From 81020a2ffaa13edbdaa4ff377b748fb623fe0c09 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 14 Feb 2011 10:18:31 -0500 Subject: A mod command should not be able to remove a required attribute. Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852 --- ipalib/plugins/baseldap.py | 9 ++++++ tests/test_xmlrpc/test_attr.py | 64 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py index 6817af41..f403990f 100644 --- a/ipalib/plugins/baseldap.py +++ b/ipalib/plugins/baseldap.py @@ -416,6 +416,14 @@ def _check_single_value_attrs(params, entry_attrs): if a in params and not params[a].multivalue: raise errors.OnlyOneValueAllowed(attr=a) +# setattr or --option='' can cause parameters to be empty that are otherwise +# required, make sure we enforce that. +def _check_empty_attrs(params, entry_attrs): + for (a, v) in entry_attrs.iteritems(): + if v is None or (isinstance(v, basestring) and len(v) == 0): + if a in params and params[a].required: + raise errors.RequirementError(name=a) + class CallbackInterface(Method): """ @@ -799,6 +807,7 @@ class LDAPUpdate(LDAPQuery, crud.Update): ) _check_single_value_attrs(self.params, entry_attrs) + _check_empty_attrs(self.obj.params, entry_attrs) rdnupdate = False try: diff --git a/tests/test_xmlrpc/test_attr.py b/tests/test_xmlrpc/test_attr.py index 25d8a533..125b9b3f 100644 --- a/tests/test_xmlrpc/test_attr.py +++ b/tests/test_xmlrpc/test_attr.py @@ -18,7 +18,7 @@ # along with this program. If not, see . """ -Test --setattr and --addattr +Test --setattr and --addattr and other attribute-specific issues """ from ipalib import api, errors @@ -175,4 +175,66 @@ class test_attr(Declarative): ), ), + + dict( + desc='Try setting givenname to None with setattr in %r' % user1, + command=( + 'user_mod', [user1], dict(setattr=(u'givenname=')) + ), + expected=errors.RequirementError(name='givenname'), + ), + + + dict( + desc='Try setting givenname to None with option in %r' % user1, + command=( + 'user_mod', [user1], dict(givenname=None) + ), + expected=errors.RequirementError(name='givenname'), + ), + + + dict( + desc='Make sure setting givenname works with option in %r' % user1, + command=( + 'user_mod', [user1], dict(givenname=u'Fred') + ), + expected=dict( + result=dict( + givenname=[u'Fred'], + homedirectory=[u'/home/tuser1'], + loginshell=[u'/bin/sh'], + sn=[u'User1'], + uid=[user1], + memberof_group=[u'ipausers'], + telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], + nsaccountlock=[u'False'], + ), + summary=u'Modified user "tuser1"', + value=user1, + ), + ), + + + dict( + desc='Make sure setting givenname works with setattr in %r' % user1, + command=( + 'user_mod', [user1], dict(setattr=u'givenname=Finkle') + ), + expected=dict( + result=dict( + givenname=[u'Finkle'], + homedirectory=[u'/home/tuser1'], + loginshell=[u'/bin/sh'], + sn=[u'User1'], + uid=[user1], + memberof_group=[u'ipausers'], + telephonenumber=[u'301-555-1212', u'202-888-9833', u'703-555-1212'], + nsaccountlock=[u'False'], + ), + summary=u'Modified user "tuser1"', + value=user1, + ), + ), + ] -- cgit