On 08/23/2012 02:46 PM, Rob Crittenden wrote:
Tomas Babej wrote:
On 08/22/2012 05:15 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,
Both commands now produce the same output regarding
the attributelevelrights.
https://fedorahosted.org/freeipa/ticket/2875
I think some unit tests would be helpful so we don't regress and we
know which other commands this fixes.
rob
I ran the tests for the permission plugin (test_permission_plugin.py)
and all of them passed. Tested on clean VM with newly built IPA from the
master, so there should be no regression. Results themselves attached.
Tomas
Right, but those tests all passed prior to your fix as well. We need a
test that does a permission-mod and confirms that the rights contains
the full list of attributes (and perhaps testing any other commands
that were similarly fixed).
rob
I added unit tests for permission-mod and permission-show.
Tomas
>From be666391cc21f145acf349ccb4799174a204068c Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Wed, 22 Aug 2012 10:39:01 -0400
Subject: [PATCH] Fixes different behaviour of permission-mod and show.
Both commands now produce the same output regarding
the attributelevelrights.
https://fedorahosted.org/freeipa/ticket/2875
---
ipalib/plugins/permission.py | 4 +-
tests/test_xmlrpc/test_permission_plugin.py | 85 +++++++++++++++++++++++++++++
2 files changed, 88 insertions(+), 1 deletion(-)
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index befa74df822ab48e571e68ef31871b1c83716ca4..75b210910468a4aafba85f1dde8d94b7be2770af 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -393,8 +393,10 @@ class permission_mod(LDAPUpdate):
cn = options['rename'] # rename finished
- common_options = filter_options(options, ['all', 'raw'])
+ # all common options to permission-mod and show need to be listed here
+ common_options = filter_options(options, ['all', 'raw', 'rights'])
result = self.api.Command.permission_show(cn, **common_options)['result']
+
for r in result:
if not r.startswith('member_'):
entry_attrs[r] = result[r]
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index a1062f08526dfbb2f34d9d5cdf476d8eedc40df2..eda96d0e31d28931b9e0b630ffa69bb9cbad0d1f 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -45,6 +45,32 @@ permission2 = u'testperm2'
permission2_dn = DN(('cn',permission2),
api.env.container_permission,api.env.basedn)
+permission3 = u'testperm3'
+permission3_dn = DN(('cn',permission3),
+ api.env.container_permission,api.env.basedn)
+permission3_attributelevelrights = {
+ 'member': u'rscwo',
+ 'seealso': u'rscwo',
+ 'ipapermissiontype': u'rscwo',
+ 'cn': u'rscwo',
+ 'businesscategory': u'rscwo',
+ 'objectclass': u'rscwo',
+ 'memberof': u'rscwo',
+ 'aci': u'rscwo',
+ 'subtree': u'rscwo',
+ 'o': u'rscwo',
+ 'filter': u'rscwo',
+ 'attrs': u'rscwo',
+ 'owner': u'rscwo',
+ 'group': u'rscwo',
+ 'ou': u'rscwo',
+ 'targetgroup': u'rscwo',
+ 'type': u'rscwo',
+ 'permissions': u'rscwo',
+ 'nsaccountlock': u'rscwo',
+ 'description': u'rscwo',
+ }
+
privilege1 = u'testpriv1'
privilege1_dn = DN(('cn',privilege1),
api.env.container_privilege,api.env.basedn)
@@ -57,6 +83,7 @@ class test_permission(Declarative):
cleanup_commands = [
('permission_del', [permission1], {}),
('permission_del', [permission2], {}),
+ ('permission_del', [permission3], {}),
('privilege_del', [privilege1], {}),
]
@@ -860,4 +887,62 @@ class test_permission(Declarative):
error='May only contain letters, numbers, -, _, and space'),
),
+ dict(
+ desc='Create %r' % permission3,
+ command=(
+ 'permission_add', [permission3], dict(
+ type=u'user',
+ permissions=u'write',
+ attrs=[u'cn']
+ )
+ ),
+ expected=dict(
+ value=permission3,
+ summary=u'Added permission "%s"' % permission3,
+ result=dict(
+ dn=permission3_dn,
+ cn=[permission3],
+ objectclass=objectclasses.permission,
+ type=u'user',
+ permissions=[u'write'],
+ attrs=(u'cn',),
+ ),
+ ),
+ ),
+
+ dict(
+ desc='Retrieve %r with --all --rights' % permission3,
+ command=('permission_show', [permission3], {'all' : True, 'rights' : True}),
+ expected=dict(
+ value=permission3,
+ summary=None,
+ result=dict(
+ dn=permission3_dn,
+ cn=[permission3],
+ objectclass=objectclasses.permission,
+ type=u'user',
+ attrs=(u'cn',),
+ permissions=[u'write'],
+ attributelevelrights=permission3_attributelevelrights
+ ),
+ ),
+ ),
+
+ dict(
+ desc='Modify %r with --all -rights' % permission3,
+ command=('permission_mod', [permission3], {'all' : True, 'rights': True, 'attrs':[u'cn',u'uid']}),
+ expected=dict(
+ value=permission3,
+ summary=u'Modified permission "%s"' % permission3,
+ result=dict(
+ dn=permission3_dn,
+ cn=[permission3],
+ objectclass=objectclasses.permission,
+ type=u'user',
+ attrs=(u'cn',u'uid'),
+ permissions=[u'write'],
+ attributelevelrights=permission3_attributelevelrights,
+ ),
+ ),
+ ),
]
--
1.7.11.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
