sudorule: Allow unsetting sudoorder

After setting sudoorder, you are unable to unset it, since the check for uniqueness of order of sudorules is applied incorrectly. Fix the behaviour and cover it in the test suite. https://fedorahosted.org/freeipa/ticket/4360 Reviewed-By: Martin Kosek <mkosek@redhat.com>
2024-12-23 07:33:27 -06:00 · 2014-06-16 16:51:31 +02:00 · 2014-06-16 16:51:31 +02:00 · 637ef11109
commit 637ef11109
parent d868fc5566
2 changed files with 6 additions and 1 deletions
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@ -310,10 +310,11 @@ class sudorule(LDAPObject):
    )

    def check_order_uniqueness(self, *keys, **options):
-        if 'sudoorder' in options:
+        if options.get('sudoorder') is not None:
            entries = self.methods.find(
                sudoorder=options['sudoorder']
            )['result']
+
            if len(entries) > 0:
                rule_name = entries[0]['cn'][0]
                raise errors.ValidationError(
--- a/ipatests/test_xmlrpc/test_sudorule_plugin.py
+++ b/ipatests/test_xmlrpc/test_sudorule_plugin.py
@ -769,6 +769,10 @@ class test_sudorule(XMLRPC_test):
        with assert_raises(errors.ValidationError):
            api.Command['sudorule_mod'](self.rule_name, sudoorder=0)

+        # Try unsetting sudoorder from both rules
+        api.Command['sudorule_mod'](self.rule_name, sudoorder=None)
+        api.Command['sudorule_mod'](self.rule_name2, sudoorder=None)
+

    def test_m_sudorule_del(self):
        """