[Freeipa-devel] [PATCH] command-line delegation

Kevin McCarthy kmccarth at redhat.com
Wed Oct 24 16:49:58 UTC 2007 

Rob Crittenden wrote:
> A quartet of commands to manage delegations from the command-line (man 
> pages thrown in for free).

First general comment.  Right now the webgui is not enforcing a unique
'name' field.  This isn't a bad idea - I just haven't implemented such
an enforcment in the code.

If people agree using the name as an identifier is fine, then we should
add enforcement to the gui too.  (and then perhaps we can use the name
instead of the entire acistr to identity an individual aci)

I have two comments below.  Feel free to submit and send fixes as a
separate patch.

-Kevin


> diff -r 5a62b0d18944 -r db42a6078cde ipa-admintools/ipa-deldelegation
> --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
> +++ b/ipa-admintools/ipa-deldelegation	Wed Oct 24 12:04:53 2007 -0400
> @@ -0,0 +1,102 @@
[snip]
> +
> +        for aci_str in aci_str_list:
> +            try:
> +                aci = ipa.aci.ACI(aci_str)
> +                if aci.name == args[1]:
> +                    acistr = aci_str
> +                    break
> +            except SyntaxError:
> +                # ignore aci_str's that ACI can't parse
> +                pass
> +
> +        if acistr is None:
> +            print "No delegation %s found." % args[1]
> +            return 2
> +
> +        try:
> +            old_aci_index = aci_str_list.index(acistr)
> +        except ValueError:
> +            print "The delegation you were attempting to delete has been concurrently modified."
> +            return 3

This check isn't needed for the cli only the webgui (because during the
time between when the edit page loads and they press the update, the ACI
could have changed.


> diff -r 5a62b0d18944 -r db42a6078cde ipa-admintools/ipa-moddelegation
> --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
> +++ b/ipa-admintools/ipa-moddelegation	Wed Oct 24 12:04:53 2007 -0400
> @@ -0,0 +1,166 @@
> +        try:
> +            old_aci_index = aci_str_list.index(acistr)
> +        except ValueError:
> +            print "The delegation you were attempting to delete has been concurrently modified."
> +            return 3

Likewise for here.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4054 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071024/6035fe65/attachment.bin>

More information about the Freeipa-devel mailing list