permissions are a real group pointed to by an aci, managed by the same
plugin. Any given update can update one or both or neither. Do a better
job at determining what it is that needs to be updated and handle the
case where only the ACI is updated so that EmptyModList is not thrown.
ticket 603
rob
>From 25e51f8d172f1896ff4b2e8b3c7d504024ecb64f Mon Sep 17 00:00:00 2001
From: Rob Crittenden
Date: Fri, 10 Dec 2010 22:52:44 -0500
Subject: [PATCH] Better handle permission object updates versus aci object updates.
permissions are a real group pointed to by an aci, managed by the same
plugin. Any given update can update one or both or neither. Do a better
job at determining what it is that needs to be updated and handle the
case where only the ACI is updated so that EmptyModList is not thrown.
ticket 603
---
ipalib/plugins/permission.py | 17 ++---
1 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 4ad53c7..18dd577 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -220,13 +220,16 @@ class permission_mod(LDAPUpdate):
msg_summary = _('Modified permission "%(value)s"')
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
-(dn, attrs) = ldap.get_entry(
-dn, attrs_list, normalize=self.obj.normalize_dn
-)
+try:
+(dn, attrs) = ldap.get_entry(
+dn, attrs_list, normalize=self.obj.normalize_dn
+)
+except errors.NotFound:
+self.obj.handle_not_found(*keys)
opts = copy.copy(options)
if 'description' in opts:
del opts['description']
-for o in self.obj.aci_attributes + ['all', 'raw', 'rights']:
+for o in ['all', 'raw', 'rights', 'description']:
if o in opts:
del opts[o]
setattr(context, 'aciupdate', False)
@@ -249,8 +252,8 @@ class permission_mod(LDAPUpdate):
pass
if 'description' in options:
-(dn, attrs) = ldap.get_entry(dn, ['description'])
-self.api.Command.aci_rename(attrs['description'][0], newname=options['description'])
+if attrs['description'][0] != options['description']:
+self.api.Command.aci_rename(attrs['description'][0], newname=options['description'])
return dn
@@ -265,7 +268,7 @@ class permission_mod(LDAPUpdate):
except:
pass
-if len(opts) > 0:
+if len(opts) > 0 and not aciupdate:
raise exc
else:
raise exc
--
1.7.2.1
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel