<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/01/2014 01:08 PM, Petr Viktorin
wrote:<br>
</div>
<blockquote cite="mid:54045399.3030404@redhat.com" type="cite">On
08/08/2014 03:54 PM, thierry bordaz wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
The attached patch is related to 'User Life Cycle'
<br>
(<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/3813">https://fedorahosted.org/freeipa/ticket/3813</a>)
<br>
<br>
It creates a stageuser plugin with a first function
stageuser-add. Stage
<br>
user entries are provisioned under 'cn=staged
<br>
users,cn=accounts,cn=provisioning,SUFFIX'.
<br>
<br>
Thanks
<br>
thierry
<br>
</blockquote>
<br>
Avoid `from ipalib.plugins.baseldap import *` in new code; instead
import the module itself and use e.g. `baseldap.LDAPObject`.
<br>
<br>
The stageuser help (docstring) is copied from the user plugin, and
discusses things like account lockout and disabling users. It
should rather explain what stageuser itself does. (And I don't
very much like the Note about the interface being badly
designed...)
<br>
Also decide if the docs should call it "staged user" or "stage
user" or "stageuser".
<br>
<br>
A lot of the code is copied and pasted over from the users plugin.
Don't do that. Either import things (e.g. validate_nsaccountlock)
from the users plugin, or move the reused code into a shared
module.
<br>
<br>
For the `user` object, since so much is the same, it might be best
to create a common base class for user and stageuser; and
similarly for the Command plugins.
<br>
<br>
The default permissions need different names, and you don't need
another copy of the 'non_object' ones. Also, run the makeaci
script.
<br>
<br>
</blockquote>
<font face="Times New Roman, Times, serif">Hello,<br>
<br>
</font>
<blockquote><font face="Times New Roman, Times, serif">This modified
patch is mainly moving common base class into a new plugin:
accounts.py. user/stageuser plugin inherits from accounts. It
also creates a better description of what are stage user, how to
add a new stage user, updates ACI.txt and separate active/stage
user managed permissions.<br>
<br>
</font></blockquote>
<font face="Times New Roman, Times, serif">thanks<br>
thierry<br>
</font>
<blockquote><font face="Times New Roman, Times, serif"><br>
<br>
</font></blockquote>
<font face="Times New Roman, Times, serif"><br>
</font>
</body>
</html>