permission plugin: Do not add the ipapermissionv2 for output

As with the flags, the objectclass should be returned as it is
on the entry.

https://fedorahosted.org/freeipa/ticket/4257

Reviewed-By: Martin Kosek <mkosek@redhat.com>

3 files changed, 6 insertions, 7 deletions

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index cc842a68b..1697311d8 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -624,7 +624,7 @@ class permission(baseldap.LDAPObject):
             from the ACI corresponding to ``entry``.
             If None, ``entry`` itself is filled
         :param output_only:
-            If true, the flags are not updated to V2.
+            If true, the flags & objectclass are not updated to V2.
             Used for the -find and -show commands.
         :param cached_acientry:
             Optional pre-retreived entry that contains the existing ACI.
@@ -665,10 +665,9 @@ class permission(baseldap.LDAPObject):
 
         if not output_only:
             target_entry['ipapermissiontype'] = ['SYSTEM', 'V2']
-
-        if 'ipapermissionv2' not in entry['objectclass']:
-            target_entry['objectclass'] = list(entry['objectclass']) + [
-                u'ipapermissionv2']
+            if 'ipapermissionv2' not in entry['objectclass']:
+                target_entry['objectclass'] = list(entry['objectclass']) + [
+                    u'ipapermissionv2']
 
         target_entry['ipapermlocation'] = [self.api.env.basedn]
 
diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py
index c4fa982c8..67c0a1c3f 100644
--- a/ipatests/test_xmlrpc/test_old_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py
@@ -806,7 +806,7 @@ class test_old_permission(Declarative):
                         'dn': DN(('cn','Add user to default group'),
                                  api.env.container_permission, api.env.basedn),
                         'cn': [u'Add user to default group'],
-                        'objectclass': objectclasses.permission,
+                        'objectclass': objectclasses.system_permission,
                         'member_privilege': [u'User Administrators'],
                         'attrs': [u'member'],
                         'targetgroup': u'ipausers',
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index 678f9f918..251305e80 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -1163,7 +1163,7 @@ class test_permission(Declarative):
                         'dn': DN(('cn','Add user to default group'),
                                  api.env.container_permission, api.env.basedn),
                         'cn': [u'Add user to default group'],
-                        'objectclass': objectclasses.permission,
+                        'objectclass': objectclasses.system_permission,
                         'member_privilege': [u'User Administrators'],
                         'attrs': [u'member'],
                         'targetgroup': [u'ipausers'],