| 331 |
331 |
count = admin_permissions.count()
|
| 332 |
332 |
if not count:
|
| 333 |
333 |
self.warning('invalid admin role "%s" no admin permission', admin_role)
|
| 334 |
|
elif count > 1:
|
| 335 |
|
self.warning('invalid admin role "%s" too many admin permissions', admin_role)
|
|
334 |
elif count != 2:
|
|
335 |
self.warning('invalid admin role "%s" too few or too many admin permissions', admin_role)
|
| 336 |
336 |
for admin_permission in admin_permissions:
|
| 337 |
337 |
self.notice(' - %s', admin_permission)
|
| 338 |
338 |
for admin_permission in admin_permissions:
|
| 339 |
339 |
if MANAGE_MEMBERS_OP and admin_permission.operation != manage_members_op:
|
| 340 |
340 |
self.warning('invalid admin role "%s" invalid permission "%s": not manage_members operation',
|
| 341 |
341 |
admin_role, admin_permission)
|
| 342 |
|
if admin_permission != admin_role.admin_scope:
|
| 343 |
|
self.warning('invalid admin role "%s" invalid permission "%s": not admin_scope',
|
| 344 |
|
admin_role, admin_permission)
|
| 345 |
|
if admin_permission.ou != admin_permission.target.ou:
|
| 346 |
|
self.warning('invalid admin role "%s" invalid permission "%s": wrong ou',
|
|
342 |
if not (
|
|
343 |
(admin_permission.target != admin_role and admin_permission == admin_role.admin_scope)
|
|
344 |
or (admin_permission.target == admin_role)):
|
|
345 |
self.warning('invalid admin role "%s" invalid permission "%s": not admin_scope and not self manage permission',
|
| 347 |
346 |
admin_role, admin_permission)
|
|
347 |
if admin_permission.ou is not None:
|
|
348 |
self.warning('invalid admin role "%s" invalid permission "%s": wrong ou "%s"',
|
|
349 |
admin_role, admin_permission, admin_permission.ou)
|
|
350 |
admin_permission.target.get_admin_role()
|
| 348 |
351 |
if admin_permission.target.ou != admin_role.ou:
|
| 349 |
352 |
self.warning('invalid admin role "%s" wrong ou, should be "%s" is "%s"',
|
| 350 |
353 |
admin_role, admin_permission.target.ou, admin_role.ou)
|
| 351 |
|
-
|