Hello, This fixes issue #4212 which PetrĀ¹ found in his Web UI work.
[#4212] https://fedorahosted.org/freeipa/ticket/4212 -- PetrĀ³
From 3fd6a68161cc267d59731cfb0257cc350acfc36f Mon Sep 17 00:00:00 2001 From: Petr Viktorin <[email protected]> Date: Mon, 3 Mar 2014 14:46:51 +0100 Subject: [PATCH] permission-mod: Remove attributelevelrights before reverting entry LDAPUpdate adds the display-only 'attributelevelrights' attribute, which doesn't exist in LDAP. Remove it before reverting entry. https://fedorahosted.org/freeipa/ticket/4212 --- ipalib/plugins/permission.py | 3 +++ ipatests/test_xmlrpc/test_permission_plugin.py | 27 +++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 4477a5e4e379198e2fccc4c2d503ccbe7c97f1fd..4b686941a551be82b7e3482ca0daf9fe2f5e9e28 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -1015,6 +1015,9 @@ def post_callback(self, ldap, dn, entry, *keys, **options): else: self.obj.update_aci(entry, old_entry.single_value['cn']) except Exception: + # Don't revert attribute which doesn't exist in LDAP + entry.pop('attributelevelrights', None) + self.log.error('Error updating ACI: %s' % traceback.format_exc()) self.log.warn('Reverting entry') old_entry.reset_modlist(entry) diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py index b96d29c3f79225ba617e0b6e932f58d227763743..af86758d6e8ce95650b60b8d0551833942c7ca88 100644 --- a/ipatests/test_xmlrpc/test_permission_plugin.py +++ b/ipatests/test_xmlrpc/test_permission_plugin.py @@ -327,7 +327,6 @@ class test_permission_negative(Declarative): name='ipapermexcludedattr', error='only available on managed permissions'), ), - ] @@ -1639,8 +1638,34 @@ class test_permission_rollback(Declarative): pdn=permission1_dn)), ), + ] + _verifications + [ + + dict( + desc='Try adding an invalid attribute on %r with --all --rights' % permission1, + command=( + 'permission_mod', [permission1], dict( + attrs=[u'cn', u'bogusattributexyz'], + rights=True, + all=True, + ) + ), + expected=errors.InvalidSyntax( + attr=r'targetattr "bogusattributexyz" does not exist ' + r'in schema. Please add attributeTypes ' + r'"bogusattributexyz" to schema if necessary. ACL Syntax ' + r'Error(-5):(targetattr = \22bogusattributexyz || cn\22)' + r'(target = \22ldap:///%(tdn)s\22)' + r'(version 3.0;acl \22permission:%(name)s\22;' + r'allow (write) groupdn = \22ldap:///%(dn)s\22;)' % dict( + tdn=DN('uid=admin', users_dn), + name=permission1, + dn=permission1_dn), + ), + ), + ] + _verifications + class test_permission_sync_attributes(Declarative): """Test the effects of setting permission attributes""" cleanup_commands = [ -- 1.8.5.3
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
