diff --git a/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py b/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py index 8c2ac970f..47a235dff 100644 --- a/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py +++ b/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py @@ -26,7 +26,7 @@ from ldap_protocol.ldap_schema.directory_create_use_case import ( DirectoryCreateUseCase, ) -from ldap_protocol.ldap_schema.dto import AttributeDTO, CreateDirDTO +from ldap_protocol.ldap_schema.dto import AttributeDTO, DirCreateDTO from ldap_protocol.ldap_schema.entity_type.entity_type_use_case import ( EntityTypeUseCase, ) @@ -77,7 +77,7 @@ async def _create_ldap_configuration_directory( if not base_dirs: return - _dto = CreateDirDTO( + _dto = DirCreateDTO( name=CONFIGURATION_DIR_NAME, entity_type_name=EntityTypeNames.CONFIGURATION, attributes=( diff --git a/app/constants.py b/app/constants.py index 553cbe528..a6192f314 100644 --- a/app/constants.py +++ b/app/constants.py @@ -321,8 +321,8 @@ { "name": CONFIGURATION_DIR_NAME, "entity_type_name": EntityTypeNames.CONFIGURATION, - "object_class": "", - "attributes": {"objectClass": ["top", "container", "configuration"]}, + "object_class": "container", + "attributes": {"objectClass": ["top", "configuration"]}, }, { "name": GROUPS_CONTAINER_NAME, diff --git a/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py b/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py index 999fa677d..94581a093 100644 --- a/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py +++ b/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py @@ -26,7 +26,7 @@ from ldap_protocol.ldap_schema.dto import ( AttributeDTO, AttributeTypeDTO, - CreateDirDTO, + DirCreateDTO, ) from ldap_protocol.ldap_schema.exceptions import ( AttributeTypeAlreadyExistsError, @@ -85,7 +85,7 @@ async def create(self, dto: AttributeTypeDTO) -> None: if not dto.ldap_display_name: dto.ldap_display_name = f"{dto.name[0].lower()}{dto.name.replace('-', '')[1:]}" # noqa: E501 # fmt: skip - _dto = CreateDirDTO( + _dto = DirCreateDTO( name=dto.name, entity_type_name=EntityTypeNames.ATTRIBUTE_TYPE, attributes=( diff --git a/app/ldap_protocol/ldap_schema/directory_create_use_case.py b/app/ldap_protocol/ldap_schema/directory_create_use_case.py index c7479d97b..9e2e4a033 100644 --- a/app/ldap_protocol/ldap_schema/directory_create_use_case.py +++ b/app/ldap_protocol/ldap_schema/directory_create_use_case.py @@ -10,7 +10,7 @@ from ldap_protocol.ldap_schema.attribute_dao import AttributeDAO from ldap_protocol.ldap_schema.directory_dao import DirectoryDAO -from ldap_protocol.ldap_schema.dto import AttributeDTO, CreateDirDTO +from ldap_protocol.ldap_schema.dto import AttributeDTO, DirCreateDTO from ldap_protocol.ldap_schema.entity_type.entity_type_use_case import ( EntityTypeUseCase, ) @@ -64,7 +64,7 @@ async def delete_configuration_dir(self) -> None: async def create_dir( self, - dto: CreateDirDTO, + dto: DirCreateDTO, parent_dir: "Directory", ) -> None: """Create.""" diff --git a/app/ldap_protocol/ldap_schema/dto.py b/app/ldap_protocol/ldap_schema/dto.py index bb3e33cb2..38c97d4c8 100644 --- a/app/ldap_protocol/ldap_schema/dto.py +++ b/app/ldap_protocol/ldap_schema/dto.py @@ -64,7 +64,7 @@ class AttributeDTO: @dataclass -class CreateDirDTO: +class DirCreateDTO: name: str entity_type_name: EntityTypeNames attributes: tuple[AttributeDTO, ...] diff --git a/app/ldap_protocol/ldap_schema/entity_type/entity_type_use_case.py b/app/ldap_protocol/ldap_schema/entity_type/entity_type_use_case.py index c15dd301d..e90b72c8a 100644 --- a/app/ldap_protocol/ldap_schema/entity_type/entity_type_use_case.py +++ b/app/ldap_protocol/ldap_schema/entity_type/entity_type_use_case.py @@ -60,13 +60,16 @@ async def update(self, name: str, dto: EntityTypeDTO) -> None: """Update Entity Type.""" try: entity_type = await self.get(name) - except EntityTypeNotFoundError: - raise EntityTypeCantModifyError + raise EntityTypeCantModifyError( + "Can't update non-existent Entity Type.", + ) + if entity_type.is_system: raise EntityTypeCantModifyError( f"Entity Type '{dto.name}' is system and cannot be modified.", ) + if name != dto.name: await self._validate_name(name=dto.name) diff --git a/app/ldap_protocol/ldap_schema/exceptions.py b/app/ldap_protocol/ldap_schema/exceptions.py index b4f0a3f0b..e862d0d73 100644 --- a/app/ldap_protocol/ldap_schema/exceptions.py +++ b/app/ldap_protocol/ldap_schema/exceptions.py @@ -63,7 +63,7 @@ class ObjectClassNotFoundError(LdapSchemaError): class ObjectClassNotSetKindError(LdapSchemaError): - """Raised when an object class is not found.""" + """Raised when an object class is not set kind (structural, auxiliary or abstract).""" # noqa: E501 code = ErrorCodes.OBJECT_CLASS_NOT_SET_KIND_ERROR diff --git a/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py b/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py index 174336dec..38a8ccf06 100644 --- a/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py +++ b/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py @@ -19,7 +19,7 @@ ) from ldap_protocol.ldap_schema.dto import ( AttributeDTO, - CreateDirDTO, + DirCreateDTO, ObjectClassDTO, ) from ldap_protocol.ldap_schema.entity_type.entity_type_dao import EntityTypeDAO @@ -116,34 +116,40 @@ async def create(self, dto: ObjectClassDTO[None, str]) -> None: "not found in schema.", ) - _dto = CreateDirDTO( - name=dto.name, - entity_type_name=EntityTypeNames.OBJECT_CLASS, - attributes=( - AttributeDTO( - name=Names.OBJECT_CLASS, - values=OBJECT_CLASS_OBJECT_CLASS_NAMES, - ), - AttributeDTO(name=Names.OID, values=[str(dto.oid)]), + attributes = [ + AttributeDTO( + name=Names.OBJECT_CLASS, + values=OBJECT_CLASS_OBJECT_CLASS_NAMES, + ), + AttributeDTO(name=Names.OID, values=[str(dto.oid)]), + AttributeDTO(name=Names.KIND, values=[dto.kind.value]), + AttributeDTO( + name=Names.ATTRIBUTE_TYPES_MUST, + values=dto.attribute_types_must, + ), + AttributeDTO( + name=Names.ATTRIBUTE_TYPES_MAY, + values=dto.attribute_types_may, + ), + ] + + if dto.superior_name: + attributes.append( AttributeDTO( name=Names.SUPERIOR_NAME, - values=[str(dto.superior_name)], + values=[dto.superior_name], ), - AttributeDTO(name=Names.KIND, values=[str(dto.kind)]), - AttributeDTO( - name=Names.ATTRIBUTE_TYPES_MUST, - values=dto.attribute_types_must, - ), - AttributeDTO( - name=Names.ATTRIBUTE_TYPES_MAY, - values=dto.attribute_types_may, - ), - ), + ) + + _dir_create_dto = DirCreateDTO( + name=dto.name, + entity_type_name=EntityTypeNames.OBJECT_CLASS, + attributes=tuple(attributes), is_system=dto.is_system, ) try: await self.__directory_create_use_case.create_dir( - dto=_dto, + dto=_dir_create_dto, parent_dir=self.__parent_dir, ) except IntegrityError: diff --git a/app/ldap_protocol/ldap_schema/raw_definition_parser.py b/app/ldap_protocol/ldap_schema/raw_definition_parser.py index 3170ae2d5..0fc35230a 100644 --- a/app/ldap_protocol/ldap_schema/raw_definition_parser.py +++ b/app/ldap_protocol/ldap_schema/raw_definition_parser.py @@ -67,7 +67,7 @@ async def collect_object_class_dto_from_info( """Create Object Class by ObjectClassInfo.""" name = RawDefinitionParser._list_to_string(object_class_info.name) if not name: - raise ValueError("Attribute Type name is required") + raise ValueError("Object Class name is required") return ObjectClassDTO( oid=object_class_info.oid, diff --git a/app/ldap_protocol/roles/access_manager.py b/app/ldap_protocol/roles/access_manager.py index 5276af6cd..ea7d442f4 100644 --- a/app/ldap_protocol/roles/access_manager.py +++ b/app/ldap_protocol/roles/access_manager.py @@ -66,8 +66,11 @@ def _check_search_access( elif ace.is_allow and ace.attribute_type_name is None: return True, forbidden_attributes, set() + elif ace.attribute_type_name is not None: + allowed_attributes.add(ace.attribute_type_name.lower()) + else: - allowed_attributes.add(ace.attribute_type_name.lower()) # type: ignore + raise ValueError(f"Invalid ACE configuration: {ace}") if not allowed_attributes: return False, set(), set() diff --git a/interface b/interface index fb051a035..046449cdd 160000 --- a/interface +++ b/interface @@ -1 +1 @@ -Subproject commit fb051a035576c1d77421914eca1a131dc0f3382b +Subproject commit 046449cdd568919cca12a7939366dcee7a54fdfa diff --git a/tests/constants.py b/tests/constants.py index 02dd422e5..68e980383 100644 --- a/tests/constants.py +++ b/tests/constants.py @@ -17,8 +17,8 @@ user_data_dict = { "sam_account_name": "user0", - "user_principal_name": "user0", - "mail": "user0@mail.com", + "user_principal_name": "user0@md.test", + "mail": "user0@md.test", "display_name": "user0", "password": "password", "groups": [DOMAIN_ADMIN_GROUP_NAME], @@ -26,8 +26,8 @@ admin_user_data_dict = { "sam_account_name": "user_admin", - "user_principal_name": "user_admin", - "mail": "user_admin@mail.com", + "user_principal_name": "user_admin@md.test", + "mail": "user_admin@md.test", "display_name": "user_admin", "password": "password", "groups": [DOMAIN_ADMIN_GROUP_NAME], @@ -35,8 +35,8 @@ user_with_login_perm_data_dict = { "sam_account_name": "user_admin_for_roles", - "user_principal_name": "user_admin_for_roles", - "mail": "user_admin_for_roles@mail.com", + "user_principal_name": "user_admin_for_roles@md.test", + "mail": "user_admin_for_roles@md.test", "display_name": "user_admin_for_roles", "password": "password", "groups": ["admin login only"], @@ -462,8 +462,8 @@ { "name": CONFIGURATION_DIR_NAME, "entity_type_name": EntityTypeNames.CONFIGURATION, - "object_class": "", - "attributes": {"objectClass": ["top", "container", "configuration"]}, + "object_class": "container", + "attributes": {"objectClass": ["top", "configuration"]}, "children": [], }, ] diff --git a/tests/test_ldap/test_ldap3_whoami.py b/tests/test_ldap/test_ldap3_whoami.py index 7d4ba5651..0238c5edb 100644 --- a/tests/test_ldap/test_ldap3_whoami.py +++ b/tests/test_ldap/test_ldap3_whoami.py @@ -27,4 +27,4 @@ async def test_bind_whoami( """Test anonymous pwd change.""" result = await ldap_client.whoami() - assert result == "u:user0" + assert result == "u:user0@md.test" diff --git a/tests/test_ldap/test_util/test_modify.py b/tests/test_ldap/test_util/test_modify.py index f641300f0..adf89c1b6 100644 --- a/tests/test_ldap/test_util/test_modify.py +++ b/tests/test_ldap/test_util/test_modify.py @@ -51,7 +51,7 @@ async def test_ldap_base_modify( directory = (await session.scalars(query)).one() - assert directory.user.mail == "user0@mail.com" # type: ignore + assert directory.user.mail == "user0@md.test" # type: ignore attributes = defaultdict(list)