Re: [Freeipa-devel] [PATCH] 0486 permission-mod: Remove attributelevelrights before reverting entry

2014-03-07 Thread Martin Kosek 
On 03/03/2014 04:04 PM, Petr Viktorin wrote:
> Hello,
> This fixes issue #4212 which Petr¹ found in his Web UI work.
> 
> [#4212] https://fedorahosted.org/freeipa/ticket/4212
> 

ACK. Pushed to master: 02e61961daf87fae22d6891ce2e1d7f8670dd2bf

Martin


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0486 permission-mod: Remove attributelevelrights before reverting entry

2014-03-03 Thread Petr Viktorin 

Hello,
This fixes issue #4212 which Petr¹ found in his Web UI work.

[#4212] https://fedorahosted.org/freeipa/ticket/4212

--
Petr³
From 3fd6a68161cc267d59731cfb0257cc350acfc36f Mon Sep 17 00:00:00 2001
From: Petr Viktorin 
Date: Mon, 3 Mar 2014 14:46:51 +0100
Subject: [PATCH] permission-mod: Remove attributelevelrights before reverting
 entry

LDAPUpdate adds the display-only 'attributelevelrights' attribute,
which doesn't exist in LDAP. Remove it before reverting entry.

https://fedorahosted.org/freeipa/ticket/4212
---
 ipalib/plugins/permission.py   |  3 +++
 ipatests/test_xmlrpc/test_permission_plugin.py | 27 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 4477a5e4e379198e2fccc4c2d503ccbe7c97f1fd..4b686941a551be82b7e3482ca0daf9fe2f5e9e28 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -1015,6 +1015,9 @@ def post_callback(self, ldap, dn, entry, *keys, **options):
 else:
 self.obj.update_aci(entry, old_entry.single_value['cn'])
 except Exception:
+# Don't revert attribute which doesn't exist in LDAP
+entry.pop('attributelevelrights', None)
+
 self.log.error('Error updating ACI: %s' % traceback.format_exc())
 self.log.warn('Reverting entry')
 old_entry.reset_modlist(entry)
diff --git a/ipatests/test_xmlrpc/test_permission_plugin.py b/ipatests/test_xmlrpc/test_permission_plugin.py
index b96d29c3f79225ba617e0b6e932f58d227763743..af86758d6e8ce95650b60b8d0551833942c7ca88 100644
--- a/ipatests/test_xmlrpc/test_permission_plugin.py
+++ b/ipatests/test_xmlrpc/test_permission_plugin.py
@@ -327,7 +327,6 @@ class test_permission_negative(Declarative):
 name='ipapermexcludedattr',
 error='only available on managed permissions'),
 ),
-
 ]
 
 
@@ -1639,8 +1638,34 @@ class test_permission_rollback(Declarative):
 pdn=permission1_dn)),
 ),
 
+] + _verifications + [
+
+dict(
+desc='Try adding an invalid attribute on %r with --all --rights' % permission1,
+command=(
+'permission_mod', [permission1], dict(
+attrs=[u'cn', u'bogusattributexyz'],
+rights=True,
+all=True,
+)
+),
+expected=errors.InvalidSyntax(
+attr=r'targetattr "bogusattributexyz" does not exist '
+r'in schema. Please add attributeTypes '
+r'"bogusattributexyz" to schema if necessary. ACL Syntax '
+r'Error(-5):(targetattr = \22bogusattributexyz || cn\22)'
+r'(target = \22ldap:///%(tdn)s\22)'
+r'(version 3.0;acl \22permission:%(name)s\22;'
+r'allow (write) groupdn = \22ldap:///%(dn)s\22;)' % dict(
+tdn=DN('uid=admin', users_dn),
+name=permission1,
+dn=permission1_dn),
+),
+),
+
 ] + _verifications
 
+
 class test_permission_sync_attributes(Declarative):
 """Test the effects of setting permission attributes"""
 cleanup_commands = [
-- 
1.8.5.3

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel