This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "YaST web service". The branch, master has been updated via 168a9b41e7fa79ddfc5f925452050f9c5be7e2e1 (commit) via ce4c229bf67a7607b57208f9e39e4ef7077dce52 (commit) from b602a5bf3598020b329faf39501c30e9d677a199 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 168a9b41e7fa79ddfc5f925452050f9c5be7e2e1 Author: Jiri Suchomel <jsuchome@suse.cz> Date: Wed Jul 1 08:52:35 2009 +0200 more changes in CLI->DBUS transfer commit ce4c229bf67a7607b57208f9e39e4ef7077dce52 Author: Jiri Suchomel <jsuchome@suse.cz> Date: Wed Jul 1 08:52:11 2009 +0200 new policy file, based on YaPI ----------------------------------------------------------------------- Summary of changes and diff: plugins/users/app/controllers/users_controller.rb | 61 ++++++++++++-------- plugins/users/config/resources/users.yml | 2 +- .../org.opensuse.yast.modules.yapi.users.policy | 32 ++++++++++- .../package/org.opensuse.yast.system.users.policy | 47 --------------- 4 files changed, 67 insertions(+), 75 deletions(-) delete mode 100644 plugins/users/package/org.opensuse.yast.system.users.policy diff --git a/plugins/users/app/controllers/users_controller.rb b/plugins/users/app/controllers/users_controller.rb index 5adb167..e71ae28 100644 --- a/plugins/users/app/controllers/users_controller.rb +++ b/plugins/users/app/controllers/users_controller.rb @@ -61,6 +61,7 @@ class UsersController < ApplicationController ]] } user_map = YastService.Call("YaPI::USERS::UserGet", parameters) + # TODO check if it is not empty @user = User.new # FIXME adapt the model to the YaPI return map @user.login_name = id @@ -141,31 +142,41 @@ class UsersController < ApplicationController end def add_user - command = ["/sbin/yast2", "users", "add"] - command << "cn=\"#{@user.full_name}\"" if not @user.full_name.blank? - if not @user.groups.blank? - grp_string = @user.groups.map { |group| group[:id] }.join(',') - command << "grouplist=#{grp_string}" - end - command << "gid=#{@user.default_group}" if not @user.default_group.blank? - command << "home=#{@user.home_directory}" if not @user.home_directory.blank? - command << "shell=#{@user.login_shell}" if not @user.login_shell.blank? - command << "username=#{@user.login_name}" if not @user.login_name.blank? - command << "uid=#{@user.uid}" if not @user.uid.blank? - command << "password=#{@user.password}" if not @user.password.blank? - command << "ldap_password=#{@user.ldap_password}" if not @user.ldap_password.blank? - command << "no_home" if not @user.no_home.blank? and @user.no_home.eql?('true') - command << "type=#{@user.type}" if not @user.type.blank? - command << "batchmode" +# command = ["/sbin/yast2", "users", "add"] +# command << "cn=\"#{@user.full_name}\"" if not @user.full_name.blank? +# if not @user.groups.blank? +# grp_string = @user.groups.map { |group| group[:id] }.join(',') +# command << "grouplist=#{grp_string}" +# end +# command << "gid=#{@user.default_group}" if not @user.default_group.blank? +# command << "home=#{@user.home_directory}" if not @user.home_directory.blank? +# command << "shell=#{@user.login_shell}" if not @user.login_shell.blank? +# command << "username=#{@user.login_name}" if not @user.login_name.blank? +# command << "uid=#{@user.uid}" if not @user.uid.blank? +# command << "password=#{@user.password}" if not @user.password.blank? +# command << "ldap_password=#{@user.ldap_password}" if not @user.ldap_password.blank? +# command << "no_home" if not @user.no_home.blank? and @user.no_home.eql?('true') +# command << "type=#{@user.type}" if not @user.type.blank? +# command << "batchmode" + + # FIXME mandatory parameters must be required on web-client side... + config = { + "type" => [ "s", "local" ] + } + data = { + "uid" => [ "s", @user.login_name ] + } + data["cn"] = [ "s", @user.full_name ] unless @user.full_name.blank? + data["userPassword"] = [ "s", @user.password ] unless @user.password.blank? - ret = @scr.execute(command) + ret = YastService.Call("YaPI::USERS::UserAdd", config, data) logger.debug "Command returns: #{ret.inspect}" - return true if ret[:exit] == 0 + return true if ret == "" - @error_id = ret[:exit] - @error_string = ret[:stderr] +# @error_id = ret[:exit] FIXME + @error_string = ret return false end @@ -197,7 +208,7 @@ class UsersController < ApplicationController # GET /users.xml # GET /users.json def index - unless permission_check( "org.opensuse.yast.system.users.read") + unless permission_check("org.opensuse.yast.modules.yapi.users.usersget") render ErrorResult.error(403, 1, "no permission") and return end get_user_list @@ -206,7 +217,7 @@ class UsersController < ApplicationController # GET /users/1 # GET /users/1.xml def show - unless permission_check( "org.opensuse.yast.system.users.read") + unless permission_check("org.opensuse.yast.modules.yapi.users.userget") render ErrorResult.error(403, 1, "no permission") and return end if params[:id].blank? @@ -222,7 +233,7 @@ class UsersController < ApplicationController # POST /users.xml # POST /users.json def create - unless permission_check( "org.opensuse.yast.system.users.new") + unless permission_check("org.opensuse.yast.modules.yapi.users.useradd") render ErrorResult.error(403, 1, "no permission") and return end @@ -241,7 +252,7 @@ class UsersController < ApplicationController # PUT /users/1 # PUT /users/1.xml def update - unless permission_check( "org.opensuse.yast.system.users.write") + unless permission_check("org.opensuse.yast.modules.yapi.users.usermodify") render ErrorResult.error(403, 1, "no permission") and return end @user = User.new @@ -264,7 +275,7 @@ class UsersController < ApplicationController # DELETE /users/1.xml # DELETE /users/1.json def destroy - unless permission_check( "org.opensuse.yast.system.users.delete") + unless permission_check("org.opensuse.yast.modules.yapi.users.userdelete") render ErrorResult.error(403, 1, "no permission") and return end get_user params[:id] diff --git a/plugins/users/config/resources/users.yml b/plugins/users/config/resources/users.yml index 4eeb2be..072c15a 100644 --- a/plugins/users/config/resources/users.yml +++ b/plugins/users/config/resources/users.yml @@ -1,2 +1,2 @@ -interface: org.opensuse.yast.system.users +interface: org.opensuse.yast.modules.yapi.users controller: users diff --git a/plugins/users/package/org.opensuse.yast.modules.yapi.users.policy b/plugins/users/package/org.opensuse.yast.modules.yapi.users.policy index 8353be0..4bd03ab 100644 --- a/plugins/users/package/org.opensuse.yast.modules.yapi.users.policy +++ b/plugins/users/package/org.opensuse.yast.modules.yapi.users.policy @@ -9,7 +9,6 @@ <action id="org.opensuse.yast.modules.yapi.users.usersget"> <description>Get list of users.</description> <message>System policy prevents the Yast DBus service from reading users.</message> - <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> @@ -20,12 +19,41 @@ <action id="org.opensuse.yast.modules.yapi.users.userget"> <description>Get the information about given user.</description> <message>System policy prevents the Yast DBus service from reading user info.</message> - <defaults> <allow_any>no</allow_any> <allow_inactive>no</allow_inactive> <allow_active>auth_admin_keep_session</allow_active> </defaults> </action> + + <action id="org.opensuse.yast.modules.yapi.users.usermodify"> + <description>Update user settings</description> + <message>Authentication is required to update user settings</message> + <defaults> + <allow_inactive>no</allow_inactive> + <allow_active>no</allow_active> + <allow_active>auth_admin_keep_session</allow_active> + </defaults> + </action> + + <action id="org.opensuse.yast.modules.yapi.users.useradd"> + <description>Add a new user account</description> + <message>Authentication is required to add a new user account</message> + <defaults> + <allow_inactive>no</allow_inactive> + <allow_active>no</allow_active> + <allow_active>auth_admin_keep_session</allow_active> + </defaults> + </action> + + <action id="org.opensuse.yast.modules.yapi.users.userdelete"> + <description>Delete a new account</description> + <message>Authentication is required to delete a user account</message> + <defaults> + <allow_inactive>no</allow_inactive> + <allow_active>no</allow_active> + <allow_active>auth_admin_keep_session</allow_active> + </defaults> + </action> </policyconfig> diff --git a/plugins/users/package/org.opensuse.yast.system.users.policy b/plugins/users/package/org.opensuse.yast.system.users.policy deleted file mode 100644 index f0d1a37..0000000 --- a/plugins/users/package/org.opensuse.yast.system.users.policy +++ /dev/null @@ -1,47 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policyconfig PUBLIC - "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" - "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd"> -<policyconfig> - - <vendor>YaST Webservice Project</vendor> - <vendor_url>http://en.opensuse.org/YAST</vendor_url> - - -<!-- -Rights for users ---> - <action id="org.opensuse.yast.system.users.read"> - <description>Reading user settings</description> - <message>Authentication is required to read user settings</message> - <defaults> - <allow_inactive>no</allow_inactive> - <allow_active>no</allow_active> - </defaults> - </action> - <action id="org.opensuse.yast.system.users.write"> - <description>Update user settings</description> - <message>Authentication is required to update user settings</message> - <defaults> - <allow_inactive>no</allow_inactive> - <allow_active>no</allow_active> - </defaults> - </action> - <action id="org.opensuse.yast.system.users.new"> - <description>Add a new user account</description> - <message>Authentication is required to add a new user account</message> - <defaults> - <allow_inactive>no</allow_inactive> - <allow_active>no</allow_active> - </defaults> - </action> - <action id="org.opensuse.yast.system.users.delete"> - <description>Delete a new account</description> - <message>Authentication is required to delete a user account</message> - <defaults> - <allow_inactive>no</allow_inactive> - <allow_active>no</allow_active> - </defaults> - </action> - -</policyconfig> \ No newline at end of file hooks/post-receive -- YaST web service -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org