[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCH] 0346 permission_find: Do not fail for ipasearchrecordslimit=-1

On 12/16/2013 04:55 PM, Jan Cholasta wrote:

On 16.12.2013 16:46, Petr Viktorin wrote:
Honza found a failure in the new permission plugin when
ipasearchrecordslimit is set to -1. Here is a fix.

Judging from LDAPSearch.find_entries, it seems that 0 also means
unlimited, so I think "if len(entries) > max_entries > 0" might be safer

I think it's clearer to spell this out since it's not really comparing the same quantity.


From e2dedadbfc7967e8c472e1d33c249de75e53507c Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori redhat com>
Date: Mon, 16 Dec 2013 16:11:33 +0100
Subject: [PATCH] permission_find: Do not fail for ipasearchrecordslimit=-1

ipasearchrecordslimit can be -1, which means unlimited.
The permission_find post_callback failed in this case in legacy
permission handling.
Do not fail in this case.
 ipalib/plugins/permission.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 345faa896c942007f0ab58fb03dbe769c700ce08..fef640c37bc34f53376fad3a1b943bb37f677167 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -891,11 +891,12 @@ def post_callback(self, ldap, entries, truncated, *args, **options):
             for entry in legacy_entries:
                 if entry.single_value['cn'] in nonlegacy_names:
-                if len(entries) > max_entries:
+                if max_entries > 0 and len(entries) > max_entries:
                     # We've over the limit, pop the last entry and set
                     # truncated flag
                     # (this is easier to do than checking before adding
                     # the entry to results)
+                    # (max_entries <= 0 means unlimited)
                     truncated = True

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]