permission plugin: Allow multiple values for memberof

Design: http://www.freeipa.org/page/V3/Multivalued_target_filters_in_permissions Additional fix for: https://fedorahosted.org/freeipa/ticket/4074 Reviewed-By: Martin Kosek <mkosek@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-02-27 14:38:16 +0100
committer: Petr Viktorin <pviktori@redhat.com> 2014-03-07 20:05:28 +0100
commit: 0c2aec1be52af311feab15c01d03dfaff4b60fce (patch)
tree: 457d176bc7e4aa472f41e4a086d11442b9dc79cf /ipatests/test_xmlrpc/test_permission_plugin.py
parent: 02e61961daf87fae22d6891ce2e1d7f8670dd2bf (diff)
download: freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.tar.gz
freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.tar.xz
freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index 29effb9a4..e9e2fea0e 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -3255,4 +3255,44 @@ class test_permission_filters(Declarative):
             '(version 3.0;acl "permission:%s";' % permission1 +
             'allow (write) groupdn = "ldap:///%s";)' % permission1_dn,
         ),
+
+        dict(
+            desc='Add multiple memberof to %r' % permission1,
+            command=(
+                'permission_mod', [permission1],
+                dict(
+                    memberof=[u'admins', u'editors'],
+                ),
+            ),
+            expected=dict(
+                value=permission1,
+                summary=u'Modified permission "%s"' % permission1,
+                result=dict(
+                    dn=permission1_dn,
+                    cn=[permission1],
+                    objectclass=objectclasses.permission,
+                    ipapermright=[u'write'],
+                    memberof=[u'admins', u'editors'],
+                    ipapermbindruletype=[u'permission'],
+                    ipapermissiontype=[u'SYSTEM', u'V2'],
+                    ipapermlocation=[api.env.basedn],
+                    ipapermtargetfilter=[
+                        u'(uid=abc)',
+                        u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn),
+                        u'(memberOf=%s)' % DN(('cn', 'editors'), groups_dn),
+                    ],
+                ),
+            ),
+        ),
+
+        verify_permission_aci(
+            permission1, api.env.basedn,
+            '(targetfilter = "(&'
+                '(memberOf=%s)' % DN(('cn', 'admins'), groups_dn) +
+                '(memberOf=%s)' % DN(('cn', 'editors'), groups_dn) +
+                '(uid=abc)' +
+            ')")' +
+            '(version 3.0;acl "permission:%s";' % permission1 +
+            'allow (write) groupdn = "ldap:///%s";)' % permission1_dn,
+        ),
     ]
author	Petr Viktorin <pviktori@redhat.com>	2014-02-27 14:38:16 +0100
committer	Petr Viktorin <pviktori@redhat.com>	2014-03-07 20:05:28 +0100
commit	0c2aec1be52af311feab15c01d03dfaff4b60fce (patch)
tree	457d176bc7e4aa472f41e4a086d11442b9dc79cf /ipatests/test_xmlrpc/test_permission_plugin.py
parent	02e61961daf87fae22d6891ce2e1d7f8670dd2bf (diff)
download	freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.tar.gz freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.tar.xz freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.zip