The netgroup plugin was missing the usercategory and hostcategory
associations. This adds them and fixes displaying membership in
netgroup_show.
rob
>From a0f98fb52922ec97947e7df9bc4dd32523e1a3a5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 4 Nov 2010 15:19:14 -0400
Subject: [PATCH] Add usercategory and hostcategory and fix displaying members in netgroup_show
ticket 443
---
ipalib/plugins/netgroup.py | 24 ++++++++++++++++++++++++
1 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py
index 199b486..e79aca2 100644
--- a/ipalib/plugins/netgroup.py
+++ b/ipalib/plugins/netgroup.py
@@ -42,8 +42,10 @@ EXAMPLES:
"""
from ipalib import api, errors
+from ipalib import Str, StrEnum
from ipalib.plugins.baseldap import *
from ipalib import _, ngettext
+from ipalib.plugins.hbac import is_all
output_params = (
@@ -72,6 +74,7 @@ class netgroup(LDAPObject):
default_attributes = [
'cn', 'description', 'memberof', 'externalhost', 'nisdomainname',
'memberuser', 'memberhost', 'member', 'memberindirect',
+ 'usercategory', 'hostcategory',
]
uuid_attribute = 'ipauniqueid'
rdn_attribute = 'ipauniqueid'
@@ -107,6 +110,18 @@ class netgroup(LDAPObject):
doc=_('IPA unique ID'),
flags=['no_create', 'no_update'],
),
+ StrEnum('usercategory?',
+ cli_name='usercat',
+ label=_('User category'),
+ doc=_('User category the rule applies to'),
+ values=(u'all', ),
+ ),
+ StrEnum('hostcategory?',
+ cli_name='hostcat',
+ label=_('Host category'),
+ doc=_('Host category the rule applies to'),
+ values=(u'all', ),
+ ),
)
api.register(netgroup)
@@ -141,6 +156,14 @@ class netgroup_mod(LDAPUpdate):
has_output_params = LDAPUpdate.has_output_params + output_params
msg_summary = _('Modified netgroup "%(value)s"')
+ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+ (dn, entry_attrs) = ldap.get_entry(dn, attrs_list)
+ if is_all(options, 'usercategory') and 'memberuser' in entry_attrs:
+ raise errors.MutuallyExclusiveError(reason="user category cannot be set to 'all' while there are allowed users")
+ if is_all(options, 'hostcategory') and 'memberhost' in entry_attrs:
+ raise errors.MutuallyExclusiveError(reason="host category cannot be set to 'all' while there are allowed hosts")
+ return dn
+
api.register(netgroup_mod)
@@ -160,6 +183,7 @@ class netgroup_show(LDAPRetrieve):
"""
Display information about a netgroup.
"""
+ has_output_params = LDAPRetrieve.has_output_params + output_params
api.register(netgroup_show)
--
1.7.2.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel