rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3d031dc162
ipa/0001-Processing-of-server-roles-should-ignore-errors.Empt.patch
Rob Crittenden 3d031dc162 Patch to fix GUI login for non-admin users 
Resolves: #1557609
2018-03-19 17:28:51 -04:00

53 lines
2.0 KiB
Diff
Raw Blame History

From 782d74463226039647ec0b5caaa1a967d86cc930 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 19 Mar 2018 21:48:04 +0200
Subject: [PATCH] Processing of server roles should ignore errors.EmptyResult
When non-admin user issues a command that utilizes
api.Object.config.show_servroles_attributes(), some server roles might
return errors.EmptyResult, indicating that a role is not visible to this
identity.
Most of the callers to api.Object.config.show_servroles_attributes() do
not process errors.EmptyResult so it goes up to an API caller. In case
of Web UI it breaks retrieval of the initial configuration due to ipa
config-show failing completely rather than avoiding to show available
server roles.
Fixes: https://pagure.io/freeipa/issue/7452
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
ipaserver/plugins/config.py | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py
index 33ed38ba0..dd235a4e1 100644
--- a/ipaserver/plugins/config.py
+++ b/ipaserver/plugins/config.py
@@ -276,9 +276,20 @@ class config(LDAPObject):
def update_entry_with_role_config(self, role_name, entry_attrs):
backend = self.api.Backend.serverroles
- role_config = backend.config_retrieve(role_name)
+ try:
+ role_config = backend.config_retrieve(role_name)
+ except errors.EmptyResult:
+ # No role config means current user identity
+ # has no rights to see it, return with no action
+ return
+
for key, value in role_config.items():
- entry_attrs.update({key: value})
+ try:
+ entry_attrs.update({key: value})
+ except errors.EmptyResult:
+ # An update that doesn't change an entry is fine here
+ # Just ignore and move to the next key pair
+ pass
def show_servroles_attributes(self, entry_attrs, *roles, **options):
--
2.14.3
Reference in New Issue View Git Blame Copy Permalink