diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2013-12-13 11:10:28 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-12-13 15:08:52 +0100 |
| commit | d38748d64f5c7fb098b839b3c00a1f812d510d3b (patch) | |
| tree | 48c205c3ac981bee6a732e98903e4407b3ff0a5e | |
| parent | 7fc35ced1d83d9901f4a1bf59482c3c4666d6079 (diff) | |
| download | freeipa-d38748d64f5c7fb098b839b3c00a1f812d510d3b.tar.gz freeipa-d38748d64f5c7fb098b839b3c00a1f812d510d3b.tar.xz freeipa-d38748d64f5c7fb098b839b3c00a1f812d510d3b.zip | |
Make sure SYSTEM permissions can be retreived with --all --raw
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
| -rw-r--r-- | ipalib/plugins/permission.py | 12 | ||||
| -rw-r--r-- | ipatests/test_xmlrpc/test_dns_plugin.py | 18 |
2 files changed, 26 insertions, 4 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index f3f001b7..bdde3e32 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -310,8 +310,16 @@ class permission(baseldap.LDAPObject): if options.get('raw'): # Retreive the ACI from LDAP to ensure we get the real thing - acientry, acistring = self._get_aci_entry_and_string(entry) - entry.single_value['aci'] = acistring + try: + acientry, acistring = self._get_aci_entry_and_string(entry) + except errors.NotFound: + if list(entry.get('ipapermissiontype')) == ['SYSTEM']: + # SYSTEM permissions don't have normal ACIs + pass + else: + raise + else: + entry.single_value['aci'] = acistring if not client_has_capability(options['version'], 'permissions2'): # Legacy clients expect some attributes as a single value diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 8dbdec6b..d301458d 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -1349,7 +1349,6 @@ class test_dns(Declarative): '"%s" already exists' % dnszone1_permission) ), - dict( desc='Make sure the permission was created %r' % dnszone1, command=( @@ -1367,6 +1366,22 @@ class test_dns(Declarative): ), ), + dict( + desc='Retrieve the permission %r with --all --raw' % dnszone1, + command=( + 'permission_show', [dnszone1_permission], {} + ), + expected=dict( + value=dnszone1_permission, + summary=None, + result={ + 'dn': dnszone1_permission_dn, + 'cn': [dnszone1_permission], + 'objectclass': objectclasses.system_permission, + 'ipapermissiontype': [u'SYSTEM'], + }, + ), + ), dict( desc='Try to remove per-zone permission for unknown zone', @@ -1374,7 +1389,6 @@ class test_dns(Declarative): expected=errors.NotFound(reason=u'does.not.exist: DNS zone not found') ), - dict( desc='Remove per-zone permission for zone %r' % dnszone1, command=( |