Attachment #10541 for bug #52298

View | Details | Raw Unified | Return to bug 52298
Collapse All | Expand All




		return self.__recode_attribute(attr, val)

	@_fix_reconnect_handling
	def get(self, dn, attr=[], required=False, ldap_filter=None):
		# type: (str, List[str], bool) -> Dict[str, List[str]]
		"""
		Return multiple attributes of a single LDAP object.

		"""
		if dn:
			try:
				result = self.lo.search_s(dn, ldap.SCOPE_BASE, ldap_filter or '(objectClass=*)', attr)
			except ldap.NO_SUCH_OBJECT:
				result = []
			if result:

		return [x[0] for x in self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls, response)]

	@_fix_reconnect_handling
	def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None, ldap_filter=None):
		# type: (str, List[str], Dict[str, List[Any]], Any, Any) -> Dict[str, Dict[str, Any]]
		"""
		Return |UCS| policies for |LDAP| entry.

		:param str dn: The distinguished name of the |LDAP| entry.
		:param list policies: List of policy DNs...
		:param dict attrs: |LDAP| attributes. If not given, the data is fetched from LDAP.
		:param result: UNUSED!
		:param fixedattrs: UNUSED!

			obj_dn = dn
			while True:
				for policy_dn in policies:
					self._merge_policy(policy_dn, obj_dn, object_classes, result, ldap_filter)
				dn = self.parentDn(dn)
				if not dn:
					break
				try:
					parent = self.get(dn, attr=['univentionPolicyReference'], required=True, ldap_filter=ldap_filter)
				except ldap.NO_SUCH_OBJECT:
					break
				policies = parent.get('univentionPolicyReference', [])

			"getPolicies: result: %s" % result)
		return result

	def _merge_policy(self, policy_dn, obj_dn, object_classes, result, ldap_filter):
		# type: (str, str, Set[str], Dict[str, Dict[str, Any]]) -> None
		"""
		Merge policies into result.

		:param object_classes set: the set of object classes of the LDAP object.
		:param result list: A mapping, into which the policy is merged.
		"""
		pattrs = self.get(policy_dn, ldap_filter=ldap_filter)
		if not pattrs:
			return


Lines 810-816 class access: Link Here

(-)management/univention-directory-manager-modules/modules/univention/admin/uldap.py (-2 / +2 lines)
810	except ldap.LDAPError as msg:	810	except ldap.LDAPError as msg:
811	raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)	811	raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
812		812
813	def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None):	813	def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None, ldap_filter=None):
814	# type: (str, Optional[List[str]], Optional[Dict[str, List[Any]]], Any, Any) -> Dict[str, Dict[str, Any]]	814	# type: (str, Optional[List[str]], Optional[Dict[str, List[Any]]], Any, Any) -> Dict[str, Dict[str, Any]]
815	"""	815	"""
816	Return \|UCS\| policies for \|LDAP\| entry.	816	Return \|UCS\| policies for \|LDAP\| entry.
Lines 823-829 class access: Link Here
823	:returns: A mapping of policy names to	823	:returns: A mapping of policy names to
824	"""	824	"""
825	ud.debug(ud.ADMIN, ud.INFO, 'getPolicies modules dn %s result' % dn)	825	ud.debug(ud.ADMIN, ud.INFO, 'getPolicies modules dn %s result' % dn)
826	return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs)	826	return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs, ldap_filter)
827		827
828	def add(self, dn, al, exceptions=False, serverctrls=None, response=None):	828	def add(self, dn, al, exceptions=False, serverctrls=None, response=None):
829	# type: (str, List[Tuple], bool, Optional[List[ldap.controls.LDAPControl]], Optional[Dict]) -> None	829	# type: (str, List[Tuple], bool, Optional[List[ldap.controls.LDAPControl]], Optional[Dict]) -> None




		self._dump()

	def _get_policy_for_dn(self, dn):
		policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={}, ldap_filter='(&(objectClass=umcPolicy)(umcPolicyGrantedOperationSet=*))')

		return policy.get('umcPolicy', None)



		if policy and 'umcPolicyGrantedOperationSet' in policy:
			for value in policy['umcPolicyGrantedOperationSet']['value']:
				self._append(LDAP_ACLs.FROM_USER, self.lo.get(value, ['umcOperationSetHost', 'umcOperationSetFlavor', 'umcOperationSetCommand']))

		# TODO: check for nested groups
		groupDNs = self.lo.searchDn(filter=filter_format('uniqueMember=%s', [userdn]))

				continue
			if 'umcPolicyGrantedOperationSet' in policy:
				for value in policy['umcPolicyGrantedOperationSet']['value']:
					self._append(LDAP_ACLs.FROM_GROUP, self.lo.get(value, ['umcOperationSetHost', 'umcOperationSetFlavor', 'umcOperationSetCommand']))

		# make the ACLs unique
		getvals = operator.itemgetter('fromUser', 'host', 'command', 'options', 'flavor')

Return to bug 52298

Lines 420-426 class access(object): Link Here

(-)base/univention-python/modules/uldap.py (-8 / +8 lines)
420	return self.__recode_attribute(attr, val)	420	return self.__recode_attribute(attr, val)
421		421
422	@_fix_reconnect_handling	422	@_fix_reconnect_handling
423	def get(self, dn, attr=[], required=False):	423	def get(self, dn, attr=[], required=False, ldap_filter=None):
424	# type: (str, List[str], bool) -> Dict[str, List[str]]	424	# type: (str, List[str], bool) -> Dict[str, List[str]]
425	"""	425	"""
426	Return multiple attributes of a single LDAP object.	426	Return multiple attributes of a single LDAP object.
Lines 435-441 class access(object): Link Here
435	"""	435	"""
436	if dn:	436	if dn:
437	try:	437	try:
438	result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr)	438	result = self.lo.search_s(dn, ldap.SCOPE_BASE, ldap_filter or '(objectClass=*)', attr)
439	except ldap.NO_SUCH_OBJECT:	439	except ldap.NO_SUCH_OBJECT:
440	result = []	440	result = []
441	if result:	441	if result:
Lines 544-556 class access(object): Link Here
544	return [x[0] for x in self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls, response)]	544	return [x[0] for x in self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls, response)]
545		545
546	@_fix_reconnect_handling	546	@_fix_reconnect_handling
547	def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None):	547	def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None, ldap_filter=None):
548	# type: (str, List[str], Dict[str, List[Any]], Any, Any) -> Dict[str, Dict[str, Any]]	548	# type: (str, List[str], Dict[str, List[Any]], Any, Any) -> Dict[str, Dict[str, Any]]
549	"""	549	"""
550	Return \|UCS\| policies for \|LDAP\| entry.	550	Return \|UCS\| policies for \|LDAP\| entry.
551		551
552	:param str dn: The distinguished name of the \|LDAP\| entry.	552	:param str dn: The distinguished name of the \|LDAP\| entry.
553	:param list policies: List of policy object classes...	553	:param list policies: List of policy DNs...
554	:param dict attrs: \|LDAP\| attributes. If not given, the data is fetched from LDAP.	554	:param dict attrs: \|LDAP\| attributes. If not given, the data is fetched from LDAP.
555	:param result: UNUSED!	555	:param result: UNUSED!
556	:param fixedattrs: UNUSED!	556	:param fixedattrs: UNUSED!
Lines 582-593 class access(object): Link Here
582	obj_dn = dn	582	obj_dn = dn
583	while True:	583	while True:
584	for policy_dn in policies:	584	for policy_dn in policies:
585	self._merge_policy(policy_dn, obj_dn, object_classes, result)	585	self._merge_policy(policy_dn, obj_dn, object_classes, result, ldap_filter)
586	dn = self.parentDn(dn)	586	dn = self.parentDn(dn)
587	if not dn:	587	if not dn:
588	break	588	break
589	try:	589	try:
590	parent = self.get(dn, attr=['univentionPolicyReference'], required=True)	590	parent = self.get(dn, attr=['univentionPolicyReference'], required=True, ldap_filter=ldap_filter)
591	except ldap.NO_SUCH_OBJECT:	591	except ldap.NO_SUCH_OBJECT:
592	break	592	break
593	policies = parent.get('univentionPolicyReference', [])	593	policies = parent.get('univentionPolicyReference', [])
Lines 597-603 class access(object): Link Here
597	"getPolicies: result: %s" % result)	597	"getPolicies: result: %s" % result)
598	return result	598	return result
599		599
600	def _merge_policy(self, policy_dn, obj_dn, object_classes, result):	600	def _merge_policy(self, policy_dn, obj_dn, object_classes, result, ldap_filter):
601	# type: (str, str, Set[str], Dict[str, Dict[str, Any]]) -> None	601	# type: (str, str, Set[str], Dict[str, Dict[str, Any]]) -> None
602	"""	602	"""
603	Merge policies into result.	603	Merge policies into result.
Lines 607-613 class access(object): Link Here
607	:param object_classes set: the set of object classes of the LDAP object.	607	:param object_classes set: the set of object classes of the LDAP object.
608	:param result list: A mapping, into which the policy is merged.	608	:param result list: A mapping, into which the policy is merged.
609	"""	609	"""
610	pattrs = self.get(policy_dn)	610	pattrs = self.get(policy_dn, ldap_filter=ldap_filter)
611	if not pattrs:	611	if not pattrs:
612	return	612	return
613		613

Lines 373-379 class LDAP_ACLs(ACLs): Link Here

(-)management/univention-management-console/src/univention/management/console/acl.py (-3 / +3 lines)
373	self._dump()	373	self._dump()
374		374
375	def _get_policy_for_dn(self, dn):	375	def _get_policy_for_dn(self, dn):
376	policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={})	376	policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={}, ldap_filter='(&(objectClass=umcPolicy)(umcPolicyGrantedOperationSet=*))')
377		377
378	return policy.get('umcPolicy', None)	378	return policy.get('umcPolicy', None)
379		379
Lines 390-396 class LDAP_ACLs(ACLs): Link Here
390		390
391	if policy and 'umcPolicyGrantedOperationSet' in policy:	391	if policy and 'umcPolicyGrantedOperationSet' in policy:
392	for value in policy['umcPolicyGrantedOperationSet']['value']:	392	for value in policy['umcPolicyGrantedOperationSet']['value']:
393	self._append(LDAP_ACLs.FROM_USER, self.lo.get(value))	393	self._append(LDAP_ACLs.FROM_USER, self.lo.get(value, ['umcOperationSetHost', 'umcOperationSetFlavor', 'umcOperationSetCommand']))
394		394
395	# TODO: check for nested groups	395	# TODO: check for nested groups
396	groupDNs = self.lo.searchDn(filter=filter_format('uniqueMember=%s', [userdn]))	396	groupDNs = self.lo.searchDn(filter=filter_format('uniqueMember=%s', [userdn]))
Lines 401-407 class LDAP_ACLs(ACLs): Link Here
401	continue	401	continue
402	if 'umcPolicyGrantedOperationSet' in policy:	402	if 'umcPolicyGrantedOperationSet' in policy:
403	for value in policy['umcPolicyGrantedOperationSet']['value']:	403	for value in policy['umcPolicyGrantedOperationSet']['value']:
404	self._append(LDAP_ACLs.FROM_GROUP, self.lo.get(value))	404	self._append(LDAP_ACLs.FROM_GROUP, self.lo.get(value, ['umcOperationSetHost', 'umcOperationSetFlavor', 'umcOperationSetCommand']))
405		405
406	# make the ACLs unique	406	# make the ACLs unique
407	getvals = operator.itemgetter('fromUser', 'host', 'command', 'options', 'flavor')	407	getvals = operator.itemgetter('fromUser', 'host', 'command', 'options', 'flavor')