[Freeipa-devel] [PATCH] 1018 enforce sizelimit when searching for permissions
Rob Crittenden
rcritten at redhat.com
Fri May 18 14:17:48 UTC 2012
Rob Crittenden wrote:
> Martin Kosek wrote:
>> On Thu, 2012-05-17 at 16:11 -0400, Rob Crittenden wrote:
>>> We do two searches when looking for permissions. One within the
>>> permission object itself and a second in the ACIs. We weren't enforcing
>>> a sizelimit on either search.
>>>
>>> rob
>>
>> This returns the right result, but I don't think it is right with
>> respect to "truncated" flag because of several reasons:
>>
>> 1) You manipulate and set "truncated" flag in post_callback but this
>> won't affect the flag in the returned result because the new value is
>> not propagated outside of the post_callback function. I.e. truncated
>> flag will be set correctly only when it was raised during original
>> permission_find.
>
> Truncated is still honored as expected. I even added a test case for this.
>
>> 2) The part with "ind" is strange:
>>
>> + # enforce --sizelimit
>> + if len(entries) == max_entries:
>> + if ind + 1< len(results):
>> + truncated = True
>> + break
>>
>> I think it would be much easier to just do
>>
>> ...
>> if (dn, permission) not in entries:
>> if len(entries)< max_entries:
>> entries.append((dn, permission))
>> else:
>> truncated = True
>> break
>>
>> Otherwise you would rise "truncated" even when the rest of "results"
>> does not contain relevant entries that would have not been added anyway.
>
> Yes, that makes sense.
And now updated patch.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1018-2-sizelimit.patch
Type: text/x-diff
Size: 4727 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120518/6e5c9087/attachment.bin>
More information about the Freeipa-devel
mailing list