[Freeipa-devel] [PATCH 0048] Default the token owner to the person adding the token
Petr Vobornik
pvoborni at redhat.com
Wed May 7 13:54:56 UTC 2014
On 6.5.2014 17:07, Nathaniel McCallum wrote:
> On Tue, 2014-05-06 at 16:11 +0200, Jan Cholasta wrote:
>> On 6.5.2014 15:16, Nathaniel McCallum wrote:
>>> On Tue, 2014-05-06 at 13:46 +0200, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> On 5.5.2014 18:40, Nathaniel McCallum wrote:
>>>>> Creating tokens for yourself is the most common operation. Making this
>>>>> the default optimizes for the common case.
>>>>
>>>> The user-find call should be inside the if statement.
>>>
>>> This is actually for a reason. See my patch 0049 for further context.
>>
>> IMO something like this would be better:
>>
>> if 'ipatokenowner' not in entry_attrs or 'ipatokenprotected' not in
>> entry_attrs:
>> result = self.api.Command.user_find(whoami=True)['result']
>> if result:
>> cur_uid = result[0]['uid'][0]
>> prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid)
>> if cur_uid != prev_uid:
>> entry_attrs.setdefault('ipatokenprotected', True)
>
> Fixed (see also my new revision of patch 0049).
>
> Nathaniel
>
I assume that this won't allow to create a token without an owner. Do we
want to have this restriction?
Usecase: import a batch of hw tokens
--
Petr Vobornik
More information about the Freeipa-devel
mailing list