Unable to rename permission object

The update was failing because of the case insensitivity of permission object DN. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2571
author: Ondrej Hamada <ohamada@redhat.com> 2012-04-11 09:37:15 +0200
committer: Rob Crittenden <rcritten@redhat.com> 2012-04-11 22:29:32 -0400
commit: 04d0215efb2ab9ec73827f2777689aed99d4931e (patch)
tree: 00fbd6477f5c3ca96f8efd9385f192ff8d850454
parent: 05f90cfd20f828da239f5e8cc4f2af2c128b1274 (diff)
download: freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.tar.gz
freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.tar.xz
freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.zip
2 files changed, 52 insertions, 12 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 9b669d9f..92203f17 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -335,14 +335,17 @@ class permission_mod(LDAPUpdate):
         # when renaming permission, check if the target permission does not
         # exists already. Then, make changes to underlying ACI
         if 'rename' in options:
-            try:
-                new_dn = dn.replace(keys[-1], options['rename'], 1)
-                (new_dn, attrs) = ldap.get_entry(
-                    new_dn, attrs_list, normalize=self.obj.normalize_dn
-                )
-                raise errors.DuplicateEntry()
-            except errors.NotFound:
-                pass    # permission may be renamed, continue
+            if options['rename']:
+                try:
+                    new_dn = dn.replace(keys[-1].lower(), options['rename'], 1)
+                    (new_dn, attrs) = ldap.get_entry(
+                        new_dn, attrs_list, normalize=self.obj.normalize_dn
+                    )
+                    raise errors.DuplicateEntry()
+                except errors.NotFound:
+                    pass    # permission may be renamed, continue
+            else:
+                raise errors.ValidationError(name='rename',error=_('New name can not be empty'))
 
         opts = copy.copy(options)
         for o in ['all', 'raw', 'rights', 'rename']:
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index d730399c..8ee682a5 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -36,6 +36,10 @@ permission1_renamed = u'testperm1_rn'
 permission1_renamed_dn = DN(('cn',permission1_renamed),
                             api.env.container_permission,api.env.basedn)
 
+permission1_renamed_ucase = u'Testperm_RN'
+permission1_renamed_ucase_dn = DN(('cn',permission1_renamed_ucase.lower()),
+                            api.env.container_permission,api.env.basedn)
+
 
 permission2 = u'testperm2'
 permission2_dn = DN(('cn',permission2),
@@ -466,6 +470,17 @@ class test_permission(Declarative):
 
 
         dict(
+            desc='Try to rename %r to empty name' % (permission1),
+            command=(
+                'permission_mod', [permission1], dict(rename=u'',
+                                                      permissions=u'all',)
+            ),
+            expected=errors.ValidationError(name=u'rename',
+                                    error=u'New name can not be empty'),
+        ),
+
+
+        dict(
             desc='Check integrity of original permission %r' % permission1,
             command=('permission_show', [permission1], {}),
             expected=dict(
@@ -506,12 +521,34 @@ class test_permission(Declarative):
 
 
         dict(
-            desc='Delete %r' % permission1_renamed,
-            command=('permission_del', [permission1_renamed], {}),
+            desc='Rename %r to permission %r' % (permission1_renamed,
+                                                 permission1_renamed_ucase),
+            command=(
+                'permission_mod', [permission1_renamed], dict(rename=permission1_renamed_ucase,
+                                                      permissions= u'write',)
+            ),
             expected=dict(
-                result=dict(failed=u''),
                 value=permission1_renamed,
-                summary=u'Deleted permission "%s"' % permission1_renamed,
+                summary=u'Modified permission "%s"' % permission1_renamed,
+                result={
+                    'dn': lambda x: DN(x) == permission1_renamed_ucase_dn,
+                    'cn': [permission1_renamed_ucase.lower()],
+                    'member_privilege': [privilege1],
+                    'type': u'user',
+                    'permissions': [u'write'],
+                    'memberof': u'ipausers',
+                },
+            ),
+        ),
+
+
+        dict(
+            desc='Delete %r' % permission1_renamed_ucase,
+            command=('permission_del', [permission1_renamed_ucase], {}),
+            expected=dict(
+                result=dict(failed=u''),
+                value=permission1_renamed_ucase,
+                summary=u'Deleted permission "%s"' % permission1_renamed_ucase,
             )
         ),
author	Ondrej Hamada <ohamada@redhat.com>	2012-04-11 09:37:15 +0200
committer	Rob Crittenden <rcritten@redhat.com>	2012-04-11 22:29:32 -0400
commit	04d0215efb2ab9ec73827f2777689aed99d4931e (patch)
tree	00fbd6477f5c3ca96f8efd9385f192ff8d850454
parent	05f90cfd20f828da239f5e8cc4f2af2c128b1274 (diff)
download	freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.tar.gz freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.tar.xz freeipa.git-04d0215efb2ab9ec73827f2777689aed99d4931e.zip