https://fedorahosted.org/freeipa/ticket/2293
This patch fixes regression caused by patch for ticket #2293. The function get_allowed_attributes was searching only through the specified objectclasses but not through their superior objectclasses. This patch adds such behaviour by recursive call of get_allowed_attributes on the superior objectclasses.
Test case that revealed the regression was added into the unit-tests. -- Regards, Ondrej Hamada FreeIPA team jabber: oh...@jabbim.cz IRC: ohamada
From 5399a72edd69c5f59ba1308e03a17531557faf11 Mon Sep 17 00:00:00 2001 From: Ondrej Hamada <oham...@redhat.com> Date: Wed, 21 Mar 2012 13:30:42 +0100 Subject: [PATCH] Search allowed attributes in superior objectclasses get_allowed_attributes function was improved to look for allowed attributes also in the superior objectclasses of specified objectclass. This fixes the regression caused by patch for ticket #2293. Test-case for unit-test was also created. https://fedorahosted.org/freeipa/ticket/2293 --- ipaserver/plugins/ldap2.py | 3 ++ tests/test_xmlrpc/test_permission_plugin.py | 35 +++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 0 deletions(-) diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index dd5756735405d5a5a9c76d4fa0d82459007a2233..178386c67001a5851e25f1640b301ae504ccab69 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -401,6 +401,9 @@ class ldap2(CrudBackend, Encoder): obj = self.schema.get_obj(_ldap.schema.ObjectClass, oc) if obj is not None: allowed_attributes += obj.must + obj.may + # look for allowed attributes in the superior objectclasses + if obj.sup: + allowed_attributes += self.get_allowed_attributes(obj.sup,raise_on_unknown) elif raise_on_unknown: raise errors.NotFound(reason=_('objectclass %s not found') % oc) return [unicode(a).lower() for a in list(set(allowed_attributes))] diff --git a/tests/test_xmlrpc/test_permission_plugin.py b/tests/test_xmlrpc/test_permission_plugin.py index 68a3cebf97943b330926fcf9837e9815e142d086..2ce1bdf31e1bb3022059088d84acb4267f8423a3 100644 --- a/tests/test_xmlrpc/test_permission_plugin.py +++ b/tests/test_xmlrpc/test_permission_plugin.py @@ -657,6 +657,41 @@ class test_permission(Declarative): dict( + desc='Create permission %r with attributes from superior objectclass' % permission1, + command=( + 'permission_add', [permission1], dict( + type=u'hostgroup', + permissions=u'add,delete,write', + attrs=u'businessCategory,owner,description', + ) + ), + expected=dict( + value=permission1, + summary=u'Added permission "%s"' % permission1, + result=dict( + dn=lambda x: DN(x) == permission1_dn, + cn=[permission1], + objectclass=objectclasses.permission, + type=u'hostgroup', + permissions=[u'add',u'delete',u'write'], + attrs=[u'businesscategory',u'owner',u'description'], + ), + ), + ), + + + dict( + desc='Delete %r' % permission1, + command=('permission_del', [permission1], {}), + expected=dict( + result=dict(failed=u''), + value=permission1, + summary=u'Deleted permission "%s"' % permission1, + ), + ), + + + dict( desc='Create targetgroup permission %r' % permission1, command=( 'permission_add', [permission1], dict( -- 1.7.6.5
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel