Fix overlapping cn param/option issue, pass cn as aciname in find

permission-find --name wasn't working for two reasons. The first
was that the cn to search on in options ended up overlapping the
primary key name causing the request to fail.

The second reason was aci uses aciname, not cn, as its name field.
So searching on --name matched everything because it was as if you
were searching on nothing.

https://fedorahosted.org/freeipa/ticket/2320
This commit is contained in:
Rob Crittenden 2012-05-11 15:28:03 -04:00 committed by Martin Kosek
parent 472f9fc5aa
commit 95bb8d0f45
2 changed files with 39 additions and 0 deletions

View File

@ -387,10 +387,17 @@ class permission_find(LDAPSearch):
del opts['raw']
except:
pass
if 'cn' in options:
# the attribute for name is difference in acis
opts['aciname'] = options['cn']
aciresults = self.api.Command.aci_find(*args, **opts)
truncated = truncated or aciresults['truncated']
results = aciresults['result']
if 'cn' in options:
# there is an option/param overlap if --name is in the
# search list, we don't need cn anymore so drop it.
options.pop('cn')
for aci in results:
found = False
if 'permission' in aci:

View File

@ -226,6 +226,38 @@ class test_permission(Declarative):
),
dict(
desc='Search for %r using --name' % permission1,
command=('permission_find', [], {'cn': permission1}),
expected=dict(
count=1,
truncated=False,
summary=u'1 permission matched',
result=[
{
'dn': lambda x: DN(x) == permission1_dn,
'cn': [permission1],
'member_privilege': [privilege1],
'type': u'user',
'permissions': [u'write'],
},
],
),
),
dict(
desc='Search for non-existence permission using --name',
command=('permission_find', [], {'cn': u'notfound'}),
expected=dict(
count=0,
truncated=False,
summary=u'0 permissions matched',
result=[],
),
),
dict(
desc='Search for %r' % privilege1,
command=('permission_find', [privilege1], {}),