Univention Bugzilla – Attachment 6964 Details for
Bug 38712
univention-policy-result != univention.uldap.getPolicies()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix base/univention-python/modules/uldap.py getPolicies()
38xxx_ldap-policy.diff (text/plain), 7.79 KB, created by
Philipp Hahn
on 2015-06-15 16:05:02 CEST
(
hide
)
Description:
Fix base/univention-python/modules/uldap.py getPolicies()
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2015-06-15 16:05:02 CEST
Size:
7.79 KB
patch
obsolete
>diff --git a/branches/ucs-4.0/ucs-4.0-2/base/univention-python/modules/uldap.py b/branches/ucs-4.0/ucs-4.0-2/base/univention-python/modules/uldap.py >index 70c6d41..fe1ba10 100644 >--- a/branches/ucs-4.0/ucs-4.0-2/base/univention-python/modules/uldap.py >+++ b/branches/ucs-4.0/ucs-4.0-2/base/univention-python/modules/uldap.py >@@ -348,16 +348,16 @@ class access: > _d=univention.debug.function('uldap.searchDn filter=%s base=%s scope=%s unique=%d required=%d' % (filter, base, scope, unique, required)) > return map(lambda(x): x[0], self.search(filter, base, scope, ['dn'], unique, required, timeout, sizelimit, serverctrls)) > >- def getPolicies(self, dn, policies = None, attrs = None, result = None, fixedattrs = None ): >+ def _get_policies(self, dn): >+ return self.get(dn, ['univentionPolicyReference']) >+ >+ def getPolicies(self, dn, policies=None, attrs=None): > if attrs is None: > attrs = {} >- if result is None: >- result = {} >- if fixedattrs is None: >- fixedattrs = {} > if policies is None: > policies = [] >- _d=univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s result=%s fixedattrs=%s' % (dn, policies, attrs, result, fixedattrs)) >+ _d = univention.debug.function('uldap.getPolicies dn=%s policies=%s attrs=%s' % ( >+ dn, policies, attrs)) > if not dn and not policies: # if policies is set apply a fictionally referenced list of policies > return {} > >@@ -371,72 +371,66 @@ class access: > elif not policies and not attrs: > policies=oattrs.get('univentionPolicyReference', []) > >- object_classes = [x.lower() for x in oattrs.get('objectClass', [])] >+ object_classes = {x.lower() for x in oattrs.get('objectClass', [])} > >+ result = {} > if dn: >- parent_dn=self.parentDn(dn) >- if parent_dn: >- result=self.getPolicies(parent_dn, result=result, fixedattrs=fixedattrs) >- >- for pdn in policies: >- pattrs=self.get(pdn) >- ptype=None >- if pattrs: >- for oc in pattrs['objectClass']: >- if oc in ( 'top', 'univentionPolicy', 'univentionObject' ): >- continue >- ptype=oc >+ obj_dn = dn >+ while True: >+ for policy_dn in policies: >+ self._merge_policy(policy_dn, obj_dn, object_classes, result) >+ dn = self.parentDn(dn) >+ if not dn: >+ break >+ parent = self.get(dn, ['univentionPolicyReference']) >+ if not parent: > break >+ policies = parent.get('univentionPolicyReference', []) > >- if not ptype: >- continue >+ univention.debug.debug( >+ univention.debug.LDAP, univention.debug.INFO, >+ "getPolicies: result: %s" % result) >+ return result > >- if pattrs.get('ldapFilter'): >- try: >- self.search(pattrs['ldapFilter'][0], base=dn, scope='base', unique=True, required=True) >- except ldap.NO_SUCH_OBJECT: >- continue >+ def _merge_policy(self, policy_dn, obj_dn, object_classes, result): >+ pattrs = self.get(policy_dn) >+ if not pattrs: >+ return > >- if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])): >- continue >- if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])): >- continue >+ try: >+ classes = set(pattrs['objectClass']) - {'top', 'univentionPolicy', 'univentionObject'} >+ ptype = classes.pop() >+ except KeyError: >+ return > >- result.setdefault(ptype, {}) >- fixedattrs.setdefault(ptype, {}) >- >- for key, value in pattrs.items(): >- if key in ('requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'): >- continue >- if key not in fixedattrs[ptype]: >- univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: %s sets: %s=%s" % (pdn, key, value)) >- result[ptype][key]={} >- result[ptype][key]['policy']=pdn >- result[ptype][key]['value']=value >- if key in pattrs.get('emptyAttributes', []): >- result[ptype][key]['value']=[] >- if key in pattrs.get('fixedAttributes', []): >- result[ptype][key]['fixed']=1 >- else: >- result[ptype][key]['fixed']=0 >- for key in pattrs.get('fixedAttributes', []): >- if key not in fixedattrs[ptype]: >- fixedattrs[ptype][key]=pdn >- if key not in result[ptype]: >- result[ptype][key]={} >- result[ptype][key]['policy']=pdn >- result[ptype][key]['value']=[] >- result[ptype][key]['fixed']=1 >- for key in pattrs.get('emptyAttributes', []): >- if key not in result[ptype]: >- result[ptype][key]={} >- result[ptype][key]['policy']=pdn >- result[ptype][key]['value']=[] >- elif not ('fixed' in result[ptype][key] and result[ptype][key]['fixed']): >- result[ptype][key]['value']=[] >- >- univention.debug.debug(univention.debug.LDAP, univention.debug.INFO, "getPolicies: result: %s" % result) >- return result >+ if pattrs.get('ldapFilter'): >+ try: >+ self.search(pattrs['ldapFilter'][0], base=obj_dn, scope='base', unique=True, required=True) >+ except ldap.NO_SUCH_OBJECT: >+ return >+ >+ if not all(oc.lower() in object_classes for oc in pattrs.get('requiredObjectClasses', [])): >+ return >+ if any(oc.lower() in object_classes for oc in pattrs.get('prohibitedObjectClasses', [])): >+ return >+ >+ fixed = set(pattrs.get('fixedAttributes', ())) >+ empty = set(pattrs.get('emptyAttributes', ())) >+ values = result.setdefault(ptype, {}) >+ for key in list(empty) + pattrs.keys() + list(fixed): >+ if key in {'requiredObjectClasses', 'prohibitedObjectClasses', 'fixedAttributes', 'emptyAttributes', 'objectClass', 'cn', 'univentionObjectType', 'ldapFilter'}: >+ continue >+ >+ if key not in values or key in fixed: >+ value = [] if key in empty else pattrs.get(key, []) >+ univention.debug.debug( >+ univention.debug.LDAP, univention.debug.INFO, >+ "getPolicies: %s sets: %s=%s" % (policy_dn, key, value)) >+ values[key] = { >+ 'policy': policy_dn, >+ 'value': value, >+ 'fixed': 1 if key in fixed else 0, >+ } > > def add(self, dn, al): > """Add LDAP entry with dn and attributes in add_list=(attribute-name, old-values. new-values) or (attribute-name, new-values).""" >diff --git a/branches/ucs-4.0/ucs-4.0-2/management/univention-directory-manager-modules/modules/univention/admin/uldap.py b/branches/ucs-4.0/ucs-4.0-2/management/univention-directory-manager-modules/modules/univention/admin/uldap.py >index 17d17a3..a82723b 100644 >--- a/branches/ucs-4.0/ucs-4.0-2/management/univention-directory-manager-modules/modules/univention/admin/uldap.py >+++ b/branches/ucs-4.0/ucs-4.0-2/management/univention-directory-manager-modules/modules/univention/admin/uldap.py >@@ -376,9 +376,9 @@ class access: > except ldap.LDAPError, msg: > raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) > >- def getPolicies( self, dn, policies = None, attrs = None, result = None, fixedattrs = None ): >+ def getPolicies( self, dn, policies=None, attrs=None): > univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'getPolicies modules dn %s result' % dn) >- return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs ) >+ return self.lo.getPolicies(dn, policies, attrs) > > def add(self, dn, al, exceptions=False): > self._validateLicense() >diff --git a/branches/ucs-4.0/ucs-4.0-2/management/univention-management-console/src/univention/management/console/acl.py b/branches/ucs-4.0/ucs-4.0-2/management/univention-management-console/src/univention/management/console/acl.py >index a66c3f5..66b6162 100644 >--- a/branches/ucs-4.0/ucs-4.0-2/management/univention-management-console/src/univention/management/console/acl.py >+++ b/branches/ucs-4.0/ucs-4.0-2/management/univention-management-console/src/univention/management/console/acl.py >@@ -358,7 +358,7 @@ class LDAP_ACLs (ACLs): > self._dump() > > def _get_policy_for_dn(self, dn): >- policy = self.lo.getPolicies(dn, policies=[], attrs={}, result={}, fixedattrs={}) >+ policy = self.lo.getPolicies(dn) > > return policy.get('umcPolicy', None) >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6964">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 38712
: 6964