The last allowed/mapping rule can be removed in SPs

If you created rule(s) in an SP for either allowed attributes or
attribute mapping there was no way to remove the last rule meaning
it could never go back to use the global defaults.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>

diff --git a/ipsilon/providers/saml2/admin.py b/ipsilon/providers/saml2/admin.py
index f0456c1..f8163f7 100644 (file)
--- a/ipsilon/providers/saml2/admin.py
+++ b/ipsilon/providers/saml2/admin.py
@@ -172,15 +172,21 @@ class SPAdminPage(AdminPage):
                     value = get_complex_list_value(name,
                                                    current,
                                                    **kwargs)
                     value = get_complex_list_value(name,
                                                    current,
                                                    **kwargs)

+                    # if current value is None do nothing

                     if value is None:
                     if value is None:

-                        continue
+                        if option.get_value() is None:
+                            continue
+                        # else pass and let it continue as None

                 elif type(option) is pconfig.MappingList:
                     current = deepcopy(option.get_value())
                     value = get_mapping_list_value(name,
                                                    current,
                                                    **kwargs)
                 elif type(option) is pconfig.MappingList:
                     current = deepcopy(option.get_value())
                     value = get_mapping_list_value(name,
                                                    current,
                                                    **kwargs)

+                    # if current value is None do nothing

                     if value is None:
                     if value is None:

-                        continue
+                        if option.get_value() is None:
+                            continue
+                        # else pass and let it continue as None

                 else:
                     continue
 
                 else:
                     continue
 


@@ -210,26 +216,28 @@ class SPAdminPage(AdminPage):
                 # Make changes in current config
                 for name, option in conf.iteritems():
                     value = new_db_values.get(name, False)
                 # Make changes in current config
                 for name, option in conf.iteritems():
                     value = new_db_values.get(name, False)

-                    if value:
-                        if name == 'Name':
-                            if not self.sp.is_valid_name(value):
-                                raise InvalidValueFormat(
-                                    'Invalid name! Use only numbers and'
-                                    ' letters'
-                                )
-                            self.sp.name = value
-                            self.url = '%s/sp/%s' % (self.parent.url, value)
-                            self.parent.rename_sp(option.get_value(), value)
-                        elif name == 'User Owner':
-                            self.sp.owner = value
-                        elif name == 'Default NameID':
-                            self.sp.default_nameid = value
-                        elif name == 'Allowed NameIDs':
-                            self.sp.allowed_nameids = value
-                        elif name == 'Attribute Mapping':
-                            self.sp.attribute_mappings = value
-                        elif name == 'Allowed Attributes':
-                            self.sp.allowed_attributes = value
+                    # A value of None means remove from the data store
+                    if value is False or value == []:
+                        continue
+                    if name == 'Name':
+                        if not self.sp.is_valid_name(value):
+                            raise InvalidValueFormat(
+                                'Invalid name! Use only numbers and'
+                                ' letters'
+                            )
+                        self.sp.name = value
+                        self.url = '%s/sp/%s' % (self.parent.url, value)
+                        self.parent.rename_sp(option.get_value(), value)
+                    elif name == 'User Owner':
+                        self.sp.owner = value
+                    elif name == 'Default NameID':
+                        self.sp.default_nameid = value
+                    elif name == 'Allowed NameIDs':
+                        self.sp.allowed_nameids = value
+                    elif name == 'Attribute Mapping':
+                        self.sp.attribute_mappings = value
+                    elif name == 'Allowed Attributes':
+                        self.sp.allowed_attributes = value

             except InvalidValueFormat, e:
                 message = str(e)
                 message_type = ADMIN_STATUS_WARN
             except InvalidValueFormat, e:
                 message = str(e)
                 message_type = ADMIN_STATUS_WARN

diff --git a/ipsilon/util/config.py b/ipsilon/util/config.py
index 523601d..5366a96 100644 (file)
--- a/ipsilon/util/config.py
+++ b/ipsilon/util/config.py
@@ -178,6 +178,8 @@ class List(Option):
 class ComplexList(List):
 
     def _check_value(self, value):
 class ComplexList(List):
 
     def _check_value(self, value):

+        if value is None:
+            return

         if type(value) is not list:
             raise ValueError('The value type must be a list, not "%s"' %
                              type(value))
         if type(value) is not list:
             raise ValueError('The value type must be a list, not "%s"' %
                              type(value))


@@ -202,6 +204,8 @@ class ComplexList(List):
 class MappingList(ComplexList):
 
     def _check_value(self, value):
 class MappingList(ComplexList):
 
     def _check_value(self, value):

+        if value is None:
+            return

         if type(value) is not list:
             raise ValueError('The value type must be a list, not "%s"' %
                              type(value))
         if type(value) is not list:
             raise ValueError('The value type must be a list, not "%s"' %
                              type(value))

diff --git a/ipsilon/util/data.py b/ipsilon/util/data.py
index 72e7f96..b06f00c 100644 (file)
--- a/ipsilon/util/data.py
+++ b/ipsilon/util/data.py
@@ -377,10 +377,14 @@ class Store(Log):
                 datum = data[uid]
                 for name in datum:
                     if name in curvals:
                 datum = data[uid]
                 for name in datum:
                     if name in curvals:

-                        q.update({'value': datum[name]},
-                                 {'uuid': uid, 'name': name})
+                        if datum[name] is None:
+                            q.delete({'uuid': uid, 'name': name})
+                        else:
+                            q.update({'value': datum[name]},
+                                     {'uuid': uid, 'name': name})

                     else:
                     else:

-                        q.insert((uid, name, datum[name]))
+                        if datum[name] is not None:
+                            q.insert((uid, name, datum[name]))

 
             q.commit()
         except Exception, e:  # pylint: disable=broad-except
 
             q.commit()
         except Exception, e:  # pylint: disable=broad-except