diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-02-25 17:24:02 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 14:18:12 +0100 |
commit | 1df9b5836ad26bab3513b726305f5e061424e2c9 (patch) | |
tree | 25a46abf01a2cebc371309e488c3b823a236cfc3 /ipatests/test_xmlrpc | |
parent | d0e83dbccfdb35b1cdd4963ce4ffb2ff0627b066 (diff) | |
download | freeipa-1df9b5836ad26bab3513b726305f5e061424e2c9.tar.gz freeipa-1df9b5836ad26bab3513b726305f5e061424e2c9.tar.xz freeipa-1df9b5836ad26bab3513b726305f5e061424e2c9.zip |
Allow modifying permissions with ":" in the name
The ":" character will be reserved for default permissions, so that
users cannot create a permission with a name that will later be
added as a default.
Allow the ":" character modifying/deleting permissions*, but not
when creating them. Also do not allow the new name to contain ":"
when renaming.
(* modify/delete have unrelated restrictions on managed permissions)
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc')
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 5f305aa54..105f713f5 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -245,6 +245,18 @@ class test_permission_negative(Declarative): verify_permission_aci_missing(permission1, users_dn), dict( + desc='Try to create permission with : in the name', + command=('permission_add', ['bad:' + permission1], dict( + type=u'user', + ipapermright=u'write', + )), + expected=errors.ValidationError(name='name', + error='May only contain letters, numbers, -, _, ., and space'), + ), + + verify_permission_aci_missing(permission1, users_dn), + + dict( desc='Try to create permission with full and extra target filter', command=('permission_add', [permission1], dict( type=u'user', @@ -1522,6 +1534,19 @@ class test_permission(Declarative): name='ipapermlocation', error='Entry %s does not exist' % nonexistent_dn) ), + + dict( + desc='Search for nonexisting permission with ":" in the name', + command=( + 'permission_find', ['doesnotexist:' + permission1], {} + ), + expected=dict( + count=0, + truncated=False, + summary=u'0 permissions matched', + result=[], + ), + ), ] |