Univention Bugzilla – Attachment 10372 Details for
Bug 51364
Object class violation: invalid structural object class chain (univentionUserTemplate/inetOrgPerson)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch (git:fbest/51364-usertemplate-filter-out-inetorgperson)
51364.patch (text/plain), 5.37 KB, created by
Florian Best
on 2020-05-27 14:01:41 CEST
(
hide
)
Description:
patch (git:fbest/51364-usertemplate-filter-out-inetorgperson)
Filename:
MIME Type:
Creator:
Florian Best
Created:
2020-05-27 14:01:41 CEST
Size:
5.37 KB
patch
obsolete
>commit 0bb2c9a469c57d2897a20167556aff3dd8c4108d >Author: Florian Best <best@univention.de> >Date: Wed May 27 14:01:36 2020 +0200 > > Bug #51364: filter inetOrgPerson objectclass in settings/usertemplate > >diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py >index 7190d24f3f..482174a332 100644 >--- management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py >+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py >@@ -1239,35 +1239,7 @@ class simpleLdap(object): > > al = self._ldap_addlist() > al.extend(self._ldap_modlist()) >- m = univention.admin.modules.get(self.module) >- >- # evaluate extended attributes >- ocs = set() >- for prop in getattr(m, 'extended_udm_attributes', []): >- ud.debug(ud.ADMIN, ud.INFO, 'simpleLdap._create: info[%s]:%r = %r' % (prop.name, self.has_property(prop.name), self.info.get(prop.name))) >- if prop.syntax == 'boolean' and self.info.get(prop.name) == '0': >- continue >- if self.has_property(prop.name) and self.info.get(prop.name): >- ocs.add(prop.objClass) >- >- module_options = univention.admin.modules.options(self.module) >- # add object classes of (especially extended) options >- for option in ['default'] + self.options: >- try: >- opt = module_options[option] >- except KeyError: >- ud.debug(ud.ADMIN, ud.INFO, '%r does not specify option %r' % (m.module, option)) >- continue >- ocs |= set(opt.objectClasses) >- >- # remove duplicated object classes >- for i in al: >- key, val = i[0], i[-1] # might be a triple >- if val and key.lower() == 'objectclass': >- ocs -= set([val] if isinstance(val, basestring) else val) >- if ocs: >- al.append(('objectClass', list(ocs))) >- >+ al = self._ldap_object_classes_add(al) > al = self.call_udm_property_hook('hook_ldap_addlist', self, al) > > # ensure univentionObject is set >@@ -1302,6 +1274,37 @@ class simpleLdap(object): > self.save() > return self.dn > >+ def _ldap_object_classes_add(self, al): >+ m = univention.admin.modules.get(self.module) >+ # evaluate extended attributes >+ ocs = set() >+ for prop in getattr(m, 'extended_udm_attributes', []): >+ ud.debug(ud.ADMIN, ud.INFO, 'simpleLdap._create: info[%s]:%r = %r' % (prop.name, self.has_property(prop.name), self.info.get(prop.name))) >+ if prop.syntax == 'boolean' and self.info.get(prop.name) == '0': >+ continue >+ if self.has_property(prop.name) and self.info.get(prop.name): >+ ocs.add(prop.objClass) >+ >+ module_options = univention.admin.modules.options(self.module) >+ # add object classes of (especially extended) options >+ for option in ['default'] + self.options: >+ try: >+ opt = module_options[option] >+ except KeyError: >+ ud.debug(ud.ADMIN, ud.INFO, '%r does not specify option %r' % (m.module, option)) >+ continue >+ ocs |= set(opt.objectClasses) >+ >+ # remove duplicated object classes >+ for i in al: >+ key, val = i[0], i[-1] # might be a triple >+ if val and key.lower() == 'objectclass': >+ ocs -= set([val] if isinstance(val, basestring) else val) >+ if ocs: >+ al.append(('objectClass', list(ocs))) >+ >+ return al >+ > def _modify(self, modify_childs=1, ignore_license=0, response=None, serverctrls=None): > """Modify the object. Should only be called by :func:`univention.admin.handlers.simpleLdap.modify`.""" > self.exceptions = [] >diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/usertemplate.py management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/usertemplate.py >index 69a22bcbfe..71eaa2033a 100644 >--- management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/usertemplate.py >+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/usertemplate.py >@@ -30,6 +30,8 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <https://www.gnu.org/licenses/>. > >+import six >+ > from univention.admin.layout import Tab, Group > import univention.admin.filter > import univention.admin.handlers >@@ -348,6 +350,8 @@ mapping.register('mailPrimaryAddress', 'mailPrimaryAddress', None, univention.ad > mapping.register('mailAlternativeAddress', 'mailAlternativeAddress') > mapping.register('_options', 'userOptionsPreset') > >+BLACKLISTED_OBJECT_CLASSES = {'inetOrgPerson'} >+ > > class object(univention.admin.handlers.simpleLdap): > module = module >@@ -357,6 +361,19 @@ class object(univention.admin.handlers.simpleLdap): > univention.admin.syntax.optionsUsersUser.update_choices() # woraround: somehow init() didn't do it > self.options.extend(self['_options']) > >+ def _ldap_object_classes(self, ml): >+ ml = super(object, self)._ldap_object_classes(ml) >+ return self.filter_object_classes(ml) >+ >+ def _ldap_object_classes_add(self, al): >+ al = super(object, self)._ldap_object_classes_add(al) >+ return self.filter_object_classes(al) >+ >+ def filter_object_classes(self, ml): >+ ml = [x for x in ml if x[0] != 'objectClass' or not isinstance(x[-1], six.string_types) or x[-1] not in BLACKLISTED_OBJECT_CLASSES] >+ ml = [x if x[0] != 'objectClass' and not isinstance(x[-1], (list, tuple)) else list(x[:-1]) + [list(set(x[-1]) - BLACKLISTED_OBJECT_CLASSES)] for x in ml] >+ return ml >+ > def _ldap_pre_modify(self): > super(object, self)._ldap_pre_modify() > self['_options'].extend(self.options)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10372">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 51364
: 10372