From 6c1ae29831a5fdea5a81412042ea73cc5df9f397 Mon Sep 17 00:00:00 2001 From: Petr Vobornik Date: Wed, 12 Aug 2015 10:35:38 +0200 Subject: [PATCH] adjust search so that it works for non-admin users Non-admin user can now search for: - hosts - hostgroups - netgroups - servers - services (Fixes ACI issue where search returns nothing when user does't have read rights for an attribute in search_attributes. https://fedorahosted.org/freeipa/ticket/5167 Reviewed-By: Tomas Babej --- ipalib/plugins/host.py | 2 +- ipalib/plugins/hostgroup.py | 1 + ipalib/plugins/netgroup.py | 4 ++++ ipalib/plugins/server.py | 1 + ipalib/plugins/service.py | 3 +-- 5 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index 410b4bd120743a6ad5787fbd2a55534b4f108601..3e882aefd210df73b7ffd15b5a4c1d2fc4173536 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -292,7 +292,7 @@ class host(LDAPObject): # object_class_config = 'ipahostobjectclasses' search_attributes = [ 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', - 'nshardwareplatform', 'nsosversion', 'managedby', 'ipaallowedtoperform' + 'nshardwareplatform', 'nsosversion', 'managedby', ] default_attributes = [ 'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname', diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index fafe40ad9a8d1693505b7d90e5d8fd12202a894b..30d474d80905f02c4f88742a2677220c150b3c7f 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -78,6 +78,7 @@ class hostgroup(LDAPObject): object_name_plural = _('host groups') object_class = ['ipaobject', 'ipahostgroup'] permission_filter_objectclasses = ['ipahostgroup'] + search_attributes = ['cn', 'description', 'member', 'memberof'] default_attributes = ['cn', 'description', 'member', 'memberof', 'memberindirect', 'memberofindirect', ] diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index d535b383e048fd12d08bde9247f158d183a5bcad..e69aaf94a035d0c4af28585f84b4b1f8105b3fc3 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -86,6 +86,10 @@ class netgroup(LDAPObject): object_name_plural = _('netgroups') object_class = ['ipaobject', 'ipaassociation', 'ipanisnetgroup'] permission_filter_objectclasses = ['ipanisnetgroup'] + search_attributes = [ + 'cn', 'description', 'memberof', 'externalhost', 'nisdomainname', + 'memberuser', 'memberhost', 'member', 'usercategory', 'hostcategory', + ] default_attributes = [ 'cn', 'description', 'memberof', 'externalhost', 'nisdomainname', 'memberuser', 'memberhost', 'member', 'memberindirect', diff --git a/ipalib/plugins/server.py b/ipalib/plugins/server.py index 7fc44197343dbb651782fbf79993cbbe8818efed..5808c9c5ea78fce4a15cd2e49740fbe20bca8358 100644 --- a/ipalib/plugins/server.py +++ b/ipalib/plugins/server.py @@ -38,6 +38,7 @@ class server(LDAPObject): object_name = _('server') object_name_plural = _('servers') object_class = ['top'] + search_attributes = ['cn'] default_attributes = [ 'cn', 'iparepltopomanagedsuffix', 'ipamindomainlevel', 'ipamaxdomainlevel' diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index a5e10921beac8b232f6b74640ef17713f7297a3d..a21d004c8a70d50385c94b12447d5fd5bc0851b4 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -391,8 +391,7 @@ class service(LDAPObject): ] possible_objectclasses = ['ipakrbprincipal', 'ipaallowedoperations'] permission_filter_objectclasses = ['ipaservice'] - search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata', - 'ipaallowedtoperform'] + search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata'] default_attributes = ['krbprincipalname', 'usercertificate', 'managedby', 'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform'] uuid_attribute = 'ipauniqueid' -- 2.4.3