diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-02-28 12:23:17 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-07 20:06:52 +0100 |
commit | d727599aa804aecd91de969a9309c1903d0cfdce (patch) | |
tree | 146b99aff9e5308367a9452458dabf6efe9e49ea /ipatests/test_xmlrpc | |
parent | 0c2aec1be52af311feab15c01d03dfaff4b60fce (diff) | |
download | freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.tar.gz freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.tar.xz freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.zip |
permissions plugin: Don't crash with empty targetfilter
https://fedorahosted.org/freeipa/ticket/4206
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc')
-rw-r--r-- | ipatests/test_xmlrpc/test_permission_plugin.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index e9e2fea0e..725fe0ab4 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -3295,4 +3295,51 @@ class test_permission_filters(Declarative): '(version 3.0;acl "permission:%s";' % permission1 + 'allow (write) groupdn = "ldap:///%s";)' % permission1_dn, ), + + dict( + desc='Delete %r' % permission1, + command=('permission_del', [permission1], {}), + expected=dict( + result=dict(failed=u''), + value=permission1, + summary=u'Deleted permission "%s"' % permission1, + ) + ), + + verify_permission_aci_missing(permission1, api.env.basedn), + + dict( + desc='Create %r with empty filters [#4206]' % permission1, + command=( + 'permission_add', [permission1], dict( + type=u'user', + ipapermright=u'write', + ipapermtargetfilter=u'', + ) + ), + expected=dict( + value=permission1, + summary=u'Added permission "%s"' % permission1, + result=dict( + dn=permission1_dn, + cn=[permission1], + objectclass=objectclasses.permission, + type=[u'user'], + ipapermright=[u'write'], + ipapermbindruletype=[u'permission'], + ipapermissiontype=[u'SYSTEM', u'V2'], + ipapermlocation=[users_dn], + ipapermtargetfilter=[ + u'(objectclass=posixaccount)', + ], + ), + ), + ), + + verify_permission_aci( + permission1, users_dn, + '(targetfilter = "(objectclass=posixaccount)")' + + '(version 3.0;acl "permission:%s";' % permission1 + + 'allow (write) groupdn = "ldap:///%s";)' % permission1_dn, + ), ] |