diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-02-14 10:18:31 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-02-14 14:46:29 -0500 |
commit | 81020a2ffaa13edbdaa4ff377b748fb623fe0c09 (patch) | |
tree | 581250c8510f567a101eb10243cb63dd78aae0f3 | |
parent | 22c3a681da7ec5c84e8822eb325c647a8e89942a (diff) | |
download | freeipa-81020a2ffaa13edbdaa4ff377b748fb623fe0c09.tar.gz freeipa-81020a2ffaa13edbdaa4ff377b748fb623fe0c09.tar.xz freeipa-81020a2ffaa13edbdaa4ff377b748fb623fe0c09.zip |
A mod command should not be able to remove a required attribute.
Some attribute enforcement is done by schema, others should be done
by the required option in a Parameter. description, for example, is
required by many plugins but not the schema. We need to enforce in the
framework that required options are provided.
After all the setattr/addattr work is done run through the modifications
and ensure that no required values will be removed.
ticket 852
-rw-r--r-- | ipalib/plugins/baseldap.py | 9 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_attr.py | 64 |
2 files changed, 72 insertions, 1 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 6817af41..f403990f 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -416,6 +416,14 @@ def _check_single_value_attrs(params, entry_attrs): if a in params and not params[a].multivalue: raise errors.OnlyOneValueAllowed(attr=a) +# setattr or --option='' can cause parameters to be empty that are otherwise +# required, make sure we enforce that. +def _check_empty_attrs(params, entry_attrs): + for (a, v) in entry_attrs.iteritems(): + if v is None or (isinstance(v, basestring) and len(v) == 0): + if a in params and params[a].required: + raise errors.RequirementError(name=a) + class CallbackInterface(Method): """ @@ -799,6 +807,7 @@ class LDAPUpdate(LDAPQuery, crud.Update): ) _check_single_value_attrs(self.params, entry_attrs) + _check_empty_attrs(self.obj.params, entry_attrs) rdnupdate = False try: diff --git a/tests/test_xmlrpc/test_attr.py b/tests/test_xmlrpc/test_attr.py index 25d8a533..125b9b3f 100644 --- a/tests/test_xmlrpc/test_attr.py +++ b/tests/test_xmlrpc/test_attr.py @@ -18,7 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. """ -Test --setattr and --addattr +Test --setattr and --addattr and other attribute-specific issues """ from ipalib import api, errors @@ -175,4 +175,66 @@ class test_attr(Declarative): ), ), + + dict( + desc='Try setting givenname to None with setattr in %r' % user1, + command=( + 'user_mod', [user1], dict(setattr=(u'givenname=')) + ), + expected=errors.RequirementError(name='givenname'), + ), + + + dict( + desc='Try setting givenname to None with option in %r' % user1, + command=( + 'user_mod', [user1], dict(givenname=None) + ), + expected=errors.RequirementError(name='givenname'), + ), + + + dict( + desc='Make sure setting givenname works with option in %r' % user1, + command=( + 'user_mod', [user1], dict(givenname=u'Fred') + ), + expected=dict( + result=dict( + givenname=[u'Fred'], + homedirectory=[u'/home/tuser1'], + loginshell=[u'/bin/sh'], + sn=[u'User1'], + uid=[user1], + memberof_group=[u'ipausers'], + telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], + nsaccountlock=[u'False'], + ), + summary=u'Modified user "tuser1"', + value=user1, + ), + ), + + + dict( + desc='Make sure setting givenname works with setattr in %r' % user1, + command=( + 'user_mod', [user1], dict(setattr=u'givenname=Finkle') + ), + expected=dict( + result=dict( + givenname=[u'Finkle'], + homedirectory=[u'/home/tuser1'], + loginshell=[u'/bin/sh'], + sn=[u'User1'], + uid=[user1], + memberof_group=[u'ipausers'], + telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], + nsaccountlock=[u'False'], + ), + summary=u'Modified user "tuser1"', + value=user1, + ), + ), + ] |