Re: [Freeipa-devel] [PATCH] 643 Better handle permission updates

[Rob Crittenden]

Jan Zelený wrote:

Rob Crittenden  wrote:

permissions are a real group pointed to by an aci, managed by the same
plugin. Any given update can update one or both or neither. Do a better
job at determining what it is that needs to be updated and handle the
case where only the ACI is updated so that EmptyModList is not thrown.

ticket 603

rob


ack

Jan


pushed to master

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 643 Better handle permission updates

[Rob Crittenden]

permissions are a real group pointed to by an aci, managed by the same 
plugin. Any given update can update one or both or neither. Do a better 
job at determining what it is that needs to be updated and handle the 
case where only the ACI is updated so that EmptyModList is not thrown.


ticket 603

rob
>From 25e51f8d172f1896ff4b2e8b3c7d504024ecb64f Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Fri, 10 Dec 2010 22:52:44 -0500
Subject: [PATCH] Better handle permission object updates versus aci object updates.

permissions are a real group pointed to by an aci, managed by the same
plugin. Any given update can update one or both or neither. Do a better
job at determining what it is that needs to be updated and handle the
case where only the ACI is updated so that EmptyModList is not thrown.

ticket 603
---
 ipalib/plugins/permission.py |   17 ++---
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 4ad53c7..18dd577 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -220,13 +220,16 @@ class permission_mod(LDAPUpdate):
 msg_summary = _('Modified permission "%(value)s"')
 
 def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
-(dn, attrs) = ldap.get_entry(
-dn, attrs_list, normalize=self.obj.normalize_dn
-)
+try:
+(dn, attrs) = ldap.get_entry(
+dn, attrs_list, normalize=self.obj.normalize_dn
+)
+except errors.NotFound:
+self.obj.handle_not_found(*keys)
 opts = copy.copy(options)
 if 'description' in opts:
 del opts['description']
-for o in self.obj.aci_attributes + ['all', 'raw', 'rights']:
+for o in ['all', 'raw', 'rights', 'description']:
 if o in opts:
 del opts[o]
 setattr(context, 'aciupdate', False)
@@ -249,8 +252,8 @@ class permission_mod(LDAPUpdate):
 pass
 
 if 'description' in options:
-(dn, attrs) = ldap.get_entry(dn, ['description'])
-self.api.Command.aci_rename(attrs['description'][0], newname=options['description'])
+if attrs['description'][0] != options['description']:
+self.api.Command.aci_rename(attrs['description'][0], newname=options['description'])
 
 return dn
 
@@ -265,7 +268,7 @@ class permission_mod(LDAPUpdate):
 except:
 pass
 
-if len(opts) > 0:
+if len(opts) > 0 and not aciupdate:
 raise exc
 else:
 raise exc
-- 
1.7.2.1

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel