diff options
-rw-r--r-- | ipalib/plugins/permission.py | 3 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 27 |
2 files changed, 29 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 670e3f1c6..79335404a 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -988,6 +988,9 @@ class permission_mod(baseldap.LDAPUpdate): else: self.obj.update_aci(entry, old_entry.single_value['cn']) except Exception: + # Don't revert attribute which doesn't exist in LDAP + entry.pop('attributelevelrights', None) + self.log.error('Error updating ACI: %s' % traceback.format_exc()) self.log.warn('Reverting entry') old_entry.reset_modlist(entry) diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 6aa00f9f7..29effb9a4 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -315,7 +315,6 @@ class test_permission_negative(Declarative): name='ipapermexcludedattr', error='only available on managed permissions'), ), - ] @@ -1631,8 +1630,34 @@ class test_permission_rollback(Declarative): pdn=permission1_dn)), ), + ] + _verifications + [ + + dict( + desc='Try adding an invalid attribute on %r with --all --rights' % permission1, + command=( + 'permission_mod', [permission1], dict( + attrs=[u'cn', u'bogusattributexyz'], + rights=True, + all=True, + ) + ), + expected=errors.InvalidSyntax( + attr=r'targetattr "bogusattributexyz" does not exist ' + r'in schema. Please add attributeTypes ' + r'"bogusattributexyz" to schema if necessary. ACL Syntax ' + r'Error(-5):(targetattr = \22bogusattributexyz || cn\22)' + r'(target = \22ldap:///%(tdn)s\22)' + r'(version 3.0;acl \22permission:%(name)s\22;' + r'allow (write) groupdn = \22ldap:///%(dn)s\22;)' % dict( + tdn=DN('uid=admin', users_dn), + name=permission1, + dn=permission1_dn), + ), + ), + ] + _verifications + class test_permission_sync_attributes(Declarative): """Test the effects of setting permission attributes""" cleanup_commands = [ |