From 1df9b5836ad26bab3513b726305f5e061424e2c9 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Tue, 25 Feb 2014 17:24:02 +0100 Subject: Allow modifying permissions with ":" in the name The ":" character will be reserved for default permissions, so that users cannot create a permission with a name that will later be added as a default. Allow the ":" character modifying/deleting permissions*, but not when creating them. Also do not allow the new name to contain ":" when renaming. (* modify/delete have unrelated restrictions on managed permissions) Reviewed-By: Martin Kosek --- ipatests/test_xmlrpc/test_permission_plugin.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'ipatests/test_xmlrpc/test_permission_plugin.py') diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 5f305aa54..105f713f5 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -244,6 +244,18 @@ class test_permission_negative(Declarative): verify_permission_aci_missing(permission1, users_dn), + dict( + desc='Try to create permission with : in the name', + command=('permission_add', ['bad:' + permission1], dict( + type=u'user', + ipapermright=u'write', + )), + expected=errors.ValidationError(name='name', + error='May only contain letters, numbers, -, _, ., and space'), + ), + + verify_permission_aci_missing(permission1, users_dn), + dict( desc='Try to create permission with full and extra target filter', command=('permission_add', [permission1], dict( @@ -1522,6 +1534,19 @@ class test_permission(Declarative): name='ipapermlocation', error='Entry %s does not exist' % nonexistent_dn) ), + + dict( + desc='Search for nonexisting permission with ":" in the name', + command=( + 'permission_find', ['doesnotexist:' + permission1], {} + ), + expected=dict( + count=0, + truncated=False, + summary=u'0 permissions matched', + result=[], + ), + ), ] -- cgit