Hello, This fixes https://fedorahosted.org/freeipa/ticket/4206
Apply on top of my patch 0479, to avoid a conflict in tests. -- PetrĀ³
From 286190d9374290acef301ca92279f3f729827cad Mon Sep 17 00:00:00 2001 From: Petr Viktorin <pvikt...@redhat.com> Date: Fri, 28 Feb 2014 12:23:17 +0100 Subject: [PATCH] permissions plugin: Don't crash with empty targetfilter https://fedorahosted.org/freeipa/ticket/4206 --- ipalib/plugins/permission.py | 2 +- ipatests/test_xmlrpc/test_permission_plugin.py | 47 ++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index fb57fded7efe464d7879c12042999369c7d63bc4..2b2509ecbdfc7cd6b45f3c220188bee176679bf5 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -711,7 +711,7 @@ def preprocess_options(self, options, return_filter_ops=False): return filter_ops elif filter_ops['add']: options['ipapermtargetfilter'] = list(options.get( - 'ipapermtargetfilter', [])) + filter_ops['add'] + 'ipapermtargetfilter') or []) + filter_ops['add'] def validate_permission(self, entry): ldap = self.Backend.ldap2 diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index 2d214013995266412cf0cf4559537095ffcd633c..833071823752ece578c6d688cf8a0dbf78c18d2a 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -3260,4 +3260,51 @@ class test_permission_filters(Declarative): '(version 3.0;acl "permission:%s";' % permission1 + 'allow (write) groupdn = "ldap:///%s";)' % permission1_dn, ), + + dict( + desc='Delete %r' % permission1, + command=('permission_del', [permission1], {}), + expected=dict( + result=dict(failed=u''), + value=permission1, + summary=u'Deleted permission "%s"' % permission1, + ) + ), + + verify_permission_aci_missing(permission1, api.env.basedn), + + dict( + desc='Create %r with empty filters [#4206]' % permission1, + command=( + 'permission_add', [permission1], dict( + type=u'user', + ipapermright=u'write', + ipapermtargetfilter=u'', + ) + ), + expected=dict( + value=permission1, + summary=u'Added permission "%s"' % permission1, + result=dict( + dn=permission1_dn, + cn=[permission1], + objectclass=objectclasses.permission, + type=[u'user'], + ipapermright=[u'write'], + ipapermbindruletype=[u'permission'], + ipapermissiontype=[u'SYSTEM', u'V2'], + ipapermlocation=[users_dn], + ipapermtargetfilter=[ + u'(objectclass=posixaccount)', + ], + ), + ), + ), + + verify_permission_aci( + permission1, users_dn, + '(targetfilter = "(objectclass=posixaccount)")' + + '(version 3.0;acl "permission:%s";' % permission1 + + 'allow (write) groupdn = "ldap:///%s";)' % permission1_dn, + ), ] -- 1.8.5.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel