dsdb: Add test for modification of two attributes, one permitted, one denied (bug...

author Andrew Bartlett <abartlet@samba.org>

Wed, 9 Jan 2013 22:30:38 +0000 (09:30 +1100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 15 Jan 2013 13:03:47 +0000 (14:03 +0100)
author Andrew Bartlett <abartlet@samba.org>
Wed, 9 Jan 2013 22:30:38 +0000 (09:30 +1100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 15 Jan 2013 13:03:47 +0000 (14:03 +0100)
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py

index 94bc504804ff45b6f7c666c7b31725accaad0f31..ecda3c5db61e31111dd23dd6964dde8ab70d912c 100755 (executable)
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -382,6 +382,21 @@ dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
  changetype: modify
  replace: url
  url: www.samba.org"""
+        try:
+            self.ldb_user.modify_ldif(ldif)
+        except LdbError, (num, _):
+            self.assertEquals(num, ERR_INSUFFICIENT_ACCESS_RIGHTS)
+        else:
+            # This 'modify' operation should always throw ERR_INSUFFICIENT_ACCESS_RIGHTS
+            self.fail()
+        # Modify on attribute you do not have rights for granted while also modifying something you do have rights for
+        ldif = """
+dn: CN=test_modify_group1,CN=Users,""" + self.base_dn + """
+changetype: modify
+replace: url
+url: www.samba.org
+replace: displayName
+displayName: test_changed"""
          try:
              self.ldb_user.modify_ldif(ldif)
          except LdbError, (num, _):
author	Andrew Bartlett <abartlet@samba.org>
	Wed, 9 Jan 2013 22:30:38 +0000 (09:30 +1100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 15 Jan 2013 13:03:47 +0000 (14:03 +0100)