Hello,
This fixes https://fedorahosted.org/freeipa/ticket/4206
Apply on top of my patch 0479, to avoid a conflict in tests.
--
Petr³
From 286190d9374290acef301ca92279f3f729827cad Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Fri, 28 Feb 2014 12:23:17 +0100
Subject: [PATCH] permissions plugin: Don't crash with empty targetfilter
https://fedorahosted.org/freeipa/ticket/4206
---
ipalib/plugins/permission.py | 2 +-
ipatests/test_xmlrpc/test_permission_plugin.py | 47 ++
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index fb57fded7efe464d7879c12042999369c7d63bc4..2b2509ecbdfc7cd6b45f3c220188bee176679bf5 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -711,7 +711,7 @@ def preprocess_options(self, options, return_filter_ops=False):
return filter_ops
elif filter_ops['add']:
options['ipapermtargetfilter'] = list(options.get(
-'ipapermtargetfilter', [])) + filter_ops['add']
+'ipapermtargetfilter') or []) + filter_ops['add']
def validate_permission(self, entry):
ldap = self.Backend.ldap2
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index 2d214013995266412cf0cf4559537095ffcd633c..833071823752ece578c6d688cf8a0dbf78c18d2a 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -3260,4 +3260,51 @@ class test_permission_filters(Declarative):
'(version 3.0;acl permission:%s;' % permission1 +
'allow (write) groupdn = ldap:///%s;;)' % permission1_dn,
),
+
+dict(
+desc='Delete %r' % permission1,
+command=('permission_del', [permission1], {}),
+expected=dict(
+result=dict(failed=u''),
+value=permission1,
+summary=u'Deleted permission %s' % permission1,
+)
+),
+
+verify_permission_aci_missing(permission1, api.env.basedn),
+
+dict(
+desc='Create %r with empty filters [#4206]' % permission1,
+command=(
+'permission_add', [permission1], dict(
+type=u'user',
+ipapermright=u'write',
+ipapermtargetfilter=u'',
+)
+),
+expected=dict(
+value=permission1,
+summary=u'Added permission %s' % permission1,
+result=dict(
+dn=permission1_dn,
+cn=[permission1],
+objectclass=objectclasses.permission,
+type=[u'user'],
+ipapermright=[u'write'],
+ipapermbindruletype=[u'permission'],
+ipapermissiontype=[u'SYSTEM', u'V2'],
+ipapermlocation=[users_dn],
+ipapermtargetfilter=[
+u'(objectclass=posixaccount)',
+],
+),
+),
+),
+
+verify_permission_aci(
+permission1, users_dn,
+'(targetfilter = (objectclass=posixaccount))' +
+'(version 3.0;acl permission:%s;' % permission1 +
+'allow (write) groupdn = ldap:///%s;;)' % permission1_dn,
+),
]
--
1.8.5.3
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel