diff options
-rw-r--r-- | ipalib/plugins/permission.py | 12 | ||||
-rw-r--r-- | ipatests/test_xmlrpc/test_dns_plugin.py | 18 |
2 files changed, 26 insertions, 4 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index f3f001b7..bdde3e32 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -310,8 +310,16 @@ class permission(baseldap.LDAPObject): if options.get('raw'): # Retreive the ACI from LDAP to ensure we get the real thing - acientry, acistring = self._get_aci_entry_and_string(entry) - entry.single_value['aci'] = acistring + try: + acientry, acistring = self._get_aci_entry_and_string(entry) + except errors.NotFound: + if list(entry.get('ipapermissiontype')) == ['SYSTEM']: + # SYSTEM permissions don't have normal ACIs + pass + else: + raise + else: + entry.single_value['aci'] = acistring if not client_has_capability(options['version'], 'permissions2'): # Legacy clients expect some attributes as a single value diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 8dbdec6b..d301458d 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -1349,7 +1349,6 @@ class test_dns(Declarative): '"%s" already exists' % dnszone1_permission) ), - dict( desc='Make sure the permission was created %r' % dnszone1, command=( @@ -1367,6 +1366,22 @@ class test_dns(Declarative): ), ), + dict( + desc='Retrieve the permission %r with --all --raw' % dnszone1, + command=( + 'permission_show', [dnszone1_permission], {} + ), + expected=dict( + value=dnszone1_permission, + summary=None, + result={ + 'dn': dnszone1_permission_dn, + 'cn': [dnszone1_permission], + 'objectclass': objectclasses.system_permission, + 'ipapermissiontype': [u'SYSTEM'], + }, + ), + ), dict( desc='Try to remove per-zone permission for unknown zone', @@ -1374,7 +1389,6 @@ class test_dns(Declarative): expected=errors.NotFound(reason=u'does.not.exist: DNS zone not found') ), - dict( desc='Remove per-zone permission for zone %r' % dnszone1, command=( |