From 2637116eab51be16c33745d51f284aaee0c57ae1 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Fri, 4 Jul 2014 10:20:04 +0200
Subject: Allow to add managed permission for reverse zones

Ticket: https://fedorahosted.org/freeipa/ticket/4422
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
---
 API.txt                                 | 14 +++++++-------
 VERSION                                 |  4 ++--
 ipalib/plugins/permission.py            |  4 ++--
 ipatests/test_xmlrpc/test_dns_plugin.py | 34 ++++++++++++++++++++++++++++++++-
 4 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/API.txt b/API.txt
index 0181f7d6c..04107281e 100644
--- a/API.txt
+++ b/API.txt
@@ -2473,7 +2473,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: permission_add_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2484,7 +2484,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_add_noaci
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', multivalue=False, required=True)
 option: Str('ipapermissiontype', cli_name='ipapermissiontype', multivalue=True, required=True)
 option: Flag('no_members', autofill=True, cli_name='no_members', default=False, exclude='webui', multivalue=False, required=True)
@@ -2495,7 +2495,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: permission_del
 args: 1,3,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 option: Flag('force', autofill=True, default=False)
 option: Str('version?', exclude='webui')
@@ -2507,7 +2507,7 @@ args: 1,24,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, query=True, required=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=False)
 option: Str('extratargetfilter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False)
 option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False)
 option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, query=True, required=False, values=(u'permission', u'all', u'anonymous'))
@@ -2535,7 +2535,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: permission_mod
 args: 1,24,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, required=False)
@@ -2565,7 +2565,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: permission_remove_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2576,7 +2576,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_show
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.:/]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
diff --git a/VERSION b/VERSION
index e37f51de8..78baf5a2f 100644
--- a/VERSION
+++ b/VERSION
@@ -89,5 +89,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=100
-# Last change: tbabej - Fix IPA OTP DateTime params
+IPA_API_VERSION_MINOR=101
+# Last change: mbasti - Allow '/' in permission name
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 30571bea3..edd316be6 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -223,9 +223,9 @@ class permission(baseldap.LDAPObject):
             cli_name='name',
             label=_('Permission name'),
             primary_key=True,
-            pattern='^[-_ a-zA-Z0-9.:]+$',
+            pattern='^[-_ a-zA-Z0-9.:/]+$',
             pattern_errmsg="May only contain letters, numbers, "
-                           "-, _, ., :, and space",
+                           "-, _, ., :, /, and space",
         ),
         StrEnum(
             'ipapermright*',
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 9937af9b6..1f22e244a 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -96,6 +96,10 @@ revzone3_classless2_ip = u'172.16.70.128'
 revzone3_classless2_ipprefix = u'172.16.70.'
 revzone3_classless2_dn = DN(('idnsname', revzone3_classless2), api.env.container_dns, api.env.basedn)
 
+revzone3_classless2_permission = u'Manage DNS zone %s' % revzone3_classless2
+revzone3_classless2_permission_dn = DN(('cn', revzone3_classless2_permission),
+                           api.env.container_permission, api.env.basedn)
+
 name1 = u'testdnsres'
 name1_dnsname = DNSName(name1)
 name1_dn = DN(('idnsname',name1), zone1_dn)
@@ -266,7 +270,8 @@ class test_dns(Declarative):
                                'idnsallowsyncptr' : None,
                                }),
         ('permission_del', [zone1_permission, idnzone1_permission,
-                            fwzone1_permission], {'force': True}
+                            fwzone1_permission,
+                            revzone3_classless2_permission], {'force': True}
         ),
     ]
 
@@ -1815,6 +1820,33 @@ class test_dns(Declarative):
             },
         ),
 
+
+        dict(
+            desc='Add per-zone permission for classless zone %r' % revzone3_classless2,
+            command=(
+                'dnszone_add_permission', [revzone3_classless2], {}
+            ),
+            expected=dict(
+                result=True,
+                value=revzone3_classless2_permission,
+                summary=u'Added system permission "%s"' % revzone3_classless2_permission,
+            ),
+        ),
+
+
+        dict(
+            desc='Remove per-zone permission for classless zone %r' % revzone3_classless2,
+            command=(
+                'dnszone_remove_permission', [revzone3_classless2], {}
+            ),
+            expected=dict(
+                result=True,
+                value=revzone3_classless2_permission,
+                summary=u'Removed system permission "%s"' % revzone3_classless2_permission,
+            ),
+        ),
+
+
         dict(
             desc='Add NS record to %r in revzone %r' % (nsrev, revzone3_classless1),
             command=('dnsrecord_add', [revzone3_classless1, nsrev], {'nsrecord': zone3_ns2}),
-- 
cgit