2018-03-21 08:45:19 +00:00
|
|
|
From e161bce61819fbc8fd1b2a0bdfb01ecf9947b733 Mon Sep 17 00:00:00 2001
|
2018-03-19 21:28:51 +00:00
|
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
Date: Mon, 19 Mar 2018 21:48:04 +0200
|
2018-03-21 08:45:19 +00:00
|
|
|
Subject: [PATCH 1/2] Processing of server roles should ignore
|
|
|
|
errors.EmptyResult
|
2018-03-19 21:28:51 +00:00
|
|
|
|
|
|
|
When non-admin user issues a command that utilizes
|
|
|
|
api.Object.config.show_servroles_attributes(), some server roles might
|
|
|
|
return errors.EmptyResult, indicating that a role is not visible to this
|
|
|
|
identity.
|
|
|
|
|
|
|
|
Most of the callers to api.Object.config.show_servroles_attributes() do
|
|
|
|
not process errors.EmptyResult so it goes up to an API caller. In case
|
|
|
|
of Web UI it breaks retrieval of the initial configuration due to ipa
|
|
|
|
config-show failing completely rather than avoiding to show available
|
|
|
|
server roles.
|
|
|
|
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/7452
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
---
|
|
|
|
ipaserver/plugins/config.py | 15 +++++++++++++--
|
|
|
|
1 file changed, 13 insertions(+), 2 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
|
|
|
|
index 33ed38ba0..dd235a4e1 100644
|
|
|
|
--- a/ipaserver/plugins/config.py
|
|
|
|
+++ b/ipaserver/plugins/config.py
|
|
|
|
@@ -276,9 +276,20 @@ class config(LDAPObject):
|
|
|
|
def update_entry_with_role_config(self, role_name, entry_attrs):
|
|
|
|
backend = self.api.Backend.serverroles
|
|
|
|
|
|
|
|
- role_config = backend.config_retrieve(role_name)
|
|
|
|
+ try:
|
|
|
|
+ role_config = backend.config_retrieve(role_name)
|
|
|
|
+ except errors.EmptyResult:
|
|
|
|
+ # No role config means current user identity
|
|
|
|
+ # has no rights to see it, return with no action
|
|
|
|
+ return
|
|
|
|
+
|
|
|
|
for key, value in role_config.items():
|
|
|
|
- entry_attrs.update({key: value})
|
|
|
|
+ try:
|
|
|
|
+ entry_attrs.update({key: value})
|
|
|
|
+ except errors.EmptyResult:
|
|
|
|
+ # An update that doesn't change an entry is fine here
|
|
|
|
+ # Just ignore and move to the next key pair
|
|
|
|
+ pass
|
|
|
|
|
|
|
|
|
|
|
|
def show_servroles_attributes(self, entry_attrs, *roles, **options):
|
|
|
|
--
|
|
|
|
2.14.3
|
|
|
|
|