[Freeipa-devel] [PATCH] 1018 enforce sizelimit when searching for permissions
Rob Crittenden
rcritten at redhat.com
Fri May 18 13:36:05 UTC 2012
Martin Kosek wrote:
> On Thu, 2012-05-17 at 16:11 -0400, Rob Crittenden wrote:
>> We do two searches when looking for permissions. One within the
>> permission object itself and a second in the ACIs. We weren't enforcing
>> a sizelimit on either search.
>>
>> rob
>
> This returns the right result, but I don't think it is right with
> respect to "truncated" flag because of several reasons:
>
> 1) You manipulate and set "truncated" flag in post_callback but this
> won't affect the flag in the returned result because the new value is
> not propagated outside of the post_callback function. I.e. truncated
> flag will be set correctly only when it was raised during original
> permission_find.
Truncated is still honored as expected. I even added a test case for this.
> 2) The part with "ind" is strange:
>
> + # enforce --sizelimit
> + if len(entries) == max_entries:
> + if ind + 1< len(results):
> + truncated = True
> + break
>
> I think it would be much easier to just do
>
> ...
> if (dn, permission) not in entries:
> if len(entries)< max_entries:
> entries.append((dn, permission))
> else:
> truncated = True
> break
>
> Otherwise you would rise "truncated" even when the rest of "results"
> does not contain relevant entries that would have not been added anyway.
Yes, that makes sense.
rob
More information about the Freeipa-devel
mailing list