<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 02/04/2015 05:14 PM, Jan Cholasta
wrote:<br>
</div>
<blockquote cite="mid:54D24567.4010103@redhat.com" type="cite">Hi,
<br>
<br>
Dne 4.2.2015 v 15:25 David Kupka napsal(a):
<br>
<blockquote type="cite">On 02/03/2015 11:50 AM, thierry bordaz
wrote:
<br>
<blockquote type="cite">On 09/17/2014 12:32 PM, thierry bordaz
wrote:
<br>
<blockquote type="cite">On 09/01/2014 01:08 PM, Petr Viktorin
wrote:
<br>
<blockquote type="cite">On 08/08/2014 03:54 PM, thierry
bordaz wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
The attached patch is related to 'User Life Cycle'
<br>
(<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/3813">https://fedorahosted.org/freeipa/ticket/3813</a>)
<br>
<br>
It creates a stageuser plugin with a first function
stageuser-add.
<br>
Stage
<br>
user entries are provisioned under 'cn=staged
<br>
users,cn=accounts,cn=provisioning,SUFFIX'.
<br>
<br>
Thanks
<br>
thierry
<br>
</blockquote>
<br>
Avoid `from ipalib.plugins.baseldap import *` in new code;
instead
<br>
import the module itself and use e.g.
`baseldap.LDAPObject`.
<br>
<br>
The stageuser help (docstring) is copied from the user
plugin, and
<br>
discusses things like account lockout and disabling users.
It should
<br>
rather explain what stageuser itself does. (And I don't
very much
<br>
like the Note about the interface being badly designed...)
<br>
Also decide if the docs should call it "staged user" or
"stage user"
<br>
or "stageuser".
<br>
<br>
A lot of the code is copied and pasted over from the users
plugin.
<br>
Don't do that. Either import things (e.g.
validate_nsaccountlock)
<br>
from the users plugin, or move the reused code into a
shared module.
<br>
<br>
For the `user` object, since so much is the same, it might
be best to
<br>
create a common base class for user and stageuser; and
similarly for
<br>
the Command plugins.
<br>
<br>
The default permissions need different names, and you
don't need
<br>
another copy of the 'non_object' ones. Also, run the
makeaci script.
<br>
<br>
</blockquote>
Hello,
<br>
<br>
This modified patch is mainly moving common base class
into a new
<br>
plugin: accounts.py. user/stageuser plugin inherits from
accounts.
<br>
It also creates a better description of what are stage
user, how
<br>
to add a new stage user, updates ACI.txt and separate
active/stage
<br>
user managed permissions.
<br>
<br>
thanks
<br>
thierry
<br>
<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Freeipa-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a>
<br>
</blockquote>
<br>
<br>
Thanks David for the reviews. Here the last patches
<br>
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Freeipa-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a>
<br>
<br>
</blockquote>
<br>
The freeipa-tbordaz-0002 patch had trailing whitespaces on few
lines so
<br>
I'm attaching fixed version (and unchanged patch
freeipa-tbordaz-0003-3
<br>
to keep them together).
<br>
<br>
The ULC feature is still WIP but these patches look good to me
and don't
<br>
break anything as far as I tested.
<br>
We should push them now to avoid further rebases. Thierry can
then
<br>
prepare other patches delivering the rest of ULC functionality.
<br>
</blockquote>
<br>
Few comments from just reading the patches:
<br>
<br>
1) I would name the base class "baseuser", "account" does not
necessarily mean user account.
<br>
<br>
2) This is very wrong:
<br>
<br>
-class user_add(LDAPCreate):
<br>
+class user_add(user, LDAPCreate):
<br>
<br>
You are creating a plugin which is both an object and an command.
<br>
<br>
3) This is purely subjective, but I don't like the name
"deleteuser", as it has a verb in it. We usually don't do that and
IMHO we shouldn't do that.
<br>
<br>
Honza
<br>
<br>
</blockquote>
<font face="Times New Roman, Times, serif"><br>
Thank you for the review. I am attaching the updates patches<br>
<br>
<br>
<br>
<br>
</font>
</body>
</html>