diff options
author | Ondrej Hamada <ohamada@redhat.com> | 2012-02-29 11:40:31 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-28 18:22:24 -0500 |
commit | 1356988b7a40a60af39807db143860efb4a2f435 (patch) | |
tree | 108983b039333bb6e311a377b7d33bcaaac383db /tests/test_xmlrpc/test_permission_plugin.py | |
parent | 2d555256526827564f89d941c2d2b31815378a6b (diff) | |
download | freeipa-1356988b7a40a60af39807db143860efb4a2f435.tar.gz freeipa-1356988b7a40a60af39807db143860efb4a2f435.tar.xz freeipa-1356988b7a40a60af39807db143860efb4a2f435.zip |
Validate attributes in permission-add
When adding or modifying permission with both type and attributes
specified, check whether the attributes are allowed for specified type.
In case of disallowed attributes raises the ObjectclassViolation
exception.
New tests were also added to the unit-tests.
https://fedorahosted.org/freeipa/ticket/2293
Diffstat (limited to 'tests/test_xmlrpc/test_permission_plugin.py')
-rw-r--r-- | tests/test_xmlrpc/test_permission_plugin.py | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index e8e6bebcd..68a3cebf9 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -124,6 +124,71 @@ class test_permission(Declarative): dict( + desc='Try to create %r with invalid attribute \'ipaclientversion\'' % permission2, + command=( + 'permission_add', [permission2], dict( + type=u'user', + permissions=u'write', + attrs=u'ipaclientversion', + ), + ), + expected=errors.ObjectclassViolation(info=u'attribute(s) \"ipaclientversion\" not allowed'), + ), + + + dict( + desc='Add allowed attribute \'cn\' to %r' % permission1, + command=( + 'permission_mod', [permission1], dict( + attrs=u'cn', + ) + ), + expected=dict( + value=permission1, + summary=u'Modified permission "%s"' % permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + type=u'user', + permissions=[u'write'], + attrs=[u'cn'], + ), + ), + ), + + + dict( + desc='Try to modify %r with invalid attribute \'ipaclientversion\'' % permission1, + command=( + 'permission_mod', [permission1], dict( + attrs=u'ipaclientversion', + ), + ), + expected=errors.ObjectclassViolation(info=u'attribute(s) \"ipaclientversion\" not allowed'), + ), + + + dict( + desc='Unset attribute \'cn\' of %r' % permission1, + command=( + 'permission_mod', [permission1], dict( + attrs=None, + ) + ), + expected=dict( + value=permission1, + summary=u'Modified permission "%s"' % permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + type=u'user', + permissions=[u'write'], + ), + ), + ), + + + dict( desc='Create %r' % privilege1, command=('privilege_add', [privilege1], dict(description=u'privilege desc. 1') |