2 files changed, 0 insertions, 121 deletions

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 2d300e246..2cf42bbc0 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -24,7 +24,6 @@ from ipalib import api, _, ngettext
 from ipalib import Flag, Str, StrEnum
 from ipalib.request import context
 from ipalib import errors
-from ipalib.dn import DN
 
 __doc__ = _("""
 Permissions
@@ -91,44 +90,6 @@ output_params = (
     ),
 )
 
-dn_ipaconfig = str(DN('cn=ipaconfig,cn=etc,%s' % api.env.basedn))
-
-
-def check_attrs(attrs, type):
-    # Trying to delete attributes - no need for validation
-    if attrs is None:
-        return True
-    allowed_objcls=[]
-    disallowed_objcls=[]
-    obj=api.Object[type]
-
-    if obj.object_class_config:
-        (dn,objcls)=api.Backend.ldap2.get_entry(
-            dn_ipaconfig,[obj.object_class_config]
-            )
-        allowed_objcls=objcls[obj.object_class_config]
-    else:
-        allowed_objcls=obj.object_class
-    if obj.possible_objectclasses:
-        allowed_objcls+=obj.possible_objectclasses
-    if obj.disallow_object_classes:
-        disallowed_objcls=obj.disallow_object_classes
-
-    allowed_attrs=[]
-    disallowed_attrs=[]
-    if allowed_objcls:
-        allowed_attrs=api.Backend.ldap2.get_allowed_attributes(allowed_objcls)
-    if disallowed_objcls:
-        disallowed_attrs=api.Backend.ldap2.get_allowed_attributes(disallowed_objcls)
-    failed_attrs=[]
-    for attr in attrs:
-        if (attr not in allowed_attrs) or (attr in disallowed_attrs):
-            failed_attrs.append(attr)
-    if failed_attrs:
-        raise errors.ObjectclassViolation(info='attribute(s) \"%s\" not allowed' % ','.join(failed_attrs))
-    return True
-
-
 class permission(LDAPObject):
     """
     Permission object.
@@ -234,8 +195,6 @@ class permission_add(LDAPCreate):
         opts['permission'] = keys[-1]
         opts['aciprefix'] = ACI_PREFIX
         try:
-            if 'type' in entry_attrs and 'attrs' in entry_attrs:
-                check_attrs(entry_attrs['attrs'],entry_attrs['type'])
             self.api.Command.aci_add(keys[-1], **opts)
         except Exception, e:
             raise e
@@ -317,21 +276,6 @@ class permission_mod(LDAPUpdate):
         except errors.NotFound:
             self.obj.handle_not_found(*keys)
 
-        # check the correctness of attributes only when the type is specified
-        type=None
-        attrs_to_check=[]
-        current_values=self.api.Command.permission_show(attrs['cn'][0])['result']
-        if 'type' in entry_attrs:
-            type = entry_attrs['type']
-        elif 'type' in current_values:
-            type = current_values['type']
-        if 'attrs' in entry_attrs:
-            attrs_to_check = entry_attrs['attrs']
-        elif 'attrs' in current_values:
-            attrs_to_check = current_values['attrs']
-        if attrs_to_check and type is not None:
-            check_attrs(attrs_to_check,type)
-
         # when renaming permission, check if the target permission does not
         # exists already. Then, make changes to underlying ACI
         if 'rename' in options:
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index d67a427be..14cfcbc78 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -133,71 +133,6 @@ class test_permission(Declarative):
 
 
         dict(
-            desc='Try to create %r with invalid attribute \'ipaclientversion\'' % permission2,
-            command=(
-                'permission_add', [permission2], dict(
-                     type=u'user',
-                     permissions=u'write',
-                     attrs=u'ipaclientversion',
-                ),
-            ),
-            expected=errors.ObjectclassViolation(info=u'attribute(s) \"ipaclientversion\" not allowed'),
-        ),
-
-
-        dict(
-            desc='Add allowed attribute \'cn\' to %r' % permission1,
-            command=(
-                'permission_mod', [permission1], dict(
-                     attrs=u'cn',
-                )
-            ),
-            expected=dict(
-                value=permission1,
-                summary=u'Modified permission "%s"' % permission1,
-                result=dict(
-                    dn=lambda x: DN(x) == permission1_dn,
-                    cn=[permission1],
-                    type=u'user',
-                    permissions=[u'write'],
-                    attrs=[u'cn'],
-                ),
-            ),
-        ),
-
-
-        dict(
-            desc='Try to modify %r with invalid attribute \'ipaclientversion\'' % permission1,
-            command=(
-                'permission_mod', [permission1], dict(
-                     attrs=u'ipaclientversion',
-                ),
-            ),
-            expected=errors.ObjectclassViolation(info=u'attribute(s) \"ipaclientversion\" not allowed'),
-        ),
-
-
-        dict(
-            desc='Unset attribute \'cn\' of %r' % permission1,
-            command=(
-                'permission_mod', [permission1], dict(
-                     attrs=None,
-                )
-            ),
-            expected=dict(
-                value=permission1,
-                summary=u'Modified permission "%s"' % permission1,
-                result=dict(
-                    dn=lambda x: DN(x) == permission1_dn,
-                    cn=[permission1],
-                    type=u'user',
-                    permissions=[u'write'],
-                ),
-            ),
-        ),
-
-
-        dict(
             desc='Create %r' % privilege1,
             command=('privilege_add', [privilege1],
                 dict(description=u'privilege desc. 1')