permissions plugin: Don't crash with empty targetfilter

https://fedorahosted.org/freeipa/ticket/4206 Reviewed-By: Martin Kosek <mkosek@redhat.com>
author: Petr Viktorin <pviktori@redhat.com> 2014-02-28 12:23:17 +0100
committer: Petr Viktorin <pviktori@redhat.com> 2014-03-07 20:06:52 +0100
commit: d727599aa804aecd91de969a9309c1903d0cfdce (patch)
tree: 146b99aff9e5308367a9452458dabf6efe9e49ea /ipatests
parent: 0c2aec1be52af311feab15c01d03dfaff4b60fce (diff)
download: freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.tar.gz
freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.tar.xz
freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.zip
1 files changed, 47 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index e9e2fea0e..725fe0ab4 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -3295,4 +3295,51 @@ class test_permission_filters(Declarative):
             '(version 3.0;acl "permission:%s";' % permission1 +
             'allow (write) groupdn = "ldap:///%s";)' % permission1_dn,
         ),
+
+        dict(
+            desc='Delete %r' % permission1,
+            command=('permission_del', [permission1], {}),
+            expected=dict(
+                result=dict(failed=u''),
+                value=permission1,
+                summary=u'Deleted permission "%s"' % permission1,
+            )
+        ),
+
+        verify_permission_aci_missing(permission1, api.env.basedn),
+
+        dict(
+            desc='Create %r with empty filters [#4206]' % permission1,
+            command=(
+                'permission_add', [permission1], dict(
+                    type=u'user',
+                    ipapermright=u'write',
+                    ipapermtargetfilter=u'',
+                )
+            ),
+            expected=dict(
+                value=permission1,
+                summary=u'Added permission "%s"' % permission1,
+                result=dict(
+                    dn=permission1_dn,
+                    cn=[permission1],
+                    objectclass=objectclasses.permission,
+                    type=[u'user'],
+                    ipapermright=[u'write'],
+                    ipapermbindruletype=[u'permission'],
+                    ipapermissiontype=[u'SYSTEM', u'V2'],
+                    ipapermlocation=[users_dn],
+                    ipapermtargetfilter=[
+                        u'(objectclass=posixaccount)',
+                    ],
+                ),
+            ),
+        ),
+
+        verify_permission_aci(
+            permission1, users_dn,
+            '(targetfilter = "(objectclass=posixaccount)")' +
+            '(version 3.0;acl "permission:%s";' % permission1 +
+            'allow (write) groupdn = "ldap:///%s";)' % permission1_dn,
+        ),
     ]
author	Petr Viktorin <pviktori@redhat.com>	2014-02-28 12:23:17 +0100
committer	Petr Viktorin <pviktori@redhat.com>	2014-03-07 20:06:52 +0100
commit	d727599aa804aecd91de969a9309c1903d0cfdce (patch)
tree	146b99aff9e5308367a9452458dabf6efe9e49ea /ipatests
parent	0c2aec1be52af311feab15c01d03dfaff4b60fce (diff)
download	freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.tar.gz freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.tar.xz freeipa-d727599aa804aecd91de969a9309c1903d0cfdce.zip