freeipa

Clone
Source Code
GIT

4f03aed prevent last admin from being disabled

3 files Authored by jdennis 11 years ago, Committed by mkosek 11 years ago,
raw patch tree parent
3 files changed. 303 lines added. 173 lines removed.
ipalib/errors.py
file modified
+3 -3
ipalib/plugins/user.py
file modified
+21 -6
tests/test_xmlrpc/test_user_plugin.py
file modified
+279 -164 
    prevent last admin from being disabled
    
    We prevent the last member of the admin group from being deleted. The
    same check needs to be performed when disabling a user.
    
    * Moved the code in del_user to the common subroutine
      check_protected_member() and call it from both user_del and
      user_disable. Note, unlike user_del user_disable does not have a
      'pre' callback therefore the check function is called in
      user_disable's execute routine.
    
    * Make check_protected_member() aware of disabled members. It's not
      sufficient to check which members of the protected group are
      present, one must only consider those members which are enabled.
    
    * Add tests to test_user_plugin.py.
    
      - verify you cannot delete nor disable the last member of the admin
        group
    
      - verify when the admin group contains disabled users in addition to
        enabled users only the enabled users are considered when
        determining if the last admin is about to be disabled or deleted.
    
    * Replace duplicated hardcoded values in the tests with variables or
      subroutines, this makes the individual tests a bit more succinct and
      easier to copy/modify.
    
    * Update error msg to reflect either deleting or disabling is an error.
    
    https://fedorahosted.org/freeipa/ticket/2979
file modified
+3 -3
file modified
+21 -6
file modified
+279 -164
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.