diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-02-27 14:38:16 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-07 20:05:28 +0100 |
commit | 0c2aec1be52af311feab15c01d03dfaff4b60fce (patch) | |
tree | 457d176bc7e4aa472f41e4a086d11442b9dc79cf /ipatests/test_xmlrpc/test_permission_plugin.py | |
parent | 02e61961daf87fae22d6891ce2e1d7f8670dd2bf (diff) | |
download | freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.tar.gz freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.tar.xz freeipa-0c2aec1be52af311feab15c01d03dfaff4b60fce.zip |
permission plugin: Allow multiple values for memberof
Design: http://www.freeipa.org/page/V3/Multivalued_target_filters_in_permissions
Additional fix for: https://fedorahosted.org/freeipa/ticket/4074
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc/test_permission_plugin.py')
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 29effb9a4..e9e2fea0e 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -3255,4 +3255,44 @@ class test_permission_filters(Declarative): '(version 3.0;acl "permission:%s";' % permission1 + 'allow (write) groupdn = "ldap:///%s";)' % permission1_dn, ), + + dict( + desc='Add multiple memberof to %r' % permission1, + command=( + 'permission_mod', [permission1], + dict( + memberof=[u'admins', u'editors'], + ), + ), + expected=dict( + value=permission1, + summary=u'Modified permission "%s"' % permission1, + result=dict( + dn=permission1_dn, + cn=[permission1], + objectclass=objectclasses.permission, + ipapermright=[u'write'], + memberof=[u'admins', u'editors'], + ipapermbindruletype=[u'permission'], + ipapermissiontype=[u'SYSTEM', u'V2'], + ipapermlocation=[api.env.basedn], + ipapermtargetfilter=[ + u'(uid=abc)', + u'(memberOf=%s)' % DN(('cn', 'admins'), groups_dn), + u'(memberOf=%s)' % DN(('cn', 'editors'), groups_dn), + ], + ), + ), + ), + + verify_permission_aci( + permission1, api.env.basedn, + '(targetfilter = "(&' + '(memberOf=%s)' % DN(('cn', 'admins'), groups_dn) + + '(memberOf=%s)' % DN(('cn', 'editors'), groups_dn) + + '(uid=abc)' + + ')")' + + '(version 3.0;acl "permission:%s";' % permission1 + + 'allow (write) groupdn = "ldap:///%s";)' % permission1_dn, + ), ] |