[Freeipa-devel] [PATCH] 633 add selfservice aci plugin

Rob Crittenden rcritten at redhat.com
Wed Dec 8 04:28:53 UTC 2010 

Rob Crittenden wrote:
> Adam Young wrote:
>> On 12/07/2010 04:33 PM, Rob Crittenden wrote:
>>> Add plugin for manage self-service ACIs
>>>
>>> This is just a thin wrapper around the aci plugin, controlling what
>>> types of ACIs can be added.
>>>
>>> Right now only ACIs in the basedn can be managed with this plugin.
>>>
>>> I've got an e-mail into the UI folks to see if we can enhance this and
>>> ask the type of object we're creating a selfservice entry for. This
>>> way we can put the aci into the proper container.
>>>
>>> Otherwise I'm going to need to follow up to this and move a couple of
>>> self-service ACI's that are now in containers into the basedn.
>>>
>>> ticket 531
>>>
>>> rob
>>>
>>>
>>> _______________________________________________
>>> Freeipa-devel mailing list
>>> Freeipa-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>> NACK:
>>
>> 1. When I created a permission this way:
>>
>> ipa selfservice-add
>> Self-Service name: testthisbabyout
>> Attributes: departmentnumber
>> -----------------------------------
>> Added selfservice "testthisbabyout"
>> -----------------------------------
>> Self-Service name: testthisbabyout
>> Permissions: d3JpdGU=
>> Attributes: departmentnumber
>>
>>
>>
>> Note the garbage string in there for permissions.
>
> It's a base64-encoded string:
>
>  >>> import base64
>  >>> base64.b64decode('d3JpdGU=')
> 'write'
>
> Not sure how that slipped in there, but fixable.
>
>>
>> THen I tried this:
>> [root at ipa freeipa]# ipa selfservice-del testthisbabyout
>> --permissions=write --attrs=departmentnumber
>> Usage: ipa [global-options] selfservice-del NAME
>>
>> ipa: error: no such option: --permissions
>
> You just need the name of the selfservice aci when deleting, the other
> arguments aren't used. This one is ok.
>
> rob

Turns out to be a one-character fix. I didn't make the default a unicode 
value so it was base64-encoded.

--- selfservice.py      2010-12-07 23:24:45.000000000 -0500
+++ selfservice.py.fixed        2010-12-07 23:28:02.000000000 -0500
@@ -101,7 +101,7 @@

      def execute(self, aciname, **kw):
          if not 'permissions' in kw:
-            kw['permissions'] = ('write',)
+            kw['permissions'] = (u'write',)
          kw['selfaci'] = True
          result = api.Command['aci_add'](aciname, **kw)['result']

rob

More information about the Freeipa-devel mailing list