[Freeipa-devel] [PATCH] 005 Show error in serial association
Petr Vobornik
pvoborni at redhat.com
Thu Aug 18 14:52:01 UTC 2011
On 08/18/2011 10:28 AM, Petr Vobornik wrote:
> On 08/17/2011 05:38 PM, Petr Vobornik wrote:
>> Ticket #1628 - https://fedorahosted.org/freeipa/ticket/1628
>> Unreported insufficient access error
>>
>> This patch is dependant on
>> freeipa-pvoborni-0004-1-error-dialog-for-batch-command.patch.
>>
>> This may be only a checking if approach of this patch is good.
>>
>> I was not sure if this type of error message (result.failed property) is
>> more general or it only appears in adding members. So I put error
>> handling in serial_associator instead of command. If it would be put in
>> command and success will be transformed to error, it will change the
>> behaviour of executing commands - other commands after error won't be
>> executed. If the approach is good, it could be probably better to change
>> it a little and offer same logic for batch_associator.
>>
>> It should be working for adding users to groups, netgroups, roles and
>> assigning hbac rules (tested as non admin user).
>>
>>
>> Modified association test - data in success handler should not be
>> undefined.
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Modified to work with bulk association.
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
After implementation error notification in associations. I noticed one
'bug?' :
After adding users to hbac rule, batch error notification is shown
saying 'no modifications to be performed'.
Reproduce:
- create hbacrule named 'aa'
- add several users - in example 'admin' and 'ttest'
Request:
{"method":"batch","params":[[{"method":"hbacrule_mod","params":[["aa"],{"all":true,"rights":true,"usercategory":""}]},{"method":"hbacrule_add_user","params":[["aa"],{"user":"admin,ttest"}]}],{}]}
Response:
============================================================
{
"error": null,
"id": null,
"result": {
"count": 2,
"results": [
{
"error": "no modifications to be performed"
},
{
"completed": 2,
"error": null,
"failed": {
"memberuser": {
"group": [],
"user": []
}
},
"result": {
"cn": [
"aa"
],
"dn":
"ipauniqueid=cfb492f2-c8dc-11e0-9504-00163e06af05,cn=hbac,dc=vm-021,dc=idm,dc=lab,dc=bos,dc=redhat,dc=com",
"ipaenabledflag": [
"TRUE"
],
"memberuser_group": [
"admins"
],
"memberuser_user": [
"admin",
"ttest"
]
}
}
]
}
}
============================================================
I think the problem is that the first command should be included only if
something changed.
It isn't a bug in this patch, but with it it is a new annoyance (you
have to click OK).
--
Petr Vobornik
More information about the Freeipa-devel
mailing list