From 616d543a54833a1fde6b0098d91ac0f4e14f7a57 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada Date: Tue, 7 Feb 2012 13:07:09 +0100 Subject: Memberof attribute control and update Checking of parameters used by _make_aci funcion was rewritten. Additional attributes of ACI(type, attribute, memberof, targetgroup, subtree, filter) could be unset. Permission plugin now allows to unset memberof value. https://fedorahosted.org/freeipa/ticket/2255 Added checking of existence of groups that are specified in permission and delegation module. https://fedorahosted.org/freeipa/ticket/2286 https://fedorahosted.org/freeipa/ticket/2305 --- tests/test_xmlrpc/test_delegation_plugin.py | 12 ++++++ tests/test_xmlrpc/test_permission_plugin.py | 57 +++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) (limited to 'tests') diff --git a/tests/test_xmlrpc/test_delegation_plugin.py b/tests/test_xmlrpc/test_delegation_plugin.py index 1a9c36743..db5f71865 100644 --- a/tests/test_xmlrpc/test_delegation_plugin.py +++ b/tests/test_xmlrpc/test_delegation_plugin.py @@ -68,6 +68,18 @@ class test_delegation(Declarative): ), ), + dict( + desc='Try to create %r for non-existing member group' % delegation1, + command=( + 'delegation_add', [delegation1], dict( + attrs=u'street,c,l,st,postalCode', + permissions=u'write', + group=u'editors', + memberof=u'nonexisting', + ), + ), + expected=errors.NotFound(reason='group not found'), + ), # Note that we add postalCode but expect postalcode. This tests # the attrs normalizer. diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index 50d368197..e8e6bebcd 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -500,6 +500,16 @@ class test_permission(Declarative): ) ), + dict( + desc='Try to create permission %r with non-existing memberof' % permission1, + command=( + 'permission_add', [permission1], dict( + memberof=u'nonexisting', + permissions=u'write', + ) + ), + expected=errors.NotFound(reason='group not found'), + ), dict( desc='Create memberof permission %r' % permission1, @@ -507,6 +517,7 @@ class test_permission(Declarative): 'permission_add', [permission1], dict( memberof=u'editors', permissions=u'write', + type=u'user', ) ), expected=dict( @@ -518,6 +529,52 @@ class test_permission(Declarative): objectclass=objectclasses.permission, memberof=u'editors', permissions=[u'write'], + type=u'user', + ), + ), + ), + + dict( + desc='Try to update non-existent memberof of %r' % permission1, + command=('permission_mod', [permission1], dict(memberof=u'nonexisting')), + expected=errors.NotFound(reason='group not found'), + ), + + dict( + desc='Update memberof permission %r' % permission1, + command=( + 'permission_mod', [permission1], dict( + memberof=u'admins', + ) + ), + expected=dict( + value=permission1, + summary=u'Modified permission "%s"' % permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + memberof=u'admins', + permissions=[u'write'], + type=u'user', + ), + ), + ), + + dict( + desc='Unset memberof of permission %r' % permission1, + command=( + 'permission_mod', [permission1], dict( + memberof=None, + ) + ), + expected=dict( + summary=u'Modified permission "%s"' % permission1, + value=permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + permissions=[u'write'], + type=u'user', ), ), ), -- cgit