diff options
| author | Tomas Babej <tbabej@redhat.com> | 2012-08-22 10:39:01 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-08-29 16:02:43 -0400 |
| commit | 7e9eb9caad731ef3ecb8e733a4979d375ec5a1b5 (patch) | |
| tree | 89b62394a3f7f892efaf7d9bfc8b69ed5b63572d | |
| parent | edbcd28f44fb5c123440c246965166d5947554e6 (diff) | |
| download | freeipa.git-7e9eb9caad731ef3ecb8e733a4979d375ec5a1b5.tar.gz freeipa.git-7e9eb9caad731ef3ecb8e733a4979d375ec5a1b5.tar.xz freeipa.git-7e9eb9caad731ef3ecb8e733a4979d375ec5a1b5.zip | |
Fixes different behaviour of permission-mod and show.
Both commands now produce the same output regarding
the attributelevelrights.
https://fedorahosted.org/freeipa/ticket/2875
| -rw-r--r-- | ipalib/plugins/permission.py | 4 | ||||
| -rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 85 |
2 files changed, 88 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index befa74df..75b21091 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -393,8 +393,10 @@ class permission_mod(LDAPUpdate): cn = options['rename'] # rename finished - common_options = filter_options(options, ['all', 'raw']) + # all common options to permission-mod and show need to be listed here + common_options = filter_options(options, ['all', 'raw', 'rights']) result = self.api.Command.permission_show(cn, **common_options)['result'] + for r in result: if not r.startswith('member_'): entry_attrs[r] = result[r] diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index a1062f08..eda96d0e 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -45,6 +45,32 @@ permission2 = u'testperm2' permission2_dn = DN(('cn',permission2), api.env.container_permission,api.env.basedn) +permission3 = u'testperm3' +permission3_dn = DN(('cn',permission3), + api.env.container_permission,api.env.basedn) +permission3_attributelevelrights = { + 'member': u'rscwo', + 'seealso': u'rscwo', + 'ipapermissiontype': u'rscwo', + 'cn': u'rscwo', + 'businesscategory': u'rscwo', + 'objectclass': u'rscwo', + 'memberof': u'rscwo', + 'aci': u'rscwo', + 'subtree': u'rscwo', + 'o': u'rscwo', + 'filter': u'rscwo', + 'attrs': u'rscwo', + 'owner': u'rscwo', + 'group': u'rscwo', + 'ou': u'rscwo', + 'targetgroup': u'rscwo', + 'type': u'rscwo', + 'permissions': u'rscwo', + 'nsaccountlock': u'rscwo', + 'description': u'rscwo', + } + privilege1 = u'testpriv1' privilege1_dn = DN(('cn',privilege1), api.env.container_privilege,api.env.basedn) @@ -57,6 +83,7 @@ class test_permission(Declarative): cleanup_commands = [ ('permission_del', [permission1], {}), ('permission_del', [permission2], {}), + ('permission_del', [permission3], {}), ('privilege_del', [privilege1], {}), ] @@ -860,4 +887,62 @@ class test_permission(Declarative): error='May only contain letters, numbers, -, _, and space'), ), + dict( + desc='Create %r' % permission3, + command=( + 'permission_add', [permission3], dict( + type=u'user', + permissions=u'write', + attrs=[u'cn'] + ) + ), + expected=dict( + value=permission3, + summary=u'Added permission "%s"' % permission3, + result=dict( + dn=permission3_dn, + cn=[permission3], + objectclass=objectclasses.permission, + type=u'user', + permissions=[u'write'], + attrs=(u'cn',), + ), + ), + ), + + dict( + desc='Retrieve %r with --all --rights' % permission3, + command=('permission_show', [permission3], {'all' : True, 'rights' : True}), + expected=dict( + value=permission3, + summary=None, + result=dict( + dn=permission3_dn, + cn=[permission3], + objectclass=objectclasses.permission, + type=u'user', + attrs=(u'cn',), + permissions=[u'write'], + attributelevelrights=permission3_attributelevelrights + ), + ), + ), + + dict( + desc='Modify %r with --all -rights' % permission3, + command=('permission_mod', [permission3], {'all' : True, 'rights': True, 'attrs':[u'cn',u'uid']}), + expected=dict( + value=permission3, + summary=u'Modified permission "%s"' % permission3, + result=dict( + dn=permission3_dn, + cn=[permission3], + objectclass=objectclasses.permission, + type=u'user', + attrs=(u'cn',u'uid'), + permissions=[u'write'], + attributelevelrights=permission3_attributelevelrights, + ), + ), + ), ] |