[Freeipa-devel] [PATCH] Resolve SIDs in Web UI
Petr Vobornik
pvoborni at redhat.com
Mon May 6 11:48:19 UTC 2013
Hello,
here is review of Web UI part.
ACK for abbra-102, it's a fix of error (typo), but it won't probably
have any impact. Because links associated with 'a' elements are
different than the resulting ones.
NACK for abbra-103:
NACK for abbra-pvoborni... (is included in new abbra-103)
Are CLI and IPA-API parts of old abbra-103 in some different patch? We
should make proper patches from the API/CLI part and WebUI part. Because
of this I didn't test following fixes by using installed IPA with
established trust.
Attaching a diff with fixes for following errors of abbra-103:
1) There are jslint errors (missing semicolons, extra semicolons,
trailing commas) (run `jslint -conf jsl.conf` in install/ui dir)
Funny thing, I do the exact opposite mistakes when writing python code.
2) Do not use deferred directly as a value, use promise instead:
> value[i][that.attribute] = {
> promise: deferred.promise,
> temp: sid
> };
Latter is better because promise can't be changed by consumer component.
Its resolution is still controlled by deferred.
3) We should not call trust-resolve when there are no sids. It's
pointless and trust-resolve requires at least one sid (`Str('sids+',`)
4) I see that you copied attribute facet preop as sid preop but omitted
adding of facet update policy. Is there a reason for it? IMO it's better
just to copy the whole or don't do it at all and just specified the
facet as:
$type: 'attribute',
$factory: IPA.sid_facet,
This change is in fix2.diff.
Nitpicks:
a) Use `[]` instead of `new Array()`
b) add space before `for`
c) specifying sids: '' in command construction is not needed - it's set
later
--
Petr
On 05/04/2013 08:04 AM, Alexander Bokovoy wrote:
> On Sat, 04 May 2013, Alexander Bokovoy wrote:
>> On Fri, 03 May 2013, Sumit Bose wrote:
>>> On Fri, May 03, 2013 at 09:46:47PM +0300, Alexander Bokovoy wrote:
>>>> Hi!
>>>>
>>>> Attached are patches to allow resolving SIDs in Web UI in external
>>>> membership panel for groups. Please see more detailed description in
>>>> the
>>>> main patch.
>>>>
>>>> I haven't rebased it yet on top of Petr's Web UI rework, hopefully it
>>>> should be simple.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3302
>>>>
>>>> Since framework doesn't allow to hide commands from CLI, underlying
>>>> command is usable from CLI too:
>>>> # ipa trust-resolve
>>>> --sids=S-1-5-21-3502988750-125904550-3683905862-{500,512,498}
>>>> Name: enterprise read-only domain controllers at ad.lan
>>>> SID: S-1-5-21-3502988750-125904550-3683905862-498
>>>>
>>>> Name: administrator at ad.lan
>>>> SID: S-1-5-21-3502988750-125904550-3683905862-500
>>>>
>>>> Name: domain admins at ad.lan
>>>> SID: S-1-5-21-3502988750-125904550-3683905862-512
>>>>
>>>> --
>>>> / Alexander Bokovoy
>>>> + try:
>>>> + sids = map(lambda x: str(x), options['sids'])
>>>> + xlate = pysss_nss_idmap.getnamebysid(sids)
>>>
>>> The latest version, which is already committed to sssd, return a dict.
>>> The output of ipa trust-resolve now look like:
>>>
>>> [root at ipa18-devel ~]# ipa trust-resolve
>>> --sids=S-1-5-21-3090815309-2627318493-3395719201-{498,500,513}
>>> Name: {'type': 3, 'name': u'administrator at ad18.ipa18.devel'}
>>> SID: S-1-5-21-3090815309-2627318493-3395719201-500
>>>
>>> Name: {'type': 2, 'name': u'enterprise read-only domain
>>> controllers at ad18.ipa18.devel'}
>>> SID: S-1-5-21-3090815309-2627318493-3395719201-498
>>>
>>> Name: {'type': 2, 'name': u'domain users at ad18.ipa18.devel'}
>>> SID: S-1-5-21-3090815309-2627318493-3395719201-513
>>>
>>>> + for sid in xlate:
>>>> + entry = dict()
>>>> + entry['sid'] = [unicode(sid)]
>>>> + entry['name'] = [unicode(xlate[sid])]
>>>
>>> I think you need entry['name'] =
>>> [unicode(xlate[sid][pysss_nss_idmap.NAME_KEY])]
>>> here.
>> Fixed, thanks!
>> I also added type conversion to a text (user, group, both). The type
>> is not shown by default
>> in CLI but is available through --all option. We might consider using it
>> in Web UI for visual hint about the name nature.
>>
>>> I tried with firefox, but the SIDs of the external members are not
>>> resolved. Do I have to clean any firefox cache?
>> No, you do not. When picking up changes from my development VM, I
>> omitted one chunk in group.js where sid_facet was actually taken in use.
>> Without that one nothing is used.
>>
>> Updated patch 0103 is attached, tested against sssd in ipa-devel repo
>> which already includes your patches.
>
> ... and here is rebase of install/ui/src/freeipa to Web UI refactoring
> branch, to help testing on top of Petr's changes. With this patch SID
> resolving works in new Web UI.
>
> There are probably some changes that could further be removed, I haven't
> looked into greater detail.
>
> Please note that attached patch only covers parts in
> install/ui/src/freeipa, you'd still need to add plugin changes from
> ipalib/plugins/trust.py.
>
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abbra-103-fix1.diff
Type: text/x-patch
Size: 1940 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130506/f09fa29b/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: abbra-103-fix2.diff
Type: text/x-patch
Size: 2055 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130506/f09fa29b/attachment-0001.bin>
More information about the Freeipa-devel
mailing list