This fixes an extra objectclass being added to legacy permissions in permission-{show,find} output. For the other attributes, we want to show what would be there if the permission was upgraded, but for objectclass and flags we want to show exactly what is in LDAP.

https://fedorahosted.org/freeipa/ticket/4257

For all the tests to pass, apply this on top of my patch 0475

--
PetrĀ³
From 6f3c50f875ee9220269f2468825f42474157fe69 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Mon, 17 Mar 2014 15:53:06 +0100
Subject: [PATCH] permission plugin: Do not add the ipapermissionv2 for output

As with the flags, the objectclass should be returned as it is
on the entry.

https://fedorahosted.org/freeipa/ticket/4257
---
 ipalib/plugins/permission.py                       | 9 ++++-----
 ipatests/test_xmlrpc/test_old_permission_plugin.py | 2 +-
 ipatests/test_xmlrpc/test_permission_plugin.py     | 2 +-
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 65220b6e058aadd635d032748e8eb8ce11b860ea..a4966a2b680edef0cdaea8476ac242318cad9027 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -623,7 +623,7 @@ def upgrade_permission(self, entry, target_entry=None,
             from the ACI corresponding to ``entry``.
             If None, ``entry`` itself is filled
         :param output_only:
-            If true, the flags are not updated to V2.
+            If true, the flags & objectclass are not updated to V2.
             Used for the -find and -show commands.
         :param cached_acientry:
             Optional pre-retreived entry that contains the existing ACI.
@@ -664,10 +664,9 @@ def upgrade_permission(self, entry, target_entry=None,
 
         if not output_only:
             target_entry['ipapermissiontype'] = ['SYSTEM', 'V2']
-
-        if 'ipapermissionv2' not in entry['objectclass']:
-            target_entry['objectclass'] = list(entry['objectclass']) + [
-                u'ipapermissionv2']
+            if 'ipapermissionv2' not in entry['objectclass']:
+                target_entry['objectclass'] = list(entry['objectclass']) + [
+                    u'ipapermissionv2']
 
         target_entry['ipapermlocation'] = [self.api.env.basedn]
 
diff --git a/ipatests/test_xmlrpc/test_old_permission_plugin.py b/ipatests/test_xmlrpc/test_old_permission_plugin.py
index a5554be8caa101187e231e1afa0a0cd8c64b2af9..56dd4435c2996114100334873d72f99201ec841a 100644
--- a/ipatests/test_xmlrpc/test_old_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_old_permission_plugin.py
@@ -794,7 +794,7 @@ class test_old_permission(Declarative):
                         'dn': DN(('cn','Add user to default group'),
                                  api.env.container_permission, api.env.basedn),
                         'cn': [u'Add user to default group'],
-                        'objectclass': objectclasses.permission,
+                        'objectclass': objectclasses.system_permission,
                         'member_privilege': [u'User Administrators'],
                         'attrs': [u'member'],
                         'targetgroup': u'ipausers',
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index 4d515e695f4465b36d41c98cbaf9799275c834ef..5f305aa543195e63fbe223a1fceaab40411dbd05 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -1146,7 +1146,7 @@ class test_permission(Declarative):
                         'dn': DN(('cn','Add user to default group'),
                                  api.env.container_permission, api.env.basedn),
                         'cn': [u'Add user to default group'],
-                        'objectclass': objectclasses.permission,
+                        'objectclass': objectclasses.system_permission,
                         'member_privilege': [u'User Administrators'],
                         'attrs': [u'member'],
                         'targetgroup': [u'ipausers'],
-- 
1.8.5.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to