IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

permission plugin: Allow multiple values for memberof

Browse Source 
Design: http://www.freeipa.org/page/V3/Multivalued_target_filters_in_permissions
Additional fix for: https://fedorahosted.org/freeipa/ticket/4074

Reviewed-By: Martin Kosek <mkosek@redhat.com>
This commit is contained in:
Petr Viktorin
2014-02-27 14:38:16 +01:00
parent 02e61961da
commit 0c2aec1be5
4 changed files with 55 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
ipatests/test_xmlrpc/test_permission_plugin.py
View File

@@ -3255,4 +3255,44 @@ class test_permission_filters(Declarative):
'(version 3.0;acl "permission:%s";' % permission1 +
'allow (write) groupdn = "ldap:///%s";)' % permission1_dn,
),
dict(
desc='Add multiple memberof to %r' % permission1,
command=(
'permission_mod', [permission1],
dict(
memberof=[u'admins', u'editors'],
),
),
expected=dict(
value=permission1,
summary=u'Modified permission "%s"' % permission1,
result=dict(
dn=permission1_dn,
cn=[permission1],
objectclass=objectclasses.permission,
ipapermright=[u'write'],
memberof=[u'admins', u'editors'],
ipapermbindruletype=[u'permission'],
ipapermissiontype=[u'SYSTEM', u'V2'],
ipapermlocation=[api.env.basedn],
ipapermtargetfilter=[
u'(uid=abc)',
u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
u'(memberOf=%s)' % DN(('cn', 'editors'), groups_dn),
],
),
),
),
verify_permission_aci(
permission1, api.env.basedn,
'(targetfilter = "(&'
'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn) +
'(memberOf=%s)' % DN(('cn', 'editors'), groups_dn) +
'(uid=abc)' +
')")' +
'(version 3.0;acl "permission:%s";' % permission1 +
'allow (write) groupdn = "ldap:///%s";)' % permission1_dn,
),
]