summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-14 10:18:31 -0500
committerRob Crittenden <rcritten@redhat.com>2011-02-14 14:46:29 -0500
commit81020a2ffaa13edbdaa4ff377b748fb623fe0c09 (patch)
tree581250c8510f567a101eb10243cb63dd78aae0f3
parent22c3a681da7ec5c84e8822eb325c647a8e89942a (diff)
downloadfreeipa-81020a2ffaa13edbdaa4ff377b748fb623fe0c09.tar.gz
freeipa-81020a2ffaa13edbdaa4ff377b748fb623fe0c09.tar.xz
freeipa-81020a2ffaa13edbdaa4ff377b748fb623fe0c09.zip
A mod command should not be able to remove a required attribute.
Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852
-rw-r--r--ipalib/plugins/baseldap.py9
-rw-r--r--tests/test_xmlrpc/test_attr.py64
2 files changed, 72 insertions, 1 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 6817af41..f403990f 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -416,6 +416,14 @@ def _check_single_value_attrs(params, entry_attrs):
if a in params and not params[a].multivalue:
raise errors.OnlyOneValueAllowed(attr=a)
+# setattr or --option='' can cause parameters to be empty that are otherwise
+# required, make sure we enforce that.
+def _check_empty_attrs(params, entry_attrs):
+ for (a, v) in entry_attrs.iteritems():
+ if v is None or (isinstance(v, basestring) and len(v) == 0):
+ if a in params and params[a].required:
+ raise errors.RequirementError(name=a)
+
class CallbackInterface(Method):
"""
@@ -799,6 +807,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
)
_check_single_value_attrs(self.params, entry_attrs)
+ _check_empty_attrs(self.obj.params, entry_attrs)
rdnupdate = False
try:
diff --git a/tests/test_xmlrpc/test_attr.py b/tests/test_xmlrpc/test_attr.py
index 25d8a533..125b9b3f 100644
--- a/tests/test_xmlrpc/test_attr.py
+++ b/tests/test_xmlrpc/test_attr.py
@@ -18,7 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
-Test --setattr and --addattr
+Test --setattr and --addattr and other attribute-specific issues
"""
from ipalib import api, errors
@@ -175,4 +175,66 @@ class test_attr(Declarative):
),
),
+
+ dict(
+ desc='Try setting givenname to None with setattr in %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(setattr=(u'givenname='))
+ ),
+ expected=errors.RequirementError(name='givenname'),
+ ),
+
+
+ dict(
+ desc='Try setting givenname to None with option in %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(givenname=None)
+ ),
+ expected=errors.RequirementError(name='givenname'),
+ ),
+
+
+ dict(
+ desc='Make sure setting givenname works with option in %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(givenname=u'Fred')
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Fred'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ memberof_group=[u'ipausers'],
+ telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
+
+ dict(
+ desc='Make sure setting givenname works with setattr in %r' % user1,
+ command=(
+ 'user_mod', [user1], dict(setattr=u'givenname=Finkle')
+ ),
+ expected=dict(
+ result=dict(
+ givenname=[u'Finkle'],
+ homedirectory=[u'/home/tuser1'],
+ loginshell=[u'/bin/sh'],
+ sn=[u'User1'],
+ uid=[user1],
+ memberof_group=[u'ipausers'],
+ telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'],
+ nsaccountlock=[u'False'],
+ ),
+ summary=u'Modified user "tuser1"',
+ value=user1,
+ ),
+ ),
+
]