[Freeipa-devel] [PATCH 0048] Default the token owner to the person adding the token
Jan Cholasta
jcholast at redhat.com
Tue May 6 14:11:20 UTC 2014
On 6.5.2014 15:16, Nathaniel McCallum wrote:
> On Tue, 2014-05-06 at 13:46 +0200, Jan Cholasta wrote:
>> Hi,
>>
>> On 5.5.2014 18:40, Nathaniel McCallum wrote:
>>> Creating tokens for yourself is the most common operation. Making this
>>> the default optimizes for the common case.
>>
>> The user-find call should be inside the if statement.
>
> This is actually for a reason. See my patch 0049 for further context.
IMO something like this would be better:
if 'ipatokenowner' not in entry_attrs or 'ipatokenprotected' not in
entry_attrs:
result = self.api.Command.user_find(whoami=True)['result']
if result:
cur_uid = result[0]['uid'][0]
prev_uid = entry_attrs.setdefault('ipatokenowner', cur_uid)
if cur_uid != prev_uid:
entry_attrs.setdefault('ipatokenprotected', True)
>
>> Also please check
>> if there actually is a result, if you run user-find --whoami when
>> authenticated as non-user, the result will be empty.
>
> Fixed.
>
> Nathaniel
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list