On 04/10/2012 09:35 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:
https://fedorahosted.org/freeipa/ticket/2571

The update was failing because of the case insensitivity of permission
object DN.

Can you wrap the error in _() and add a couple of test cases for this, say one for the case insensitivity and one for empty rename attempt?

rob
fixed patch attached

--
Regards,

Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada

From 2e27cc3517fced8f48f7fa89963b72479f2c8bee Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Wed, 11 Apr 2012 09:37:15 +0200
Subject: [PATCH] Unable to rename permission object

The update was failing because of the case insensitivity of permission
object DN. Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2571
---
 ipalib/plugins/permission.py                |   19 ++++++-----
 tests/test_xmlrpc/test_permission_plugin.py |   45 ++++++++++++++++++++++++--
 2 files changed, 52 insertions(+), 12 deletions(-)

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 9b669d9f57e81e885bd080703ba6c405395f6608..92203f17403d7c99dcc41525a771cf01ec31ce32 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -335,14 +335,17 @@ class permission_mod(LDAPUpdate):
         # when renaming permission, check if the target permission does not
         # exists already. Then, make changes to underlying ACI
         if 'rename' in options:
-            try:
-                new_dn = dn.replace(keys[-1], options['rename'], 1)
-                (new_dn, attrs) = ldap.get_entry(
-                    new_dn, attrs_list, normalize=self.obj.normalize_dn
-                )
-                raise errors.DuplicateEntry()
-            except errors.NotFound:
-                pass    # permission may be renamed, continue
+            if options['rename']:
+                try:
+                    new_dn = dn.replace(keys[-1].lower(), options['rename'], 1)
+                    (new_dn, attrs) = ldap.get_entry(
+                        new_dn, attrs_list, normalize=self.obj.normalize_dn
+                    )
+                    raise errors.DuplicateEntry()
+                except errors.NotFound:
+                    pass    # permission may be renamed, continue
+            else:
+                raise errors.ValidationError(name='rename',error=_('New name can not be empty'))
 
         opts = copy.copy(options)
         for o in ['all', 'raw', 'rights', 'rename']:
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index ab28588609caf080911a29c6e76e7c81e8f296ef..d4551c9525748c3710c4dc66ea15f3fa08f08ea4 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -36,6 +36,10 @@ permission1_renamed = u'testperm1_rn'
 permission1_renamed_dn = DN(('cn',permission1_renamed),
                             api.env.container_permission,api.env.basedn)
 
+permission1_renamed_ucase = u'Testperm_RN'
+permission1_renamed_ucase_dn = DN(('cn',permission1_renamed_ucase.lower()),
+                            api.env.container_permission,api.env.basedn)
+
 
 permission2 = u'testperm2'
 permission2_dn = DN(('cn',permission2),
@@ -463,6 +467,17 @@ class test_permission(Declarative):
 
 
         dict(
+            desc='Try to rename %r to empty name' % (permission1),
+            command=(
+                'permission_mod', [permission1], dict(rename=u'',
+                                                      permissions=u'all',)
+            ),
+            expected=errors.ValidationError(name=u'rename',
+                                    error=u'New name can not be empty'),
+        ),
+
+
+        dict(
             desc='Check integrity of original permission %r' % permission1,
             command=('permission_show', [permission1], {}),
             expected=dict(
@@ -503,12 +518,34 @@ class test_permission(Declarative):
 
 
         dict(
-            desc='Delete %r' % permission1_renamed,
-            command=('permission_del', [permission1_renamed], {}),
+            desc='Rename %r to permission %r' % (permission1_renamed,
+                                                 permission1_renamed_ucase),
+            command=(
+                'permission_mod', [permission1_renamed], dict(rename=permission1_renamed_ucase,
+                                                      permissions= u'write',)
+            ),
             expected=dict(
-                result=dict(failed=u''),
                 value=permission1_renamed,
-                summary=u'Deleted permission "%s"' % permission1_renamed,
+                summary=u'Modified permission "%s"' % permission1_renamed,
+                result={
+                    'dn': lambda x: DN(x) == permission1_renamed_ucase_dn,
+                    'cn': [permission1_renamed_ucase.lower()],
+                    'member_privilege': [privilege1],
+                    'type': u'user',
+                    'permissions': [u'write'],
+                    'memberof': u'ipausers',
+                },
+            ),
+        ),
+
+
+        dict(
+            desc='Delete %r' % permission1_renamed_ucase,
+            command=('permission_del', [permission1_renamed_ucase], {}),
+            expected=dict(
+                result=dict(failed=u''),
+                value=permission1_renamed_ucase,
+                summary=u'Deleted permission "%s"' % permission1_renamed_ucase,
             )
         ),
 
-- 
1.7.6.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to