diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-03-03 14:46:51 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-03-07 16:52:40 +0100 |
commit | 02e61961daf87fae22d6891ce2e1d7f8670dd2bf (patch) | |
tree | 2c6b0457c23507264f94bbd2dcbd970812009c35 /ipatests/test_xmlrpc | |
parent | 4048d412f2297df6bb483c86cdb61c21a0081f35 (diff) | |
download | freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.gz freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.tar.xz freeipa-02e61961daf87fae22d6891ce2e1d7f8670dd2bf.zip |
permission-mod: Remove attributelevelrights before reverting entry
LDAPUpdate adds the display-only 'attributelevelrights' attribute,
which doesn't exist in LDAP. Remove it before reverting entry.
https://fedorahosted.org/freeipa/ticket/4212
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc')
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 6aa00f9f7..29effb9a4 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -315,7 +315,6 @@ class test_permission_negative(Declarative): name='ipapermexcludedattr', error='only available on managed permissions'), ), - ] @@ -1631,8 +1630,34 @@ class test_permission_rollback(Declarative): pdn=permission1_dn)), ), + ] + _verifications + [ + + dict( + desc='Try adding an invalid attribute on %r with --all --rights' % permission1, + command=( + 'permission_mod', [permission1], dict( + attrs=[u'cn', u'bogusattributexyz'], + rights=True, + all=True, + ) + ), + expected=errors.InvalidSyntax( + attr=r'targetattr "bogusattributexyz" does not exist ' + r'in schema. Please add attributeTypes ' + r'"bogusattributexyz" to schema if necessary. ACL Syntax ' + r'Error(-5):(targetattr = \22bogusattributexyz || cn\22)' + r'(target = \22ldap:///%(tdn)s\22)' + r'(version 3.0;acl \22permission:%(name)s\22;' + r'allow (write) groupdn = \22ldap:///%(dn)s\22;)' % dict( + tdn=DN('uid=admin', users_dn), + name=permission1, + dn=permission1_dn), + ), + ), + ] + _verifications + class test_permission_sync_attributes(Declarative): """Test the effects of setting permission attributes""" cleanup_commands = [ |