diff options
-rw-r--r-- | ipalib/plugins/permission.py | 10 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 18 |
2 files changed, 27 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index da1c41d6..f3f001b7 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -623,6 +623,16 @@ class permission(baseldap.LDAPObject): name='ipapermtargetfilter', error=_('Bad search filter')) + # Ensure location exists + if entry.get('ipapermlocation'): + location = DN(entry.single_value['ipapermlocation']) + try: + ldap.get_entry(location, attrs_list=[]) + except errors.NotFound: + raise errors.ValidationError( + name='ipapermlocation', + error=_('Entry %s does not exist') % location) + # Ensure there's something in the ACI's filter needed_attrs = ( 'ipapermtarget', 'ipapermtargetfilter', 'ipapermallowedattr') diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 8b125a90..6259fc83 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -88,6 +88,7 @@ invalid_permission1 = u'bad;perm' users_dn = DN(api.env.container_user, api.env.basedn) groups_dn = DN(api.env.container_group, api.env.basedn) etc_dn = DN('cn=etc', api.env.basedn) +nonexistent_dn = DN('cn=does not exist', api.env.basedn) def verify_permission_aci(name, dn, acistring): @@ -1468,6 +1469,19 @@ class test_permission(Declarative): name='ipapermtargetfilter', error='Bad search filter'), ), + + + dict( + desc='Try setting nonexisting location on %r' % permission1, + command=( + 'permission_mod', [permission1], dict( + ipapermlocation=nonexistent_dn, + ) + ), + expected=errors.ValidationError( + name='ipapermlocation', + error='Entry %s does not exist' % nonexistent_dn) + ), ] @@ -1546,7 +1560,9 @@ class test_permission_rollback(Declarative): ipapermlocation=DN('foo=bar'), ) ), - expected=errors.NotFound(reason='Entry foo=bar not found'), + expected=errors.ValidationError( + name='ipapermlocation', + error='Entry foo=bar does not exist'), ), ] + _verifications + [ |