Attachment #6964 for bug #38712

View | Details | Raw Unified | Return to bug 38712
Collapse All | Expand All




		_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required))
		return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls))

	def _get_policies(self, dn):
		return self.get(dn, ['univentionPolicyReference'])

	def getPolicies(self, dn, policies=None, attrs=None):
		if attrs is None:
			attrs = {}
		if result is None:
			result = {}
		if fixedattrs is None:
			fixedattrs = {}
		if policies is None:
			policies = []
		_d = univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s' % (
			dn, policies, attrs))
		if not dn and not policies: # if policies is set apply a fictionally referenced list of policies
			return {}


		elif not policies and not attrs:
			policies=oattrs.get('univentionPolicyReference', [])

		object_classes = {x.lower() for x in oattrs.get('objectClass', [])}

		result = {}
		if dn:
			obj_dn = dn
			while True:
				for policy_dn in policies:
					self._merge_policy(policy_dn, obj_dn, object_classes, result)
				dn = self.parentDn(dn)
				if not dn:
					break
				parent = self.get(dn, ['univentionPolicyReference'])
				if not parent:
					if oc in ( 'top', 'univentionPolicy', 'univentionObject' ):
						continue
					ptype=oc
					break
				policies = parent.get('univentionPolicyReference', [])

		univention.debug.debug(
			univention.debug.LDAP, univention.debug.INFO,
			"getPolicies: result: %s" % result)
		return result

	def _merge_policy(self, policy_dn, obj_dn, object_classes, result):
		pattrs = self.get(policy_dn)
		if not pattrs:
			return
						continue

		try:
			classes = set(pattrs['objectClass']) - {'top', 'univentionPolicy', 'univentionObject'}
			ptype = classes.pop()
		except KeyError:
			return

		if pattrs.get('ldapFilter'):
			try:
				self.search(pattrs['ldapFilter'][0], base=obj_dn, scope='base', unique=True, required=True)
			except ldap.NO_SUCH_OBJECT:
				return

		if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])):
			return
		if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])):
			return

		fixed = set(pattrs.get('fixedAttributes', ()))
		empty = set(pattrs.get('emptyAttributes', ()))
		values = result.setdefault(ptype, {})
		for key in list(empty) + pattrs.keys() + list(fixed):
			if key in {'requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'}:
				continue

			if key not in values or key in fixed:
				value = [] if key in empty else pattrs.get(key, [])
				univention.debug.debug(
					univention.debug.LDAP, univention.debug.INFO,
					"getPolicies: %s sets: %s=%s" % (policy_dn, key, value))
				values[key] = {
					'policy': policy_dn,
					'value': value,
					'fixed': 1 if key in fixed else 0,
				}
						result[ptype][key]['policy']=pdn
						result[ptype][key]['value']=[]
					elif not ('fixed' in result[ptype][key] and result[ptype][key]['fixed']):
						result[ptype][key]['value']=[]

		univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: result: %s" % result)
		return result

	def add(self, dn, al):
		"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values)."""

Lines 376-384 class access: Link Here

(-)a/branches/ucs-4.0/ucs-4.0-2/management/univention-directory-manager-modules/modules/univention/admin/uldap.py (-2 / +2 lines)
376	except ldap.LDAPError, msg:	376	except ldap.LDAPError, msg:
377	raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)	377	raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
378		378
379	def getPolicies( self, dn, policies = None, attrs = None, result = None, fixedattrs = None ):	379	def getPolicies( self, dn, policies=None, attrs=None):
380	univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'getPolicies modules dn %s result' % dn)	380	univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'getPolicies modules dn %s result' % dn)
381	return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs )	381	return self.lo.getPolicies(dn, policies, attrs)
382		382
383	def add(self, dn, al, exceptions=False):	383	def add(self, dn, al, exceptions=False):
384	self._validateLicense()	384	self._validateLicense()

Lines 358-364 class LDAP_ACLs (ACLs): Link Here

(-)a/branches/ucs-4.0/ucs-4.0-2/management/univention-management-console/src/univention/management/console/acl.py (-1 / +1 lines)
358	self._dump()	358	self._dump()
359		359
360	def _get_policy_for_dn(self, dn):	360	def _get_policy_for_dn(self, dn):
361	policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={})	361	policy = self.lo.getPolicies(dn)
362		362
363	return policy.get('umcPolicy', None)	363	return policy.get('umcPolicy', None)
364		364

Return to bug 38712

Lines 348-363 class access: Link Here

(-)a/branches/ucs-4.0/ucs-4.0-2/base/univention-python/modules/uldap.py (-65 / +59 lines)
348	_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required))	348	_d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required))
349	return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls))	349	return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls))
350		350
351	def getPolicies(self, dn, policies = None, attrs = None, result = None, fixedattrs = None ):	351	def _get_policies(self, dn):
		352	return self.get(dn, ['univentionPolicyReference'])
		353
		354	def getPolicies(self, dn, policies=None, attrs=None):
352	if attrs is None:	355	if attrs is None:
353	attrs = {}	356	attrs = {}
354	if result is None:
355	result = {}
356	if fixedattrs is None:
357	fixedattrs = {}
358	if policies is None:	357	if policies is None:
359	policies = []	358	policies = []
360	_d=univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s result=%s fixedattrs=%s' % (dn, policies, attrs, result, fixedattrs))	359	_d = univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s' % (
		360	dn, policies, attrs))
361	if not dn and not policies: # if policies is set apply a fictionally referenced list of policies	361	if not dn and not policies: # if policies is set apply a fictionally referenced list of policies
362	return {}	362	return {}
363		363
Lines 371-442 class access: Link Here
371	elif not policies and not attrs:	371	elif not policies and not attrs:
372	policies=oattrs.get('univentionPolicyReference', [])	372	policies=oattrs.get('univentionPolicyReference', [])
373		373
374	object_classes = [x.lower() for x in oattrs.get('objectClass', [])]	374	object_classes = {x.lower() for x in oattrs.get('objectClass', [])}
375		375
		376	result = {}
376	if dn:	377	if dn:
377	parent_dn=self.parentDn(dn)	378	obj_dn = dn
378	if parent_dn:	379	while True:
379	result=self.getPolicies(parent_dn, result=result, fixedattrs=fixedattrs)	380	for policy_dn in policies:
380		381	self._merge_policy(policy_dn, obj_dn, object_classes, result)
381	for pdn in policies:	382	dn = self.parentDn(dn)
382	pattrs=self.get(pdn)	383	if not dn:
383	ptype=None	384	break
384	if pattrs:	385	parent = self.get(dn, ['univentionPolicyReference'])
385	for oc in pattrs['objectClass']:	386	if not parent:
386	if oc in ( 'top', 'univentionPolicy', 'univentionObject' ):
387	continue
388	ptype=oc
389	break	387	break
		388	policies = parent.get('univentionPolicyReference', [])
390		389
391	if not ptype:	390	univention.debug.debug(
392	continue	391	univention.debug.LDAP, univention.debug.INFO,
		392	"getPolicies: result: %s" % result)
		393	return result
393		394
394	if pattrs.get('ldapFilter'):	395	def _merge_policy(self, policy_dn, obj_dn, object_classes, result):
395	try:	396	pattrs = self.get(policy_dn)
396	self.search(pattrs['ldapFilter'][0], base=dn, scope='base', unique=True, required=True)	397	if not pattrs:
397	except ldap.NO_SUCH_OBJECT:	398	return
398	continue
399		399
400	if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])):	400	try:
401	continue	401	classes = set(pattrs['objectClass']) - {'top', 'univentionPolicy', 'univentionObject'}
402	if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])):	402	ptype = classes.pop()
403	continue	403	except KeyError:
		404	return
404		405
405	result.setdefault(ptype, {})	406	if pattrs.get('ldapFilter'):
406	fixedattrs.setdefault(ptype, {})	407	try:
407		408	self.search(pattrs['ldapFilter'][0], base=obj_dn, scope='base', unique=True, required=True)
408	for key, value in pattrs.items():	409	except ldap.NO_SUCH_OBJECT:
409	if key in ('requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'):	410	return
410	continue	411
411	if key not in fixedattrs[ptype]:	412	if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])):
412	univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: %s sets: %s=%s" % (pdn, key, value))	413	return
413	result[ptype][key]={}	414	if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])):
414	result[ptype][key]['policy']=pdn	415	return
415	result[ptype][key]['value']=value	416
416	if key in pattrs.get('emptyAttributes', []):	417	fixed = set(pattrs.get('fixedAttributes', ()))
417	result[ptype][key]['value']=[]	418	empty = set(pattrs.get('emptyAttributes', ()))
418	if key in pattrs.get('fixedAttributes', []):	419	values = result.setdefault(ptype, {})
419	result[ptype][key]['fixed']=1	420	for key in list(empty) + pattrs.keys() + list(fixed):
420	else:	421	if key in {'requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'}:
421	result[ptype][key]['fixed']=0	422	continue
422	for key in pattrs.get('fixedAttributes', []):	423
423	if key not in fixedattrs[ptype]:	424	if key not in values or key in fixed:
424	fixedattrs[ptype][key]=pdn	425	value = [] if key in empty else pattrs.get(key, [])
425	if key not in result[ptype]:	426	univention.debug.debug(
426	result[ptype][key]={}	427	univention.debug.LDAP, univention.debug.INFO,
427	result[ptype][key]['policy']=pdn	428	"getPolicies: %s sets: %s=%s" % (policy_dn, key, value))
428	result[ptype][key]['value']=[]	429	values[key] = {
429	result[ptype][key]['fixed']=1	430	'policy': policy_dn,
430	for key in pattrs.get('emptyAttributes', []):	431	'value': value,
431	if key not in result[ptype]:	432	'fixed': 1 if key in fixed else 0,
432	result[ptype][key]={}	433	}
433	result[ptype][key]['policy']=pdn
434	result[ptype][key]['value']=[]
435	elif not ('fixed' in result[ptype][key] and result[ptype][key]['fixed']):
436	result[ptype][key]['value']=[]
437
438	univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: result: %s" % result)
439	return result
440		434
441	def add(self, dn, al):	435	def add(self, dn, al):
442	"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values)."""	436	"""Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values)."""