IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

permission-mod: Remove attributelevelrights before reverting entry

Browse Source 
LDAPUpdate adds the display-only 'attributelevelrights' attribute,
which doesn't exist in LDAP. Remove it before reverting entry.

https://fedorahosted.org/freeipa/ticket/4212

Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
Petr Viktorin
2014-03-03 14:46:51 +01:00
committed by Martin Kosek
parent 4048d412f2
commit 02e61961da
2 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipalib/plugins/permission.py
View File

@@ -988,6 +988,9 @@ class permission_mod(baseldap.LDAPUpdate):
else: else:
self.obj.update_aci(entry, old_entry.single_value['cn']) self.obj.update_aci(entry, old_entry.single_value['cn'])
except Exception: except Exception:
# Don't revert attribute which doesn't exist in LDAP
entry.pop('attributelevelrights', None)
self.log.error('Error updating ACI: %s' % traceback.format_exc()) self.log.error('Error updating ACI: %s' % traceback.format_exc())
self.log.warn('Reverting entry') self.log.warn('Reverting entry')
old_entry.reset_modlist(entry) old_entry.reset_modlist(entry)

27
ipatests/test_xmlrpc/test_permission_plugin.py
View File

@@ -315,7 +315,6 @@ class test_permission_negative(Declarative):
name='ipapermexcludedattr', name='ipapermexcludedattr',
error='only available on managed permissions'), error='only available on managed permissions'),
), ),
] ]
@@ -1631,8 +1630,34 @@ class test_permission_rollback(Declarative):
pdn=permission1_dn)), pdn=permission1_dn)),
), ),
] + _verifications + [
dict(
desc='Try adding an invalid attribute on %r with --all --rights' % permission1,
command=(
'permission_mod', [permission1], dict(
attrs=[u'cn', u'bogusattributexyz'],
rights=True,
all=True,
)
),
expected=errors.InvalidSyntax(
attr=r'targetattr "bogusattributexyz" does not exist '
r'in schema. Please add attributeTypes '
r'"bogusattributexyz" to schema if necessary. ACL Syntax '
r'Error(-5):(targetattr = \22bogusattributexyz || cn\22)'
r'(target = \22ldap:///%(tdn)s\22)'
r'(version 3.0;acl \22permission:%(name)s\22;'
r'allow (write) groupdn = \22ldap:///%(dn)s\22;)' % dict(
tdn=DN('uid=admin', users_dn),
name=permission1,
dn=permission1_dn),
),
),
] + _verifications ] + _verifications
class test_permission_sync_attributes(Declarative): class test_permission_sync_attributes(Declarative):
"""Test the effects of setting permission attributes""" """Test the effects of setting permission attributes"""
cleanup_commands = [ cleanup_commands = [