https://fedorahosted.org/freeipa/ticket/2293
This patch fixes regression caused by patch for ticket #2293. The
function get_allowed_attributes was searching only through the specified
objectclasses but not through their superior objectclasses. This patch
adds such behaviour by recursive call of get_allowed_attributes on the
superior objectclasses.
Test case that revealed the regression was added into the unit-tests.
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada
From 5399a72edd69c5f59ba1308e03a17531557faf11 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada
Date: Wed, 21 Mar 2012 13:30:42 +0100
Subject: [PATCH] Search allowed attributes in superior objectclasses
get_allowed_attributes function was improved to look for allowed
attributes also in the superior objectclasses of specified objectclass.
This fixes the regression caused by patch for ticket #2293. Test-case
for unit-test was also created.
https://fedorahosted.org/freeipa/ticket/2293
---
ipaserver/plugins/ldap2.py |3 ++
tests/test_xmlrpc/test_permission_plugin.py | 35 +++
2 files changed, 38 insertions(+), 0 deletions(-)
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index dd5756735405d5a5a9c76d4fa0d82459007a2233..178386c67001a5851e25f1640b301ae504ccab69 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -401,6 +401,9 @@ class ldap2(CrudBackend, Encoder):
obj = self.schema.get_obj(_ldap.schema.ObjectClass, oc)
if obj is not None:
allowed_attributes += obj.must + obj.may
+# look for allowed attributes in the superior objectclasses
+if obj.sup:
+allowed_attributes += self.get_allowed_attributes(obj.sup,raise_on_unknown)
elif raise_on_unknown:
raise errors.NotFound(reason=_('objectclass %s not found') % oc)
return [unicode(a).lower() for a in list(set(allowed_attributes))]
diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py
index 68a3cebf97943b330926fcf9837e9815e142d086..2ce1bdf31e1bb3022059088d84acb4267f8423a3 100644
--- a/tests/test_xmlrpc/test_permission_plugin.py
+++ b/tests/test_xmlrpc/test_permission_plugin.py
@@ -657,6 +657,41 @@ class test_permission(Declarative):
dict(
+desc='Create permission %r with attributes from superior objectclass' % permission1,
+command=(
+'permission_add', [permission1], dict(
+ type=u'hostgroup',
+ permissions=u'add,delete,write',
+ attrs=u'businessCategory,owner,description',
+)
+),
+expected=dict(
+value=permission1,
+summary=u'Added permission "%s"' % permission1,
+result=dict(
+dn=lambda x: DN(x) == permission1_dn,
+cn=[permission1],
+objectclass=objectclasses.permission,
+type=u'hostgroup',
+permissions=[u'add',u'delete',u'write'],
+attrs=[u'businesscategory',u'owner',u'description'],
+),
+),
+),
+
+
+dict(
+desc='Delete %r' % permission1,
+command=('permission_del', [permission1], {}),
+expected=dict(
+result=dict(failed=u''),
+value=permission1,
+summary=u'Deleted permission "%s"' % permission1,
+),
+),
+
+
+dict(
desc='Create targetgroup permission %r' % permission1,
command=(
'permission_add', [permission1], dict(
--
1.7.6.5
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel