Univention Bugzilla – Attachment 10541 Details for
Bug 52298
Search only for UMC policies when reading out UMC ACL's
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
52297.patch (text/plain), 6.11 KB, created by
Florian Best
on 2020-11-02 19:44:08 CET
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2020-11-02 19:44:08 CET
Size:
6.11 KB
patch
obsolete
>commit 215e7fb68ed2c3500d97a7b38332f480bcd42bfb >Author: Florian Best <best@univention.de> >Date: Thu Oct 29 00:03:26 2020 +0100 > > Only search for umcPolicy > >diff --git base/univention-python/modules/uldap.py base/univention-python/modules/uldap.py >index 410129ec2a..ec4aeb7530 100644 >--- base/univention-python/modules/uldap.py >+++ base/univention-python/modules/uldap.py >@@ -420,7 +420,7 @@ class access(object): > return self.__recode_attribute(attr, val) > > @_fix_reconnect_handling >- def get(self, dn, attr=[], required=False): >+ def get(self, dn, attr=[], required=False, ldap_filter=None): > # type: (str, List[str], bool) -> Dict[str, List[str]] > """ > Return multiple attributes of a single LDAP object. >@@ -435,7 +435,7 @@ class access(object): > """ > if dn: > try: >- result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr) >+ result = self.lo.search_s(dn, ldap.SCOPE_BASE, ldap_filter or '(objectClass=*)', attr) > except ldap.NO_SUCH_OBJECT: > result = [] > if result: >@@ -544,13 +544,13 @@ class access(object): > return [x[0] for x in self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls, response)] > > @_fix_reconnect_handling >- def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None): >+ def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None, ldap_filter=None): > # type: (str, List[str], Dict[str, List[Any]], Any, Any) -> Dict[str, Dict[str, Any]] > """ > Return |UCS| policies for |LDAP| entry. > > :param str dn: The distinguished name of the |LDAP| entry. >- :param list policies: List of policy object classes... >+ :param list policies: List of policy DNs... > :param dict attrs: |LDAP| attributes. If not given, the data is fetched from LDAP. > :param result: UNUSED! > :param fixedattrs: UNUSED! >@@ -582,12 +582,12 @@ class access(object): > obj_dn = dn > while True: > for policy_dn in policies: >- self._merge_policy(policy_dn, obj_dn, object_classes, result) >+ self._merge_policy(policy_dn, obj_dn, object_classes, result, ldap_filter) > dn = self.parentDn(dn) > if not dn: > break > try: >- parent = self.get(dn, attr=['univentionPolicyReference'], required=True) >+ parent = self.get(dn, attr=['univentionPolicyReference'], required=True, ldap_filter=ldap_filter) > except ldap.NO_SUCH_OBJECT: > break > policies = parent.get('univentionPolicyReference', []) >@@ -597,7 +597,7 @@ class access(object): > "getPolicies: result: %s" % result) > return result > >- def _merge_policy(self, policy_dn, obj_dn, object_classes, result): >+ def _merge_policy(self, policy_dn, obj_dn, object_classes, result, ldap_filter): > # type: (str, str, Set[str], Dict[str, Dict[str, Any]]) -> None > """ > Merge policies into result. >@@ -607,7 +607,7 @@ class access(object): > :param object_classes set: the set of object classes of the LDAP object. > :param result list: A mapping, into which the policy is merged. > """ >- pattrs = self.get(policy_dn) >+ pattrs = self.get(policy_dn, ldap_filter=ldap_filter) > if not pattrs: > return > >diff --git management/univention-directory-manager-modules/modules/univention/admin/uldap.py management/univention-directory-manager-modules/modules/univention/admin/uldap.py >index 453752eb44..18d3ac0cad 100644 >--- management/univention-directory-manager-modules/modules/univention/admin/uldap.py >+++ management/univention-directory-manager-modules/modules/univention/admin/uldap.py >@@ -810,7 +810,7 @@ class access: > except ldap.LDAPError as msg: > raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) > >- def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None): >+ def getPolicies(self, dn, policies=None, attrs=None, result=None, fixedattrs=None, ldap_filter=None): > # type: (str, Optional[List[str]], Optional[Dict[str, List[Any]]], Any, Any) -> Dict[str, Dict[str, Any]] > """ > Return |UCS| policies for |LDAP| entry. >@@ -823,7 +823,7 @@ class access: > :returns: A mapping of policy names to > """ > ud.debug(ud.ADMIN, ud.INFO, 'getPolicies modules dn %s result' % dn) >- return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs) >+ return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs, ldap_filter) > > def add(self, dn, al, exceptions=False, serverctrls=None, response=None): > # type: (str, List[Tuple], bool, Optional[List[ldap.controls.LDAPControl]], Optional[Dict]) -> None >diff --git management/univention-management-console/src/univention/management/console/acl.py management/univention-management-console/src/univention/management/console/acl.py >index 0fe9efc0c7..3073c29c94 100644 >--- management/univention-management-console/src/univention/management/console/acl.py >+++ management/univention-management-console/src/univention/management/console/acl.py >@@ -373,7 +373,7 @@ class LDAP_ACLs(ACLs): > self._dump() > > def _get_policy_for_dn(self, dn): >- policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={}) >+ policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={}, ldap_filter='(&(objectClass=umcPolicy)(umcPolicyGrantedOperationSet=*))') > > return policy.get('umcPolicy', None) > >@@ -390,7 +390,7 @@ class LDAP_ACLs(ACLs): > > if policy and 'umcPolicyGrantedOperationSet' in policy: > for value in policy['umcPolicyGrantedOperationSet']['value']: >- self._append(LDAP_ACLs.FROM_USER, self.lo.get(value)) >+ self._append(LDAP_ACLs.FROM_USER, self.lo.get(value, ['umcOperationSetHost', 'umcOperationSetFlavor', 'umcOperationSetCommand'])) > > # TODO: check for nested groups > groupDNs = self.lo.searchDn(filter=filter_format('uniqueMember=%s', [userdn])) >@@ -401,7 +401,7 @@ class LDAP_ACLs(ACLs): > continue > if 'umcPolicyGrantedOperationSet' in policy: > for value in policy['umcPolicyGrantedOperationSet']['value']: >- self._append(LDAP_ACLs.FROM_GROUP, self.lo.get(value)) >+ self._append(LDAP_ACLs.FROM_GROUP, self.lo.get(value, ['umcOperationSetHost', 'umcOperationSetFlavor', 'umcOperationSetCommand'])) > > # make the ACLs unique > getvals = operator.itemgetter('fromUser', 'host', 'command', 'options', 'flavor')
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10541">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52298
: 10541