From 4731182e811de1befb06f83c2f4573b0b214f98a Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Mon, 27 Aug 2007 21:38:02 +0000
Subject: [PATCH] Added test cases for Issue 1683.
---
opendj-sdk/opends/tests/functional-tests/testcases/privileges/privileges_users.xml | 326 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
opendj-sdk/opends/tests/functional-tests/shared/functions/dsconfig.xml | 8
2 files changed, 329 insertions(+), 5 deletions(-)
diff --git a/opendj-sdk/opends/tests/functional-tests/shared/functions/dsconfig.xml b/opendj-sdk/opends/tests/functional-tests/shared/functions/dsconfig.xml
index 2746b0e..bbe82b6 100755
--- a/opendj-sdk/opends/tests/functional-tests/shared/functions/dsconfig.xml
+++ b/opendj-sdk/opends/tests/functional-tests/shared/functions/dsconfig.xml
@@ -106,14 +106,14 @@
<function-arg-property name="type" value="string" />
</function-arg-def>
- <function-arg-def name="propertyType" type="required">
+ <function-arg-def name="propertyType" type="optional" default="''">
<function-arg-description>
Property type to modify, e.g. validator
</function-arg-description>
<function-arg-property name="type" value="string" />
</function-arg-def>
- <function-arg-def name="propertyName" type="required">
+ <function-arg-def name="propertyName" type="optional" default="''">
<function-arg-description>
Property to modify, e.g. enabled
</function-arg-description>
@@ -162,7 +162,9 @@
STAFCmdParamsList=[]
STAFCmdParamsList.append('set-%s-prop ' % (objectName))
- STAFCmdParamsList.append('--%s-name "%s" ' % (propertyType,propertyName))
+
+ if propertyType:
+ STAFCmdParamsList.append('--%s-name "%s" ' % (propertyType,propertyName))
if modifyType == 'reset':
STAFCmdParamsList.append('--%s %s' % (modifyType,attributeName))
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/privileges/privileges_users.xml b/opendj-sdk/opends/tests/functional-tests/testcases/privileges/privileges_users.xml
index 73b2725..c5467fa 100644
--- a/opendj-sdk/opends/tests/functional-tests/testcases/privileges/privileges_users.xml
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/privileges/privileges_users.xml
@@ -58,7 +58,7 @@
file="'%s/testcases/privileges/privileges_setup.xml' % (TESTS_DIR)"/>
<call function="'privileges_setup'" />
- <!---
+ <!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
@@ -246,7 +246,7 @@
'dsInstancePswd' : 'ACIRules' ,
'dsBaseDN' : 'uid=scarter,ou=People,o=Privileges Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
- 'attributes' : 'cn sn uid'}
+ 'attributes' : 'cn sn uid' }
</call>
<script>
@@ -1073,6 +1073,197 @@
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
+ #@TestName modify-acl - add aci - disable privilege
+ #@TestIssue 1683
+ #@TestPurpose disable privilege for modify-acl privilege for normal users - add aci
+ #@TestPreamble none
+ #@TestStep Admin adds write ACI.
+ #@TestStep User adds ACI.
+ #@TestStep Admin adds disabled-privilege.
+ #@TestStep User adds ACI.
+ #@TestStep Admin deletes write ACI.
+ #@TestStep User adds second ACI.
+ #@TestStep Admin deletes disabled-privilege.
+ #@TestStep Admin deletes user-added ACI.
+ #@TestStep User adds second ACI.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50
+ for steps 2, 6, and 9, and 0
+ for all other ldap operations.
+ -->
+ <testcase name="getTestCaseName('modify-acl - add aci - disable privilege')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, Admin adding write ACI'
+ </message>
+
+ <script>
+ write_aci="(targetattr=\"aci || ds-privilege-name\")(version 3.0; acl \"add_write_acl\"; allow (write) userdn=\"ldap:///all\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : write_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <script>
+ search_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
+ </script>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : search_aci ,
+ 'changetype' : 'add' ,
+ 'expectedRC' : 50 }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, Admin disabling privilege'
+ </message>
+
+ <call function="'dsconfigSet'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'objectName' : 'global-configuration' ,
+ 'attributeName' : 'disabled-privilege' ,
+ 'attributeValue' : 'modify-acl' }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, user adding ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : search_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting write ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : write_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
+ </message>
+
+ <script>
+ search2_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci2\"; allow (write) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : search2_aci ,
+ 'changetype' : 'add' ,
+ 'expectedRC' : 50
+ }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, Admin un-disabling privilege'
+ </message>
+
+ <call function="'dsconfigSet'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'objectName' : 'global-configuration' ,
+ 'attributeName' : 'disabled-privilege' ,
+ 'attributeValue' : 'modify-acl' ,
+ 'modifyType' : 'remove' }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, Admin deleting user-added ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=People, o=Privileges Tests, dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : search_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <message>
+ 'Privileges: Users: modify-acl - add aci - disable privilege, user adding second ACI'
+ </message>
+
+ <script>
+ search3_aci="(targetattr=\"*\")(version 3.0; acl \"add_search_aci_scarter\"; allow (search,read) userdn=\"ldap:///uid=auser, o=Privileges Tests,dc=example,dc=com\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'DNToModify' : 'uid=scarter, ou=People, o=Privileges Tests, dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : search3_aci ,
+ 'changetype' : 'add' ,
+ 'expectedRC' : 50
+ }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Privileges Users Tests
#@TestName modify-acl - replace aci
#@TestIssue 471
#@TestPurpose modify-acl privilege for normal users - replace aci
@@ -1543,6 +1734,137 @@
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Privileges Users Tests
+ #@TestName config-read - disable privilege
+ #@TestIssue 1683
+ #@TestPurpose config-read privilege for normal users
+ #@TestPreamble none
+ #@TestStep User searches cn=config, check default behavior.
+ #@TestStep Admin adds privilege.
+ #@TestStep User searches cn=config.
+ #@TestStep Admin removes privilege.
+ #@TestStep User searches cn=config.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 50
+ for steps 1 and 5, and 0
+ for all other ldap operations.
+ Proper entries returned for allowed searches.
+ -->
+ <testcase name="getTestCaseName('config-read - disable privilege')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Privileges: Users: config-read - disable privilege, check default privilege, user searching cn=config'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'cn=config' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'ds-cfg-check-schema' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 50
+ }
+ </call>
+
+ <message>
+ 'Privileges: Users: config-read - disable privilege, Admin disabling privilege'
+ </message>
+
+ <call function="'dsconfigSet'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'objectName' : 'global-configuration' ,
+ 'attributeName' : 'disabled-privilege' ,
+ 'attributeValue' : 'config-read' }
+ </call>
+
+ <message>
+ 'Privileges: Users: config-read - disable privilege, user searching cn=config'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'cn=config' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'ds-cfg-check-schema' ,
+ 'extraParams' : '-s base' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: cn=config' ,
+ 'expectedResult' : '1' }
+ </call>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'ds-cfg-check-schema:' ,
+ 'expectedResult' : '1' }
+ </call>
+
+ <message>
+ 'Privileges: Users: config-read - disable privilege, Admin un-disabling privilege'
+ </message>
+
+ <call function="'dsconfigSet'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'objectName' : 'global-configuration' ,
+ 'attributeName' : 'disabled-privilege' ,
+ 'attributeValue' : 'config-read' ,
+ 'modifyType' : 'remove' }
+ </call>
+
+ <message>
+ 'Privileges: Users: config-read - disable privilege, user searching cn=config'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=auser,o=Privileges Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'ACIRules' ,
+ 'dsBaseDN' : 'cn=config' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'attributes' : 'ds-cfg-check-schema' ,
+ 'extraParams' : '-s base' ,
+ 'expectedRC' : 50 }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: cn=config' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker Privileges Users Tests
#@TestName config-write
#@TestIssue 472
#@TestPurpose config-write privilege for normal users
--
Gitblit v1.10.0