mirror of
https://github.com/GAM-team/GAM.git
synced 2026-07-03 12:21:35 +00:00
Two updates (#1536)
New CRoS actions Allow child privileges in create|update adminrole
This commit is contained in:
@@ -1303,7 +1303,9 @@ gam update chatmessage name <String>
|
|||||||
deprovision_retiring_device|
|
deprovision_retiring_device|
|
||||||
deprovision_upgrade_transfer|
|
deprovision_upgrade_transfer|
|
||||||
disable|
|
disable|
|
||||||
reenable
|
reenable|
|
||||||
|
pre_provisioned_disable|
|
||||||
|
pre_provisioned_reenable
|
||||||
|
|
||||||
gam update cros <CrOSEntity> action <CrOSAction> [acknowledge_device_touch_requirement]
|
gam update cros <CrOSEntity> action <CrOSAction> [acknowledge_device_touch_requirement]
|
||||||
|
|
||||||
|
|||||||
@@ -151,12 +151,19 @@ def doUpdateCros():
|
|||||||
elif action == 'deprovisionupgradetransfer':
|
elif action == 'deprovisionupgradetransfer':
|
||||||
action = 'deprovision'
|
action = 'deprovision'
|
||||||
deprovisionReason = 'upgrade_transfer'
|
deprovisionReason = 'upgrade_transfer'
|
||||||
elif action not in ['disable', 'reenable']:
|
elif action in ['disable', 'reenable']:
|
||||||
|
pass
|
||||||
|
elif action == 'preprovisioneddisable':
|
||||||
|
action = 'pre_provisioned_disable'
|
||||||
|
elif action == 'preprovisionedreenable':
|
||||||
|
action = 'pre_provisioned_reenable'
|
||||||
|
else:
|
||||||
controlflow.system_error_exit(2, f'expected action of ' \
|
controlflow.system_error_exit(2, f'expected action of ' \
|
||||||
f'deprovision_same_model_replace, ' \
|
f'deprovision_same_model_replace, ' \
|
||||||
f'deprovision_different_model_replace, ' \
|
f'deprovision_different_model_replace, ' \
|
||||||
f'deprovision_retiring_device, ' \
|
f'deprovision_retiring_device, ' \
|
||||||
f'deprovision_upgrade_transfer, disable or reenable,'
|
f'deprovision_upgrade_transfer, disable, reenable, '\
|
||||||
|
f'pre_provisioned_disable, pre_provisioned_reenable'\
|
||||||
f' got {action}')
|
f' got {action}')
|
||||||
action_body = {'action': action}
|
action_body = {'action': action}
|
||||||
if deprovisionReason:
|
if deprovisionReason:
|
||||||
|
|||||||
@@ -58,22 +58,32 @@ def getRoleId(role):
|
|||||||
|
|
||||||
|
|
||||||
def getPrivileges(body, privs, action):
|
def getPrivileges(body, privs, action):
|
||||||
all_privileges = gapi_directory_privileges.print_(return_only=True)
|
def expandChildPrivileges(privilege):
|
||||||
|
for childPrivilege in privilege.get('childPrivileges', []):
|
||||||
|
childPrivileges[childPrivilege['privilegeName']] = childPrivilege['serviceId']
|
||||||
|
expandChildPrivileges(childPrivilege)
|
||||||
|
|
||||||
|
allPrivileges = {}
|
||||||
|
ouPrivileges = {}
|
||||||
|
childPrivileges = {}
|
||||||
|
for privilege in gapi_directory_privileges.print_(return_only=True):
|
||||||
|
allPrivileges[privilege['privilegeName']] = privilege['serviceId']
|
||||||
|
if privilege['isOuScopable']:
|
||||||
|
ouPrivileges[privilege['privilegeName']] = privilege['serviceId']
|
||||||
|
expandChildPrivileges(privilege)
|
||||||
if privs == 'ALL':
|
if privs == 'ALL':
|
||||||
body['rolePrivileges'] = [
|
body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in allPrivileges.items()]
|
||||||
{'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges
|
|
||||||
]
|
|
||||||
elif privs == 'ALL_OU':
|
elif privs == 'ALL_OU':
|
||||||
body['rolePrivileges'] = [
|
body['rolePrivileges'] = [{'privilegeName': priv, 'serviceId': v} for priv, v in ouPrivileges.items()]
|
||||||
{'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']} for p in all_privileges if p.get('isOuScopable')
|
|
||||||
]
|
|
||||||
else:
|
else:
|
||||||
body.setdefault('rolePrivileges', [])
|
body.setdefault('rolePrivileges', [])
|
||||||
for priv in privs.split(','):
|
for priv in privs.split(','):
|
||||||
for p in all_privileges:
|
if priv in allPrivileges:
|
||||||
if priv == p['privilegeName']:
|
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': allPrivileges[priv]})
|
||||||
body['rolePrivileges'].append({'privilegeName': p['privilegeName'], 'serviceId': p['serviceId']})
|
elif priv in ouPrivileges:
|
||||||
break
|
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': ouPrivileges[priv]})
|
||||||
|
elif priv in childPrivileges:
|
||||||
|
body['rolePrivileges'].append({'privilegeName': priv, 'serviceId': childPrivileges[priv]})
|
||||||
else:
|
else:
|
||||||
controlflow.invalid_argument_exit(priv,
|
controlflow.invalid_argument_exit(priv,
|
||||||
f'gam {action} adminrole privileges')
|
f'gam {action} adminrole privileges')
|
||||||
|
|||||||
Reference in New Issue
Block a user