Martin Kosek <mko...@redhat.com> wrote: > On Thu, 2011-01-27 at 11:15 +0100, Jan Zelený wrote: > > Lookup based on --filter wasn't implemented at all. It did't show until > > now, because of bug sitting on top of it which was resulting in internal > > error. This patch fixes the bug and adds the filtering functionality. > > > > https://fedorahosted.org/freeipa/ticket/818 > > NACK > > Did you build this patch on current master? Because in your patch, you > removed changes in permission-find from my previous patch "017 ACI > plugin supports prefixes". After your patch, permission-find fails: > > $ ipa permission-find > ipa: ERROR: 'aciprefix' is required > > Martin
Sorry, I accidentaly mixed the code with a part of the older one. Sending corrected patch. Jan
From 717e995250193667cc98b5f16d347dbbeff2802c Mon Sep 17 00:00:00 2001 From: Jan Zeleny <jzel...@redhat.com> Date: Thu, 27 Jan 2011 05:11:28 -0500 Subject: [PATCH] Fixed permission lookup Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering functionality. https://fedorahosted.org/freeipa/ticket/818 --- ipalib/plugins/baseldap.py | 12 +++++------- ipalib/plugins/permission.py | 11 +++++++---- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index b20d96012e0dc7f91209a3623d8ad90cd023e006..d25deb5270ee2b79c2229e9265fa11c3ccca8b17 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -1372,11 +1372,9 @@ class LDAPSearch(CallbackInterface, crud.Search): for callback in self.POST_CALLBACKS: if hasattr(callback, 'im_self'): - more = callback(ldap, entries, truncated, *args, **options) + callback(ldap, entries, truncated, *args, **options) else: - more = callback(self, ldap, entries, truncated, *args, **options) - if more: - entries = entries + more + callback(self, ldap, entries, truncated, *args, **options) if not options.get('raw', False): for e in entries: @@ -1392,11 +1390,11 @@ class LDAPSearch(CallbackInterface, crud.Search): truncated=truncated, ) - def pre_callback(self, ldap, filter, attrs_list, base_dn, scope, *args, **options): - return (filter, base_dn, scope) + def pre_callback(self, ldap, filters, attrs_list, base_dn, scope, *args, **options): + return (filters, base_dn, scope) def post_callback(self, ldap, entries, truncated, *args, **options): - return [] + pass def exc_callback(self, args, options, exc, call_func, *call_args, **call_kwargs): raise exc diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 0c2855ff5c181a56455bb9b180b6f22472ce8fa4..212a0469b55d19d76030f6384458943d5b8a19a6 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -319,7 +319,6 @@ class permission_find(LDAPSearch): ) def post_callback(self, ldap, entries, truncated, *args, **options): - newentries = [] for entry in entries: (dn, attrs) = entry try: @@ -340,7 +339,13 @@ class permission_find(LDAPSearch): truncated = truncated or aciresults['truncated'] results = aciresults['result'] + if 'filter' in options and not options['filter'].startswith('('): + options['filter'] = unicode('('+options['filter']+')') for aci in results: + if 'filter' in options: + if 'filter' not in aci or not aci['filter'] or\ + aci['filter'] != options['filter']: + continue found = False if 'permission' in aci: for entry in entries: @@ -357,9 +362,7 @@ class permission_find(LDAPSearch): dn = attrs['dn'] del attrs['dn'] if (dn, attrs) not in entries: - newentries.append((dn, attrs)) - - return newentries + entries.append((dn, attrs)) api.register(permission_find) -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel