diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2012-04-11 09:37:15 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-04-11 22:29:32 -0400 |
commit | 04d0215efb2ab9ec73827f2777689aed99d4931e (patch) | |
tree | 00fbd6477f5c3ca96f8efd9385f192ff8d850454 | |
parent | 05f90cfd20f828da239f5e8cc4f2af2c128b1274 (diff) | |
download | freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.tar.gz freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.tar.xz freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.zip |
Unable to rename permission object
The update was failing because of the case insensitivity of permission
object DN. Unit-tests added.
https://fedorahosted.org/freeipa/ticket/2571
-rw-r--r-- | ipalib/plugins/permission.py | 19 | ||||
-rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 45 |
2 files changed, 52 insertions, 12 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 9b669d9f..92203f17 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -335,14 +335,17 @@ class permission_mod(LDAPUpdate): # when renaming permission, check if the target permission does not # exists already. Then, make changes to underlying ACI if 'rename' in options: - try: - new_dn = dn.replace(keys[-1], options['rename'], 1) - (new_dn, attrs) = ldap.get_entry( - new_dn, attrs_list, normalize=self.obj.normalize_dn - ) - raise errors.DuplicateEntry() - except errors.NotFound: - pass # permission may be renamed, continue + if options['rename']: + try: + new_dn = dn.replace(keys[-1].lower(), options['rename'], 1) + (new_dn, attrs) = ldap.get_entry( + new_dn, attrs_list, normalize=self.obj.normalize_dn + ) + raise errors.DuplicateEntry() + except errors.NotFound: + pass # permission may be renamed, continue + else: + raise errors.ValidationError(name='rename',error=_('New name can not be empty')) opts = copy.copy(options) for o in ['all', 'raw', 'rights', 'rename']: diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index d730399c..8ee682a5 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -36,6 +36,10 @@ permission1_renamed = u'testperm1_rn' permission1_renamed_dn = DN(('cn',permission1_renamed), api.env.container_permission,api.env.basedn) +permission1_renamed_ucase = u'Testperm_RN' +permission1_renamed_ucase_dn = DN(('cn',permission1_renamed_ucase.lower()), + api.env.container_permission,api.env.basedn) + permission2 = u'testperm2' permission2_dn = DN(('cn',permission2), @@ -466,6 +470,17 @@ class test_permission(Declarative): dict( + desc='Try to rename %r to empty name' % (permission1), + command=( + 'permission_mod', [permission1], dict(rename=u'', + permissions=u'all',) + ), + expected=errors.ValidationError(name=u'rename', + error=u'New name can not be empty'), + ), + + + dict( desc='Check integrity of original permission %r' % permission1, command=('permission_show', [permission1], {}), expected=dict( @@ -506,12 +521,34 @@ class test_permission(Declarative): dict( - desc='Delete %r' % permission1_renamed, - command=('permission_del', [permission1_renamed], {}), + desc='Rename %r to permission %r' % (permission1_renamed, + permission1_renamed_ucase), + command=( + 'permission_mod', [permission1_renamed], dict(rename=permission1_renamed_ucase, + permissions= u'write',) + ), expected=dict( - result=dict(failed=u''), value=permission1_renamed, - summary=u'Deleted permission "%s"' % permission1_renamed, + summary=u'Modified permission "%s"' % permission1_renamed, + result={ + 'dn': lambda x: DN(x) == permission1_renamed_ucase_dn, + 'cn': [permission1_renamed_ucase.lower()], + 'member_privilege': [privilege1], + 'type': u'user', + 'permissions': [u'write'], + 'memberof': u'ipausers', + }, + ), + ), + + + dict( + desc='Delete %r' % permission1_renamed_ucase, + command=('permission_del', [permission1_renamed_ucase], {}), + expected=dict( + result=dict(failed=u''), + value=permission1_renamed_ucase, + summary=u'Deleted permission "%s"' % permission1_renamed_ucase, ) ), |