rpms/ipa
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Patch to fix GUI login for non-admin users

Browse Source 
Resolves: #1557609
This commit is contained in:
Rob Crittenden 2018-03-19 17:28:51 -04:00
parent b80b146ad3
commit 3d031dc162
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
0001-Processing-of-server-roles-should-ignore-errors.Empt.patch Normal file
View File

@ -0,0 +1,52 @@
From 782d74463226039647ec0b5caaa1a967d86cc930 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 19 Mar 2018 21:48:04 +0200
Subject: [PATCH] Processing of server roles should ignore errors.EmptyResult
When non-admin user issues a command that utilizes
api.Object.config.show_servroles_attributes(), some server roles might
return errors.EmptyResult, indicating that a role is not visible to this
identity.
Most of the callers to api.Object.config.show_servroles_attributes() do
not process errors.EmptyResult so it goes up to an API caller. In case
of Web UI it breaks retrieval of the initial configuration due to ipa
config-show failing completely rather than avoiding to show available
server roles.
Fixes: https://pagure.io/freeipa/issue/7452
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
ipaserver/plugins/config.py | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
index 33ed38ba0..dd235a4e1 100644
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -276,9 +276,20 @@ class config(LDAPObject):
def update_entry_with_role_config(self, role_name, entry_attrs):
backend = self.api.Backend.serverroles
- role_config = backend.config_retrieve(role_name)
+ try:
+ role_config = backend.config_retrieve(role_name)
+ except errors.EmptyResult:
+ # No role config means current user identity
+ # has no rights to see it, return with no action
+ return
+
for key, value in role_config.items():
- entry_attrs.update({key: value})
+ try:
+ entry_attrs.update({key: value})
+ except errors.EmptyResult:
+ # An update that doesn't change an entry is fine here
+ # Just ignore and move to the next key pair
+ pass
def show_servroles_attributes(self, entry_attrs, *roles, **options):
--
2.14.3

6
freeipa.spec
View File

@ -100,7 +100,7 @@
Name: freeipa Name: freeipa
Version: %{VERSION} Version: %{VERSION}
Release: 1%{?dist} Release: 2%{?dist}
Summary: The Identity, Policy and Audit system Summary: The Identity, Policy and Audit system
Group: System Environment/Base Group: System Environment/Base
@ -108,6 +108,7 @@ License: GPLv3+
URL: https://www.freeipa.org/ URL: https://www.freeipa.org/
Source0: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz Source0: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz
Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.asc Source1: https://releases.pagure.org/freeipa/freeipa-%{VERSION}.tar.gz.asc
Patch0001: 0001-Processing-of-server-roles-should-ignore-errors.Empt.patch
# For the timestamp trick in patch application # For the timestamp trick in patch application
BuildRequires: diffstat BuildRequires: diffstat
@ -1716,6 +1717,9 @@ fi
%endif # with_ipatests %endif # with_ipatests
%changelog %changelog
* Mon Mar 19 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre1-2
- Patch to fix GUI login for non-admin users (#1557609)
* Fri Mar 16 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre1-1 * Fri Mar 16 2018 Rob Crittenden <rcritten@redhat.com> - 4.6.90.pre1-1
- Update to upstream 4.6.90.pre1 - Update to upstream 4.6.90.pre1