diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-12-05 18:18:32 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-12-13 15:08:52 +0100 |
commit | 7fc35ced1d83d9901f4a1bf59482c3c4666d6079 (patch) | |
tree | 18ccbbc269fc59f6b8e88b994ba251933d583289 | |
parent | 53caa7aca21b097e1ca975c1c4b4e7038558bc9b (diff) | |
download | freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.tar.gz freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.tar.xz freeipa-7fc35ced1d83d9901f4a1bf59482c3c4666d6079.zip |
permission plugin: Ensure ipapermlocation (subtree) always exists
-rw-r--r-- | ipalib/plugins/permission.py | 10 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 18 |
2 files changed, 27 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index da1c41d6..f3f001b7 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -623,6 +623,16 @@ class permission(baseldap.LDAPObject): name='ipapermtargetfilter', error=_('Bad search filter')) + # Ensure location exists + if entry.get('ipapermlocation'): + location = DN(entry.single_value['ipapermlocation']) + try: + ldap.get_entry(location, attrs_list=[]) + except errors.NotFound: + raise errors.ValidationError( + name='ipapermlocation', + error=_('Entry %s does not exist') % location) + # Ensure there's something in the ACI's filter needed_attrs = ( 'ipapermtarget', 'ipapermtargetfilter', 'ipapermallowedattr') diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 8b125a90..6259fc83 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -88,6 +88,7 @@ invalid_permission1 = u'bad;perm' users_dn = DN(api.env.container_user, api.env.basedn) groups_dn = DN(api.env.container_group, api.env.basedn) etc_dn = DN('cn=etc', api.env.basedn) +nonexistent_dn = DN('cn=does not exist', api.env.basedn) def verify_permission_aci(name, dn, acistring): @@ -1468,6 +1469,19 @@ class test_permission(Declarative): name='ipapermtargetfilter', error='Bad search filter'), ), + + + dict( + desc='Try setting nonexisting location on %r' % permission1, + command=( + 'permission_mod', [permission1], dict( + ipapermlocation=nonexistent_dn, + ) + ), + expected=errors.ValidationError( + name='ipapermlocation', + error='Entry %s does not exist' % nonexistent_dn) + ), ] @@ -1546,7 +1560,9 @@ class test_permission_rollback(Declarative): ipapermlocation=DN('foo=bar'), ) ), - expected=errors.NotFound(reason='Entry foo=bar not found'), + expected=errors.ValidationError( + name='ipapermlocation', + error='Entry foo=bar does not exist'), ), ] + _verifications + [ |