[Freeipa-devel] [PATCH] 0003 User life cycle: new stageuser plugin with add verb
Petr Viktorin
pviktori at redhat.com
Mon Sep 1 11:08:09 UTC 2014
On 08/08/2014 03:54 PM, thierry bordaz wrote:
> Hi,
>
> The attached patch is related to 'User Life Cycle'
> (https://fedorahosted.org/freeipa/ticket/3813)
>
> It creates a stageuser plugin with a first function stageuser-add. Stage
> user entries are provisioned under 'cn=staged
> users,cn=accounts,cn=provisioning,SUFFIX'.
>
> Thanks
> thierry
Avoid `from ipalib.plugins.baseldap import *` in new code; instead
import the module itself and use e.g. `baseldap.LDAPObject`.
The stageuser help (docstring) is copied from the user plugin, and
discusses things like account lockout and disabling users. It should
rather explain what stageuser itself does. (And I don't very much like
the Note about the interface being badly designed...)
Also decide if the docs should call it "staged user" or "stage user" or
"stageuser".
A lot of the code is copied and pasted over from the users plugin. Don't
do that. Either import things (e.g. validate_nsaccountlock) from the
users plugin, or move the reused code into a shared module.
For the `user` object, since so much is the same, it might be best to
create a common base class for user and stageuser; and similarly for the
Command plugins.
The default permissions need different names, and you don't need another
copy of the 'non_object' ones. Also, run the makeaci script.
--
Petr³
More information about the Freeipa-devel
mailing list