params', 'rdn_attribute', 'bindable',
 )
+
 def __json__(self):
+ldap = self.backend
 json_dict = dict(
 (a, getattr(self, a)) for a in self.json_friendly_attributes
 )
 if self.primary_key:
 json_dict['primary_key'] = self.primary_key.name
+objectclasses = self.object_class
+if self.object_class_config:
+config = ldap.get_ipa_config()[1]
+objectclasses = config.get(
+self.object_class_config, objectclasses
+)
+# Get list of available attributes for this object for use
+# in the ACI UI.
+attrs = self.api.Backend.ldap2.schema.attribute_types(objectclasses)
+attrlist = []
+# Go through the MUST first
+for (oid, attr) in attrs[0].iteritems():
+attrlist.append(attr.names[0])
+# And now the MAY
+for (oid, attr) in attrs[1].iteritems():
+attrlist.append(attr.names[0])
+json_dict['aciattrs'] = attrlist
 json_dict['methods'] = [m for m in self.methods]
 return json_dict
 
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index a9589c6..437b7d5 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -165,6 +165,7 @@ class host(LDAPObject):
 'memberof': ['hostgroup', 'netgroup', 'role'],
 'managedby': ['host'],
 }
+bindable = True
 
 label = _('Hosts')
 
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 708d829..ddef160 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -56,7 +56,7 @@ class json_metadata(Command):
 ((objname, json_serialize(self.api.Object[objname])), )
 )
 )
-retval= dict([(metadata,meta), (messages,dict())])
+retval= dict([(metadata,meta)])
 
 else:
 meta=dict(
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index fbb1ff2..1e55599 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -237,6 +237,7 @@ class service(LDAPObject):
 attribute_members = {
 'managedby': ['host'],
 }
+bindable = True
 
 label = _('Services')
 
diff --git a/ipalib/plugins/user.py b/ipalib/plugins/user.py
index 1bbb9b1..07b8e82 100644
--- a/ipalib/plugins/user.py
+++ b/ipalib/plugins/user.py
@@ -73,6 +73,7 @@ class user(LDAPObject):
 'memberof': ['group', 'netgroup', 'role'],
 }
 rdnattr = 'uid'
+bindable = True
 
 label = _('Users')
 
-- 
1.7.2.1

___