Hi,

After setting sudoorder, you are unable to unset it, since the
check for uniqueness of order of sudorules is applied incorrectly.

Fix the behaviour and cover it in the test suite.

https://fedorahosted.org/freeipa/ticket/4360

-- 
Tomas Babej
Associate Software Engineer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org 


>From fa9f08fc488b2f04ce9cc4919902af2e83811d43 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Mon, 16 Jun 2014 16:51:31 +0200
Subject: [PATCH] sudorule: Allow unsetting sudoorder

After setting sudoorder, you are unable to unset it, since the
check for uniqueness of order of sudorules is applied incorrectly.

Fix the behaviour and cover it in the test suite.

https://fedorahosted.org/freeipa/ticket/4360
---
 ipalib/plugins/sudorule.py                   | 3 ++-
 ipatests/test_xmlrpc/test_sudorule_plugin.py | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 23886898e28ec447af0c2dd32e80e8f3f6de79a9..71bb0f50a95671fee36100d3196590af14b58c66 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -349,10 +349,11 @@ class sudorule(LDAPObject):
     )
 
     def check_order_uniqueness(self, *keys, **options):
-        if 'sudoorder' in options:
+        if options.get('sudoorder') is not None:
             entries = self.methods.find(
                 sudoorder=options['sudoorder']
             )['result']
+
             if len(entries) > 0:
                 rule_name = entries[0]['cn'][0]
                 raise errors.ValidationError(
diff --git a/ipatests/test_xmlrpc/test_sudorule_plugin.py b/ipatests/test_xmlrpc/test_sudorule_plugin.py
index 7dc3cb1e458b6f5d145dc315d977e85a1f5b6431..052578666a152ad0fe061c56dc0e9a07c7834ff1 100644
--- a/ipatests/test_xmlrpc/test_sudorule_plugin.py
+++ b/ipatests/test_xmlrpc/test_sudorule_plugin.py
@@ -769,6 +769,10 @@ class test_sudorule(XMLRPC_test):
         with assert_raises(errors.ValidationError):
             api.Command['sudorule_mod'](self.rule_name, sudoorder=0)
 
+        # Try unsetting sudoorder from both rules
+        api.Command['sudorule_mod'](self.rule_name, sudoorder=None)
+        api.Command['sudorule_mod'](self.rule_name2, sudoorder=None)
+
 
     def test_m_sudorule_del(self):
         """
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to