freeipa/ipalib
John Dennis 4f03aed5e6 prevent last admin from being disabled
We prevent the last member of the admin group from being deleted. The
same check needs to be performed when disabling a user.

* Moved the code in del_user to the common subroutine
  check_protected_member() and call it from both user_del and
  user_disable. Note, unlike user_del user_disable does not have a
  'pre' callback therefore the check function is called in
  user_disable's execute routine.

* Make check_protected_member() aware of disabled members. It's not
  sufficient to check which members of the protected group are
  present, one must only consider those members which are enabled.

* Add tests to test_user_plugin.py.

  - verify you cannot delete nor disable the last member of the admin
    group

  - verify when the admin group contains disabled users in addition to
    enabled users only the enabled users are considered when
    determining if the last admin is about to be disabled or deleted.

* Replace duplicated hardcoded values in the tests with variables or
  subroutines, this makes the individual tests a bit more succinct and
  easier to copy/modify.

* Update error msg to reflect either deleting or disabling is an error.

https://fedorahosted.org/freeipa/ticket/2979
2012-09-03 18:11:49 +02:00
..
plugins prevent last admin from being disabled 2012-09-03 18:11:49 +02:00
__init__.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
aci.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
backend.py Add CLI parsing tests 2012-03-28 15:25:33 +02:00
base.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
cli.py Rework the CallbackInterface 2012-06-14 11:09:43 +02:00
config.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
constants.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
crud.py Enforce that required attributes can't be set to None in CRUD Update 2012-03-12 17:16:14 +01:00
errors.py prevent last admin from being disabled 2012-09-03 18:11:49 +02:00
frontend.py Improve output validation 2012-06-25 22:04:14 -04:00
krb_utils.py Fix ticket checks when using either s4u2proxy or a delegated krbtgt 2012-03-01 00:56:01 -05:00
output.py Typo fixes 2012-06-25 21:35:11 -04:00
parameters.py Raise Base64DecodeError instead of ConversionError when base64 decoding fails in Bytes parameters. 2012-08-14 15:55:44 +02:00
pkcs10.py Fix assorted bugs found by pylint 2011-01-25 14:01:36 -05:00
plugable.py Disallow setattr on no_update/no_create params 2012-05-29 09:23:26 +02:00
request.py Remove deprecated i18n code from ipalib/request and all references to it. 2011-03-01 10:31:36 -05:00
rpc.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
session.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
text.py Fix regressions introduced by pylint false positive fixes. 2011-05-11 16:50:01 +02:00
util.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00
x509.py Use DN objects instead of strings 2012-08-12 16:23:24 -04:00