[Freeipa-devel] [PATCH] 1018 enforce sizelimit when searching for permissions

[Martin Kosek]

On Thu, 2012-05-17 at 16:11 -0400, Rob Crittenden wrote:
> We do two searches when looking for permissions. One within the 
> permission object itself and a second in the ACIs. We weren't enforcing 
> a sizelimit on either search.
> 
> rob

This returns the right result, but I don't think it is right with
respect to "truncated" flag because of several reasons:

1) You manipulate and set "truncated" flag in post_callback but this
won't affect the flag in the returned result because the new value is
not propagated outside of the post_callback function. I.e. truncated
flag will be set correctly only when it was raised during original
permission_find.

2) The part with "ind" is strange:

+                        # enforce --sizelimit
+                        if len(entries) == max_entries:
+                            if ind + 1 < len(results):
+                                truncated = True
+                            break

I think it would be much easier to just do

...
if (dn, permission) not in entries:
   if len(entries) < max_entries:
      entries.append((dn, permission))
   else:
      truncated = True
      break

Otherwise you would rise "truncated" even when the rest of "results"
does not contain relevant entries that would have not been added anyway.

Martin