From 6ff5f28142c46bf5f08fef74c261f75e1baa9f66 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Thu, 31 May 2012 12:39:24 +0200
Subject: permission-find missed some results with --pkey-only option

When permission-find post callback detected a --pkey-only option,
it just terminated. However, this way the results that could have
been added from aci_find matches were not included.

Fix the post callback to go through the entire matching process.
Also make sure that DNS permissions have a correct objectclass
(ipapermission), otherwise such objects are not matched by the
permission LDAP search.

https://fedorahosted.org/freeipa/ticket/2658
---
 tests/test_xmlrpc/test_permission_plugin.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'tests')

diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index d8ff1490..6613c9bb 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -367,6 +367,25 @@ class test_permission(Declarative):
         ),
 
 
+        dict(
+            desc='Search by ACI attribute with --pkey-only',
+            command=('permission_find', [], {'pkey_only': True,
+                                             'attrs': [u'krbminpwdlife']}),
+            expected=dict(
+                count=1,
+                truncated=False,
+                summary=u'1 permission matched',
+                result=[
+                    {
+                        'dn': lambda x: DN(x) == DN(('cn','Modify Group Password Policy'),
+                                                     api.env.container_permission,api.env.basedn),
+                        'cn': [u'Modify Group Password Policy'],
+                    },
+                ],
+            ),
+        ),
+
+
         dict(
             desc='Search for %r' % privilege1,
             command=('privilege_find', [privilege1], {}),
-- 
cgit