Refactor after merge 1258 into E

app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py

@@ -26,7 +26,7 @@
 from ldap_protocol.ldap_schema.directory_create_use_case import (
     DirectoryCreateUseCase,
 )
-from ldap_protocol.ldap_schema.dto import AttributeDTO, CreateDirDTO
+from ldap_protocol.ldap_schema.dto import AttributeDTO, DirCreateDTO
 from ldap_protocol.ldap_schema.entity_type.entity_type_use_case import (
     EntityTypeUseCase,
 )
@@ -77,7 +77,7 @@ async def _create_ldap_configuration_directory(
         if not base_dirs:
             return
 
-        _dto = CreateDirDTO(
+        _dto = DirCreateDTO(
             name=CONFIGURATION_DIR_NAME,
             entity_type_name=EntityTypeNames.CONFIGURATION,
             attributes=(

app/constants.py

@@ -321,8 +321,8 @@
     {
         "name": CONFIGURATION_DIR_NAME,
         "entity_type_name": EntityTypeNames.CONFIGURATION,
-        "object_class": "",
-        "attributes": {"objectClass": ["top", "container", "configuration"]},
+        "object_class": "container",
+        "attributes": {"objectClass": ["top", "configuration"]},
     },
     {
         "name": GROUPS_CONTAINER_NAME,

app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py

@@ -26,7 +26,7 @@
 from ldap_protocol.ldap_schema.dto import (
     AttributeDTO,
     AttributeTypeDTO,
-    CreateDirDTO,
+    DirCreateDTO,
 )
 from ldap_protocol.ldap_schema.exceptions import (
     AttributeTypeAlreadyExistsError,
@@ -85,7 +85,7 @@ async def create(self, dto: AttributeTypeDTO) -> None:
         if not dto.ldap_display_name:
             dto.ldap_display_name = f"{dto.name[0].lower()}{dto.name.replace('-', '')[1:]}"  # noqa: E501  # fmt: skip
 
-        _dto = CreateDirDTO(
+        _dto = DirCreateDTO(
             name=dto.name,
             entity_type_name=EntityTypeNames.ATTRIBUTE_TYPE,
             attributes=(

app/ldap_protocol/ldap_schema/directory_create_use_case.py

@@ -10,7 +10,7 @@
 
 from ldap_protocol.ldap_schema.attribute_dao import AttributeDAO
 from ldap_protocol.ldap_schema.directory_dao import DirectoryDAO
-from ldap_protocol.ldap_schema.dto import AttributeDTO, CreateDirDTO
+from ldap_protocol.ldap_schema.dto import AttributeDTO, DirCreateDTO
 from ldap_protocol.ldap_schema.entity_type.entity_type_use_case import (
     EntityTypeUseCase,
 )
@@ -64,7 +64,7 @@ async def delete_configuration_dir(self) -> None:
 
     async def create_dir(
         self,
-        dto: CreateDirDTO,
+        dto: DirCreateDTO,
         parent_dir: "Directory",
     ) -> None:
         """Create."""

app/ldap_protocol/ldap_schema/dto.py

@@ -64,7 +64,7 @@ class AttributeDTO:
 
 
 @dataclass
-class CreateDirDTO:
+class DirCreateDTO:
     name: str
     entity_type_name: EntityTypeNames
     attributes: tuple[AttributeDTO, ...]

app/ldap_protocol/ldap_schema/entity_type/entity_type_use_case.py

@@ -60,13 +60,16 @@ async def update(self, name: str, dto: EntityTypeDTO) -> None:
         """Update Entity Type."""
         try:
             entity_type = await self.get(name)
-
         except EntityTypeNotFoundError:
-            raise EntityTypeCantModifyError
+            raise EntityTypeCantModifyError(
+                "Can't update non-existent Entity Type.",
+            )
+
         if entity_type.is_system:
             raise EntityTypeCantModifyError(
                 f"Entity Type '{dto.name}' is system and cannot be modified.",
             )
+
         if name != dto.name:
             await self._validate_name(name=dto.name)
 

app/ldap_protocol/ldap_schema/exceptions.py

@@ -63,7 +63,7 @@ class ObjectClassNotFoundError(LdapSchemaError):
 
 
 class ObjectClassNotSetKindError(LdapSchemaError):
-    """Raised when an object class is not found."""
+    """Raised when an object class is not set kind (structural, auxiliary or abstract)."""  # noqa: E501
 
     code = ErrorCodes.OBJECT_CLASS_NOT_SET_KIND_ERROR
 

app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py

@@ -19,7 +19,7 @@
 )
 from ldap_protocol.ldap_schema.dto import (
     AttributeDTO,
-    CreateDirDTO,
+    DirCreateDTO,
     ObjectClassDTO,
 )
 from ldap_protocol.ldap_schema.entity_type.entity_type_dao import EntityTypeDAO
@@ -116,34 +116,40 @@ async def create(self, dto: ObjectClassDTO[None, str]) -> None:
                     "not found in schema.",
                 )
 
-        _dto = CreateDirDTO(
-            name=dto.name,
-            entity_type_name=EntityTypeNames.OBJECT_CLASS,
-            attributes=(
-                AttributeDTO(
-                    name=Names.OBJECT_CLASS,
-                    values=OBJECT_CLASS_OBJECT_CLASS_NAMES,
-                ),
-                AttributeDTO(name=Names.OID, values=[str(dto.oid)]),
+        attributes = [
+            AttributeDTO(
+                name=Names.OBJECT_CLASS,
+                values=OBJECT_CLASS_OBJECT_CLASS_NAMES,
+            ),
+            AttributeDTO(name=Names.OID, values=[str(dto.oid)]),
+            AttributeDTO(name=Names.KIND, values=[dto.kind.value]),
+            AttributeDTO(
+                name=Names.ATTRIBUTE_TYPES_MUST,
+                values=dto.attribute_types_must,
+            ),
+            AttributeDTO(
+                name=Names.ATTRIBUTE_TYPES_MAY,
+                values=dto.attribute_types_may,
+            ),
+        ]
+
+        if dto.superior_name:
+            attributes.append(
                 AttributeDTO(
                     name=Names.SUPERIOR_NAME,
-                    values=[str(dto.superior_name)],
+                    values=[dto.superior_name],
                 ),
-                AttributeDTO(name=Names.KIND, values=[str(dto.kind)]),
-                AttributeDTO(
-                    name=Names.ATTRIBUTE_TYPES_MUST,
-                    values=dto.attribute_types_must,
-                ),
-                AttributeDTO(
-                    name=Names.ATTRIBUTE_TYPES_MAY,
-                    values=dto.attribute_types_may,
-                ),
-            ),
+            )
+
+        _dir_create_dto = DirCreateDTO(
+            name=dto.name,
+            entity_type_name=EntityTypeNames.OBJECT_CLASS,
+            attributes=tuple(attributes),
             is_system=dto.is_system,
         )
         try:
             await self.__directory_create_use_case.create_dir(
-                dto=_dto,
+                dto=_dir_create_dto,
                 parent_dir=self.__parent_dir,
             )
         except IntegrityError:

app/ldap_protocol/ldap_schema/raw_definition_parser.py

@@ -67,7 +67,7 @@ async def collect_object_class_dto_from_info(
         """Create Object Class by ObjectClassInfo."""
         name = RawDefinitionParser._list_to_string(object_class_info.name)
         if not name:
-            raise ValueError("Attribute Type name is required")
+            raise ValueError("Object Class name is required")
 
         return ObjectClassDTO(
             oid=object_class_info.oid,

app/ldap_protocol/roles/access_manager.py

@@ -66,8 +66,11 @@ def _check_search_access(
             elif ace.is_allow and ace.attribute_type_name is None:
                 return True, forbidden_attributes, set()
 
+            elif ace.attribute_type_name is not None:
+                allowed_attributes.add(ace.attribute_type_name.lower())
+
             else:
-                allowed_attributes.add(ace.attribute_type_name.lower())  # type: ignore
+                raise ValueError(f"Invalid ACE configuration: {ace}")
 
         if not allowed_attributes:
             return False, set(), set()

tests/constants.py

@@ -17,26 +17,26 @@
 
 user_data_dict = {
     "sam_account_name": "user0",
-    "user_principal_name": "user0",
-    "mail": "user0@mail.com",
+    "user_principal_name": "user0@md.test",
+    "mail": "user0@md.test",
     "display_name": "user0",
     "password": "password",
     "groups": [DOMAIN_ADMIN_GROUP_NAME],
 }
 
 admin_user_data_dict = {
     "sam_account_name": "user_admin",
-    "user_principal_name": "user_admin",
-    "mail": "user_admin@mail.com",
+    "user_principal_name": "user_admin@md.test",
+    "mail": "user_admin@md.test",
     "display_name": "user_admin",
     "password": "password",
     "groups": [DOMAIN_ADMIN_GROUP_NAME],
 }
 
 user_with_login_perm_data_dict = {
     "sam_account_name": "user_admin_for_roles",
-    "user_principal_name": "user_admin_for_roles",
-    "mail": "user_admin_for_roles@mail.com",
+    "user_principal_name": "user_admin_for_roles@md.test",
+    "mail": "user_admin_for_roles@md.test",
     "display_name": "user_admin_for_roles",
     "password": "password",
     "groups": ["admin login only"],
@@ -462,8 +462,8 @@
     {
         "name": CONFIGURATION_DIR_NAME,
         "entity_type_name": EntityTypeNames.CONFIGURATION,
-        "object_class": "",
-        "attributes": {"objectClass": ["top", "container", "configuration"]},
+        "object_class": "container",
+        "attributes": {"objectClass": ["top", "configuration"]},
         "children": [],
     },
 ]

tests/test_ldap/test_ldap3_whoami.py

@@ -27,4 +27,4 @@ async def test_bind_whoami(
     """Test anonymous pwd change."""
     result = await ldap_client.whoami()
 
-    assert result == "u:user0"
+    assert result == "u:user0@md.test"

tests/test_ldap/test_util/test_modify.py

@@ -51,7 +51,7 @@ async def test_ldap_base_modify(
 
     directory = (await session.scalars(query)).one()
 
-    assert directory.user.mail == "user0@mail.com"  # type: ignore
+    assert directory.user.mail == "user0@md.test"  # type: ignore
 
     attributes = defaultdict(list)