permission plugin: Support searching by extratargetfilter

The extratargetfilter behaves exactly like targetfilter, so that e.g. ipa permission-find --filter=(objectclass=ipausergroup) finds all permissions with that filter in the ACI. Part of the work for https://fedorahosted.org/freeipa/ticket/4216 Reviewed-By: Martin Kosek <mkosek@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-03-07 18:56:35 +0100
committer: Martin Kosek <mkosek@redhat.com> 2014-03-14 10:14:05 +0100
commit: 29eef98c7609d83b44a653f967cd4cc44b577497 (patch)
tree: 76140b6ded81372d4b856bc67d678f7357f782d4 /ipatests/test_xmlrpc/test_permission_plugin.py
parent: fe2a41e8a3906eff51e66ff3a6204304a44fdeef (diff)
download: freeipa-29eef98c7609d83b44a653f967cd4cc44b577497.tar.gz
freeipa-29eef98c7609d83b44a653f967cd4cc44b577497.tar.xz
freeipa-29eef98c7609d83b44a653f967cd4cc44b577497.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index 2a86a7437..e9a892675 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -2382,6 +2382,48 @@ class test_permission_targetfilter(Declarative):
             'allow (write) groupdn = "ldap:///%s";)' % permission1_dn
         ),
 
+    ] + [
+        dict(
+            desc='Search for %r using %s %s' % (permission1, value_name, option_name),
+            command=(
+                'permission_find', [],
+                {option_name: value, 'all': True}
+            ),
+            expected=dict(
+                summary=u'1 permission matched' if should_find else u'0 permissions matched',
+                truncated=False,
+                count=1 if should_find else 0,
+                result=[dict(
+                    dn=permission1_dn,
+                    cn=[permission1],
+                    objectclass=objectclasses.permission,
+                    type=[u'user'],
+                    ipapermright=[u'write'],
+                    attrs=[u'sn'],
+                    ipapermincludedattr=[u'sn'],
+                    ipapermbindruletype=[u'permission'],
+                    ipapermissiontype=[u'SYSTEM', u'V2'],
+                    ipapermlocation=[users_dn],
+                    memberof=[u'admins'],
+                    extratargetfilter=[u'(cn=*)'],
+                    ipapermtargetfilter=[
+                        u'(cn=*)',
+                        u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
+                        u'(objectclass=posixaccount)'],
+                )] if should_find else [],
+            ),
+        )
+        for option_name in (
+            'extratargetfilter',
+            'ipapermtargetfilter',
+        )
+        for value_name, value, should_find in (
+            ('"extra"', u'(cn=*)', True),
+            ('"non-extra"', u'(objectclass=posixaccount)', True),
+            ('non-existing', u'(sn=insert a very improbable last name)', False),
+        )
+    ] + [
+
     ]
author	Petr Viktorin <pviktori@redhat.com>	2014-03-07 18:56:35 +0100
committer	Martin Kosek <mkosek@redhat.com>	2014-03-14 10:14:05 +0100
commit	29eef98c7609d83b44a653f967cd4cc44b577497 (patch)
tree	76140b6ded81372d4b856bc67d678f7357f782d4 /ipatests/test_xmlrpc/test_permission_plugin.py
parent	fe2a41e8a3906eff51e66ff3a6204304a44fdeef (diff)
download	freeipa-29eef98c7609d83b44a653f967cd4cc44b577497.tar.gz freeipa-29eef98c7609d83b44a653f967cd4cc44b577497.tar.xz freeipa-29eef98c7609d83b44a653f967cd4cc44b577497.zip