ipatests: Check if user with 'User Administrator' role can delete group.

Test scenario: - create a test user with the 'User Administrator' role - as this test user, create a new group - as this test user, delete the new group Related: https://pagure.io/freeipa/issue/6884 Co-authored-by: Nikhil Dehadrai <ndehadra@redhat.com> Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-05-18 11:12:26 +02:00 · 2020-05-18 11:12:26 +02:00 · 3dd5053cdd
commit 3dd5053cdd
parent 32c6b02eed
1 changed files with 32 additions and 0 deletions
--- a/ipatests/test_integration/test_user_permissions.py
+++ b/ipatests/test_integration/test_user_permissions.py
@ -193,6 +193,38 @@ class TestUserPermissions(IntegrationTest):
             '--user-auth-type', 'radius', '--radius-username', 'testradius',
             'testradius', '--radius', radiusproxy])

+    def test_delete_group_by_user_administrator(self):
+        """
+        Test that a user with sufficient privileges can delete group
+        This is a Automation for issue 6884
+        """
+        # Create a new testadmin user with a password
+        testadmin = 'tuser'
+        password = 'Secret123'
+        testgroup = 'gtest'
+
+        try:
+            tasks.create_active_user(self.master, testadmin, password)
+
+            # Add testadmin user to role "User Administrator"
+            tasks.kinit_admin(self.master)
+            self.master.run_command(['ipa', 'role-add-member',
+                                     '--users', testadmin,
+                                     'User Administrator'])
+            tasks.kdestroy_all(self.master)
+
+            # Create a test group
+            tasks.kinit_as_user(self.master, testadmin, password)
+            self.master.run_command(['ipa', 'group-add', testgroup])
+
+            # Call ipa-group-del to check if user can delete group
+            self.master.run_command(['ipa', 'group-del', testgroup])
+        finally:
+            # Cleanup
+            tasks.kinit_admin(self.master)
+            self.master.run_command(['ipa', 'user-del', testadmin])
+            self.master.run_command(['ipa', 'group-del', testgroup,
+                                     '--continue'])


 class TestInstallClientNoAdmin(IntegrationTest):