IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Unable to rename permission object

Browse Source 
The update was failing because of the case insensitivity of permission
object DN. Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2571
This commit is contained in:
Ondrej Hamada
2012-04-11 09:37:15 +02:00
committed by Rob Crittenden
parent fca43ccd47
commit 2584e9be67
2 changed files with 52 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ipalib/plugins/permission.py
View File

@@ -335,14 +335,17 @@ class permission_mod(LDAPUpdate):
# when renaming permission, check if the target permission does not # when renaming permission, check if the target permission does not
# exists already. Then, make changes to underlying ACI # exists already. Then, make changes to underlying ACI
if 'rename' in options: if 'rename' in options:
try: if options['rename']:
new_dn = dn.replace(keys[-1], options['rename'], 1) try:
(new_dn, attrs) = ldap.get_entry( new_dn = dn.replace(keys[-1].lower(), options['rename'], 1)
new_dn, attrs_list, normalize=self.obj.normalize_dn (new_dn, attrs) = ldap.get_entry(
) new_dn, attrs_list, normalize=self.obj.normalize_dn
raise errors.DuplicateEntry() )
except errors.NotFound: raise errors.DuplicateEntry()
pass # permission may be renamed, continue except errors.NotFound:
pass # permission may be renamed, continue
else:
raise errors.ValidationError(name='rename',error=_('New name can not be empty'))
opts = copy.copy(options) opts = copy.copy(options)
for o in ['all', 'raw', 'rights', 'rename']: for o in ['all', 'raw', 'rights', 'rename']:

45
tests/test_xmlrpc/test_permission_plugin.py
View File

@@ -36,6 +36,10 @@ permission1_renamed = u'testperm1_rn'
permission1_renamed_dn = DN(('cn',permission1_renamed), permission1_renamed_dn = DN(('cn',permission1_renamed),
api.env.container_permission,api.env.basedn) api.env.container_permission,api.env.basedn)
permission1_renamed_ucase = u'Testperm_RN'
permission1_renamed_ucase_dn = DN(('cn',permission1_renamed_ucase.lower()),
api.env.container_permission,api.env.basedn)
permission2 = u'testperm2' permission2 = u'testperm2'
permission2_dn = DN(('cn',permission2), permission2_dn = DN(('cn',permission2),
@@ -465,6 +469,17 @@ class test_permission(Declarative):
), ),
dict(
desc='Try to rename %r to empty name' % (permission1),
command=(
'permission_mod', [permission1], dict(rename=u'',
permissions=u'all',)
),
expected=errors.ValidationError(name=u'rename',
error=u'New name can not be empty'),
),
dict( dict(
desc='Check integrity of original permission %r' % permission1, desc='Check integrity of original permission %r' % permission1,
command=('permission_show', [permission1], {}), command=('permission_show', [permission1], {}),
@@ -506,12 +521,34 @@ class test_permission(Declarative):
dict( dict(
desc='Delete %r' % permission1_renamed, desc='Rename %r to permission %r' % (permission1_renamed,
command=('permission_del', [permission1_renamed], {}), permission1_renamed_ucase),
command=(
'permission_mod', [permission1_renamed], dict(rename=permission1_renamed_ucase,
permissions= u'write',)
),
expected=dict(
value=permission1_renamed,
summary=u'Modified permission "%s"' % permission1_renamed,
result={
'dn': lambda x: DN(x) == permission1_renamed_ucase_dn,
'cn': [permission1_renamed_ucase.lower()],
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
'memberof': u'ipausers',
},
),
),
dict(
desc='Delete %r' % permission1_renamed_ucase,
command=('permission_del', [permission1_renamed_ucase], {}),
expected=dict( expected=dict(
result=dict(failed=u''), result=dict(failed=u''),
value=permission1_renamed, value=permission1_renamed_ucase,
summary=u'Deleted permission "%s"' % permission1_renamed, summary=u'Deleted permission "%s"' % permission1_renamed_ucase,
) )
), ),