diff --git a/app/alembic/versions/1b71cafba681_replace_attributeTypeId.py b/app/alembic/versions/1b71cafba681_replace_attributeTypeId.py new file mode 100644 index 000000000..cbc8271ff --- /dev/null +++ b/app/alembic/versions/1b71cafba681_replace_attributeTypeId.py @@ -0,0 +1,88 @@ +"""Delete attributeTypeId add attribute_type_name from AccessControlEntries. + +Revision ID: 1b71cafba681 +Revises: 708b01eaf025 +Create Date: 2026-03-24 16:28:49.116712 + +""" + +import sqlalchemy as sa +from alembic import op +from dishka import AsyncContainer + +# revision identifiers, used by Alembic. +revision: None | str = "1b71cafba681" +down_revision: None | str = "708b01eaf025" +branch_labels: None | list[str] = None +depends_on: None | list[str] = None + + +def upgrade(container: AsyncContainer) -> None: # noqa: ARG001 + """Upgrade.""" + op.add_column( + "AccessControlEntries", + sa.Column("attribute_type_name", sa.String(), nullable=True), + ) + op.execute( + sa.text( + """ + UPDATE "AccessControlEntries" AS ace + SET attribute_type_name = directory.name + FROM "Directory" AS directory + WHERE ace."attributeTypeId" = directory.id + """, + ), + ) + + op.drop_index( + op.f("idx_ace_attribute_type_id"), + table_name="AccessControlEntries", + postgresql_using="hash", + ) + op.drop_constraint( + op.f("AccessControlEntries_directoryAttributeTypeId_fkey"), + "AccessControlEntries", + type_="foreignkey", + ) + op.drop_column("AccessControlEntries", "attributeTypeId") + + +def downgrade(container: AsyncContainer) -> None: # noqa: ARG001 + """Downgrade.""" + op.add_column( + "AccessControlEntries", + sa.Column( + "attributeTypeId", + sa.INTEGER(), + autoincrement=False, + nullable=True, + ), + ) + + op.execute( + sa.text( + """ + UPDATE "AccessControlEntries" AS ace + SET "attributeTypeId" = directory.id + FROM "Directory" AS directory + WHERE ace.attribute_type_name = directory.name + """, + ), + ) + + op.create_foreign_key( + op.f("AccessControlEntries_directoryAttributeTypeId_fkey"), + "AccessControlEntries", + "Directory", + ["attributeTypeId"], + ["id"], + ondelete="CASCADE", + ) + op.create_index( + op.f("idx_ace_attribute_type_id"), + "AccessControlEntries", + ["attributeTypeId"], + unique=False, + postgresql_using="hash", + ) + op.drop_column("AccessControlEntries", "attribute_type_name") diff --git a/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py b/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py index 8bf8ff51c..5fc2d6eed 100644 --- a/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py +++ b/app/alembic/versions/708b01eaf025_convert_schema_to_ldap.py @@ -6,11 +6,13 @@ """ +import sqlalchemy as sa from alembic import op from dishka import AsyncContainer, Scope from sqlalchemy.ext.asyncio import AsyncConnection, AsyncSession from constants import ENTITY_TYPE_DTOS_V2 +from extra.alembic_utils import temporary_stub_column from ldap_protocol.ldap_schema._legacy.attribute_type.attribute_type_use_case import ( # noqa: E501 AttributeTypeUseCaseLegacy, ) @@ -124,6 +126,11 @@ async def _rebind_ace_attribute_types_to_directories( op.run_async(_rebind_ace_attribute_types_to_directories) +@temporary_stub_column( + "AccessControlEntries", + "attribute_type_name", + sa.String(), +) def downgrade(container: AsyncContainer) -> None: """Downgrade.""" diff --git a/app/entities.py b/app/entities.py index 56c125571..5a1ec2adb 100644 --- a/app/entities.py +++ b/app/entities.py @@ -370,16 +370,11 @@ class AccessControlEntry: role_id: int | None = None depth: int | None = None path: str = "" - attribute_type_id: int | None = None + attribute_type_name: str | None = None entity_type_id: int | None = None is_allow: bool = False role: Role | None = field(init=False, default=None, repr=False) - attribute_type: Directory | None = field( - init=False, - default=None, - repr=False, - ) entity_type: EntityType | None = field( init=False, default=None, @@ -390,12 +385,6 @@ class AccessControlEntry: repr=False, ) - @property - def attribute_type_name(self) -> str | None: - return ( - self.attribute_type.name.lower() if self.attribute_type else None - ) - @property def entity_type_name(self) -> str | None: return self.entity_type.name if self.entity_type else None diff --git a/app/ldap_protocol/ldap_requests/modify.py b/app/ldap_protocol/ldap_requests/modify.py index 68813b214..f25ab9996 100644 --- a/app/ldap_protocol/ldap_requests/modify.py +++ b/app/ldap_protocol/ldap_requests/modify.py @@ -183,7 +183,6 @@ async def handle( user_role_ids=ctx.ldap_session.user.role_ids, query=query, ace_types=[AceType.WRITE, AceType.DELETE], - load_attribute_type=True, ) directory = await ctx.session.scalar(query) diff --git a/app/ldap_protocol/ldap_requests/modify_dn.py b/app/ldap_protocol/ldap_requests/modify_dn.py index 7cd6d45c7..b7c2905d4 100644 --- a/app/ldap_protocol/ldap_requests/modify_dn.py +++ b/app/ldap_protocol/ldap_requests/modify_dn.py @@ -211,7 +211,6 @@ async def handle( # noqa: C901 user_role_ids=ctx.ldap_session.user.role_ids, query=query, ace_types=[AceType.DELETE, AceType.WRITE], - load_attribute_type=True, ) directory = await ctx.session.scalar(query) @@ -274,7 +273,7 @@ async def handle( # noqa: C901 for ace in directory.access_control_entries if ( ace.ace_type == AceType.DELETE - and ace.attribute_type is None + and ace.attribute_type_name is None ) ] diff --git a/app/ldap_protocol/ldap_requests/search.py b/app/ldap_protocol/ldap_requests/search.py index 6674adaf7..bc5d67ca9 100644 --- a/app/ldap_protocol/ldap_requests/search.py +++ b/app/ldap_protocol/ldap_requests/search.py @@ -408,7 +408,6 @@ def _build_query( user_role_ids=user.role_ids, query=query, ace_types=[AceType.READ], - load_attribute_type=True, ) for base_directory in base_directories: diff --git a/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py b/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py index 74625fb65..e62027ab2 100644 --- a/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py +++ b/app/ldap_protocol/ldap_schema/attribute_type/attribute_type_use_case.py @@ -80,7 +80,6 @@ async def create(self, dto: AttributeTypeDTO) -> None: entity_type_name=EntityTypeNames.ATTRIBUTE_TYPE, attributes=( AttributeDTO(name=Names.OID, values=[str(dto.oid)]), - AttributeDTO(name=Names.NAME, values=[str(dto.name)]), AttributeDTO( name=Names.OBJECT_CLASS, values=ATTRIBUTE_TYPE_OBJECT_CLASS_NAMES, diff --git a/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py b/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py index 62f96ef5c..d9c852f89 100644 --- a/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py +++ b/app/ldap_protocol/ldap_schema/object_class/object_class_use_case.py @@ -115,7 +115,6 @@ async def create(self, dto: ObjectClassDTO[None, str]) -> None: values=OBJECT_CLASS_OBJECT_CLASS_NAMES, ), AttributeDTO(name=Names.OID, values=[str(dto.oid)]), - AttributeDTO(name=Names.NAME, values=[str(dto.name)]), AttributeDTO( name=Names.SUPERIOR_NAME, values=[str(dto.superior_name)], diff --git a/app/ldap_protocol/roles/access_manager.py b/app/ldap_protocol/roles/access_manager.py index 0edc74190..5276af6cd 100644 --- a/app/ldap_protocol/roles/access_manager.py +++ b/app/ldap_protocol/roles/access_manager.py @@ -54,20 +54,20 @@ def _check_search_access( return False, set(), set() for ace in aces: - if not ace.is_allow and ace.attribute_type_id is None: + if not ace.is_allow and ace.attribute_type_name is None: if allowed_attributes: return True, set(), allowed_attributes else: return False, set(), set() - elif not ace.is_allow and ace.attribute_type_id is not None: - forbidden_attributes.add(ace.attribute_type_name) # type: ignore + elif not ace.is_allow and ace.attribute_type_name is not None: + forbidden_attributes.add(ace.attribute_type_name.lower()) - elif ace.is_allow and ace.attribute_type_id is None: + elif ace.is_allow and ace.attribute_type_name is None: return True, forbidden_attributes, set() else: - allowed_attributes.add(ace.attribute_type_name) # type: ignore + allowed_attributes.add(ace.attribute_type_name.lower()) # type: ignore if not allowed_attributes: return False, set(), set() @@ -172,8 +172,8 @@ def _check_modify_access( ace.ace_type == ace_type and not ace.is_allow and ( - ace.attribute_type_id is None - or attr_name == ace.attribute_type_name + ace.attribute_type_name is None + or attr_name == ace.attribute_type_name.lower() ) ): return False @@ -181,8 +181,8 @@ def _check_modify_access( ace.ace_type == ace_type and ace.is_allow and ( - ace.attribute_type_id is None - or attr_name == ace.attribute_type_name + ace.attribute_type_name is None + or attr_name == ace.attribute_type_name.lower() ) ): return True @@ -271,7 +271,7 @@ def _extend_user_self_read_ace( scope=RoleScope.BASE_OBJECT, is_allow=True, entity_type_id=None, - attribute_type_id=None, + attribute_type_name=None, ) if not aces: @@ -291,7 +291,6 @@ def mutate_query_with_ace_load( user_role_ids: list[int], query: Select[tuple[Directory]], ace_types: list[AceType], - load_attribute_type: bool = False, require_attribute_type_null: bool = False, ) -> Select[tuple[Directory]]: """Mutate query to load access control entries. @@ -312,13 +311,6 @@ def mutate_query_with_ace_load( base_loader.joinedload(qa(AccessControlEntry.entity_type)), ] - if load_attribute_type: - loader_options.append( - base_loader.joinedload( - qa(AccessControlEntry.attribute_type), - ), - ) - criteria_conditions = [ qa(AccessControlEntry.role_id).in_(user_role_ids), ] @@ -334,7 +326,7 @@ def mutate_query_with_ace_load( if require_attribute_type_null: criteria_conditions.append( - qa(AccessControlEntry.attribute_type_id).is_(None), + qa(AccessControlEntry.attribute_type_name).is_(None), ) return query.options( diff --git a/app/ldap_protocol/roles/ace_dao.py b/app/ldap_protocol/roles/ace_dao.py index 202060115..2788a96b3 100644 --- a/app/ldap_protocol/roles/ace_dao.py +++ b/app/ldap_protocol/roles/ace_dao.py @@ -36,10 +36,6 @@ lambda x: x.role.name, P[AccessControlEntryDTO].role_name, ), - link_function( - lambda x: x.attribute_type_id, - P[AccessControlEntryDTO].attribute_type_id, - ), link_function( lambda x: x.entity_type_id, P[AccessControlEntryDTO].entity_type_id, @@ -66,7 +62,6 @@ async def _get_raw(self, _id: int) -> AccessControlEntry: query = ( select(AccessControlEntry) .options( - joinedload(qa(AccessControlEntry.attribute_type)), joinedload(qa(AccessControlEntry.entity_type)), joinedload(qa(AccessControlEntry.role)), selectinload(qa(AccessControlEntry.directories)), @@ -96,7 +91,6 @@ async def get_all(self) -> list[AccessControlEntryDTO]: access_control_entries = ( await self._session.scalars( select(AccessControlEntry).options( - joinedload(qa(AccessControlEntry.attribute_type)), joinedload(qa(AccessControlEntry.entity_type)), joinedload(qa(AccessControlEntry.role)), ), @@ -172,7 +166,7 @@ async def create(self, dto: AccessControlEntryDTO) -> None: path=dto.base_dn, scope=RoleScope(dto.scope.value), entity_type_id=dto.entity_type_id, - attribute_type_id=dto.attribute_type_id, + attribute_type_name=dto.attribute_type_name, is_allow=dto.is_allow, directories=directories, ) @@ -214,7 +208,7 @@ async def create_bulk(self, dtos: list[AccessControlEntryDTO]) -> None: path=ace.base_dn, scope=RoleScope(ace.scope.value), entity_type_id=ace.entity_type_id, - attribute_type_id=ace.attribute_type_id, + attribute_type_name=ace.attribute_type_name, is_allow=ace.is_allow, directories=directory_cache[cache_key], ) @@ -240,7 +234,7 @@ async def update(self, _id: int, dto: AccessControlEntryDTO) -> None: ace.role_id = dto.role_id ace.ace_type = dto.ace_type ace.entity_type_id = dto.entity_type_id - ace.attribute_type_id = dto.attribute_type_id + ace.attribute_type_name = dto.attribute_type_name ace.is_allow = dto.is_allow if dto.scope != ace.scope or dto.base_dn != ace.path: diff --git a/app/ldap_protocol/roles/dataclasses.py b/app/ldap_protocol/roles/dataclasses.py index f620281cc..f48c448b8 100644 --- a/app/ldap_protocol/roles/dataclasses.py +++ b/app/ldap_protocol/roles/dataclasses.py @@ -20,7 +20,7 @@ class AccessControlEntryDTO: scope: RoleScope base_dn: GRANT_DN_STRING is_allow: bool - attribute_type_id: int | None + attribute_type_name: str | None entity_type_id: int | None id: int | None = None diff --git a/app/ldap_protocol/roles/migrations_ace_dao.py b/app/ldap_protocol/roles/migrations_ace_dao.py index dc8fc0c67..036957b8e 100644 --- a/app/ldap_protocol/roles/migrations_ace_dao.py +++ b/app/ldap_protocol/roles/migrations_ace_dao.py @@ -63,10 +63,10 @@ async def _get_all_raw_aces_legacy(self) -> Sequence[Row[tuple[int, str]]]: select(qa(AccessControlEntry.id), qa(AttributeTypeLegacy.name)) .join( AttributeTypeLegacy, - qa(AccessControlEntry.attribute_type_id) - == qa(AttributeTypeLegacy.id), + qa(AccessControlEntry.attribute_type_name) + == qa(AttributeTypeLegacy.name), ) - .where(qa(AccessControlEntry.attribute_type_id).is_not(None)), + .where(qa(AccessControlEntry.attribute_type_name).is_not(None)), ) return ace_rows_q.all() @@ -102,13 +102,14 @@ async def _get_all_raw_aces(self) -> Sequence[Row[tuple[int, str]]]: select(qa(AccessControlEntry.id), qa(Directory.name)) .join( Directory, - qa(AccessControlEntry.attribute_type_id) == qa(Directory.id), + qa(AccessControlEntry.attribute_type_name) + == qa(Directory.name), ) .join( EntityType, qa(EntityType.id) == qa(Directory.entity_type_id), ) .where(qa(EntityType.name) == EntityTypeNames.ATTRIBUTE_TYPE) - .where(qa(AccessControlEntry.attribute_type_id).is_not(None)), + .where(qa(AccessControlEntry.attribute_type_name).is_not(None)), ) return ace_rows_q.all() diff --git a/app/ldap_protocol/roles/role_dao.py b/app/ldap_protocol/roles/role_dao.py index f1f14c83e..44e12b300 100644 --- a/app/ldap_protocol/roles/role_dao.py +++ b/app/ldap_protocol/roles/role_dao.py @@ -75,7 +75,6 @@ async def _get_raw(self, _id: int) -> Role: qa(Group.directory), ), selectinload(qa(Role.access_control_entries)).options( - joinedload(qa(AccessControlEntry.attribute_type)), joinedload(qa(AccessControlEntry.entity_type)), joinedload(qa(AccessControlEntry.role)), ), @@ -108,7 +107,6 @@ async def get_by_name(self, role_name: str) -> RoleDTO: qa(Group.directory), ), selectinload(qa(Role.access_control_entries)).options( - joinedload(qa(AccessControlEntry.attribute_type)), joinedload(qa(AccessControlEntry.entity_type)), joinedload(qa(AccessControlEntry.role)), ), diff --git a/app/ldap_protocol/roles/role_use_case.py b/app/ldap_protocol/roles/role_use_case.py index 75a1339f1..1cc634958 100644 --- a/app/ldap_protocol/roles/role_use_case.py +++ b/app/ldap_protocol/roles/role_use_case.py @@ -184,7 +184,7 @@ async def create_read_only_role(self) -> None: ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn_list[0].path_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -268,7 +268,7 @@ def _get_full_access_aces( ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ), @@ -277,7 +277,7 @@ def _get_full_access_aces( ace_type=AceType.CREATE_CHILD, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ), @@ -286,7 +286,7 @@ def _get_full_access_aces( ace_type=AceType.WRITE, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ), @@ -295,7 +295,7 @@ def _get_full_access_aces( ace_type=AceType.DELETE, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ), diff --git a/app/repo/pg/tables.py b/app/repo/pg/tables.py index 987cbdba8..be17cef6f 100644 --- a/app/repo/pg/tables.py +++ b/app/repo/pg/tables.py @@ -519,13 +519,7 @@ def _compile_create_uc( Column("depth", Integer, nullable=False), Column("scope", Enum(RoleScope), nullable=False), Column("path", String, nullable=False), - Column( - "attributeTypeId", - Integer, - ForeignKey("Directory.id", ondelete="CASCADE"), - nullable=True, - key="attribute_type_id", - ), + Column("attribute_type_name", String, nullable=True), Column( "entityTypeId", Integer, @@ -534,11 +528,6 @@ def _compile_create_uc( key="entity_type_id", ), Column("is_allow", Boolean, nullable=False), - Index( - "idx_ace_attribute_type_id", - "attribute_type_id", - postgresql_using="hash", - ), Index("idx_ace_entity_type_id", "entity_type_id", postgresql_using="hash"), Index("idx_ace_role_id_id", "role_id", postgresql_using="hash"), Index("idx_ace_scope_hash", "scope", postgresql_using="hash"), @@ -949,11 +938,6 @@ def _compile_create_uc( back_populates="access_control_entries", lazy="raise", ), - "attribute_type": relationship( - Directory, - lazy="raise", - uselist=False, - ), "entity_type": relationship(EntityType, lazy="raise", uselist=False), "directories": relationship( Directory, diff --git a/tests/test_ldap/test_roles/test_multiple_access.py b/tests/test_ldap/test_roles/test_multiple_access.py index 73a902bb0..2f8958132 100644 --- a/tests/test_ldap/test_roles/test_multiple_access.py +++ b/tests/test_ldap/test_roles/test_multiple_access.py @@ -60,7 +60,7 @@ async def test_multiple_access( scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, - attribute_type_id=user_account_control_attr.id, + attribute_type_name=user_account_control_attr.name, is_allow=True, ), AccessControlEntryDTO( @@ -69,7 +69,7 @@ async def test_multiple_access( scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, - attribute_type_id=user_principal_name.id, + attribute_type_name=user_principal_name.name, is_allow=True, ), AccessControlEntryDTO( @@ -78,7 +78,7 @@ async def test_multiple_access( scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, - attribute_type_id=posix_email_attr.id, + attribute_type_name=posix_email_attr.name, is_allow=True, ), AccessControlEntryDTO( @@ -87,7 +87,7 @@ async def test_multiple_access( scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, - attribute_type_id=posix_email_attr.id, + attribute_type_name=posix_email_attr.name, is_allow=True, ), ] diff --git a/tests/test_ldap/test_roles/test_search.py b/tests/test_ldap/test_roles/test_search.py index 4e632a5f8..54e9a0641 100644 --- a/tests/test_ldap/test_roles/test_search.py +++ b/tests/test_ldap/test_roles/test_search.py @@ -55,7 +55,7 @@ async def test_role_search_2( ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, base_dn="cn=Groups,dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -92,7 +92,7 @@ async def test_role_search_3( ace_type=AceType.READ, scope=RoleScope.SINGLE_LEVEL, base_dn="dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -134,7 +134,7 @@ async def test_role_search_4( ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=Groups,dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -180,7 +180,7 @@ async def test_role_search_5( ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn="dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -235,7 +235,7 @@ async def test_role_search_6( ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, base_dn="cn=user0,cn=Users,dc=md,dc=test", - attribute_type_id=posix_email_attr.id, + attribute_type_name=posix_email_attr.name, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -285,7 +285,7 @@ async def test_role_search_7( ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, base_dn="cn=user0,cn=Users,dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=user_entity_type.id, is_allow=True, ), @@ -294,7 +294,7 @@ async def test_role_search_7( ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, base_dn="cn=user0,cn=Users,dc=md,dc=test", - attribute_type_id=description_attr.id, + attribute_type_name=description_attr.name, entity_type_id=user_entity_type.id, is_allow=False, ), @@ -345,7 +345,7 @@ async def test_role_search_8( ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn="dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=user_entity_type.id, is_allow=False, ), @@ -354,7 +354,7 @@ async def test_role_search_8( ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, base_dn="cn=user0,cn=Users,dc=md,dc=test", - attribute_type_id=description_attr.id, + attribute_type_name=description_attr.name, entity_type_id=user_entity_type.id, is_allow=True, ), @@ -408,7 +408,7 @@ async def test_role_search_9( ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=user0,cn=Users,dc=md,dc=test", - attribute_type_id=posix_email_attr.id, + attribute_type_name=posix_email_attr.name, entity_type_id=user_entity_type.id, is_allow=True, ), @@ -417,7 +417,7 @@ async def test_role_search_9( ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, base_dn="cn=user0,cn=Users,dc=md,dc=test", - attribute_type_id=description_attr.id, + attribute_type_name=description_attr.name, entity_type_id=user_entity_type.id, is_allow=False, ), diff --git a/tests/test_ldap/test_util/test_add.py b/tests/test_ldap/test_util/test_add.py index b0312bc98..166a153e1 100644 --- a/tests/test_ldap/test_util/test_add.py +++ b/tests/test_ldap/test_util/test_add.py @@ -301,7 +301,7 @@ async def try_add() -> int: ace_type=AceType.CREATE_CHILD, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -311,7 +311,7 @@ async def try_add() -> int: ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn=base_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) diff --git a/tests/test_ldap/test_util/test_delete.py b/tests/test_ldap/test_util/test_delete.py index bff5011c2..313283ce2 100644 --- a/tests/test_ldap/test_util/test_delete.py +++ b/tests/test_ldap/test_util/test_delete.py @@ -180,7 +180,7 @@ async def try_delete() -> int: ace_type=AceType.DELETE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) diff --git a/tests/test_ldap/test_util/test_modify.py b/tests/test_ldap/test_util/test_modify.py index 4a51c8cf2..f641300f0 100644 --- a/tests/test_ldap/test_util/test_modify.py +++ b/tests/test_ldap/test_util/test_modify.py @@ -730,7 +730,7 @@ async def try_modify() -> int: ace_type=AceType.WRITE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -744,7 +744,7 @@ async def try_modify() -> int: ace_type=AceType.DELETE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, ) @@ -1187,7 +1187,7 @@ async def test_modify_dn_rename_with_ap( ace_type=AceType.WRITE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=rdn_attr.id, + attribute_type_name=rdn_attr.name, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -1196,7 +1196,7 @@ async def test_modify_dn_rename_with_ap( ace_type=AceType.DELETE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=rdn_attr.id, + attribute_type_name=rdn_attr.name, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -1242,7 +1242,7 @@ async def test_modify_dn_rename_with_ap( assert ace_before.role_id == ace_after.role_id assert ace_before.ace_type == ace_after.ace_type assert ace_before.scope == ace_after.scope - assert ace_before.attribute_type_id == ace_after.attribute_type_id + assert ace_before.attribute_type_name == ace_after.attribute_type_name assert ace_before.entity_type_id == ace_after.entity_type_id assert ace_before.is_allow == ace_after.is_allow @@ -1298,7 +1298,7 @@ async def test_modify_dn_move_with_ap( ace_type=AceType.WRITE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=rdn_attr.id, + attribute_type_name=rdn_attr.name, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -1307,7 +1307,7 @@ async def test_modify_dn_move_with_ap( ace_type=AceType.CREATE_CHILD, scope=RoleScope.WHOLE_SUBTREE, base_dn=new_parent_dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -1316,7 +1316,7 @@ async def test_modify_dn_move_with_ap( ace_type=AceType.DELETE, scope=RoleScope.WHOLE_SUBTREE, base_dn=dn, - attribute_type_id=None, + attribute_type_name=None, entity_type_id=user_entity_type.id, is_allow=True, ) @@ -1375,7 +1375,7 @@ async def test_modify_dn_move_with_ap( assert ace_before.role_id == ace_after.role_id assert ace_before.ace_type == ace_after.ace_type assert ace_before.scope == ace_after.scope - assert ace_before.attribute_type_id == ace_after.attribute_type_id + assert ace_before.attribute_type_name == ace_after.attribute_type_name assert ace_before.entity_type_id == ace_after.entity_type_id assert ace_before.is_allow == ace_after.is_allow diff --git a/tests/test_ldap/test_util/test_search.py b/tests/test_ldap/test_util/test_search.py index 338822a62..23eda8ab9 100644 --- a/tests/test_ldap/test_util/test_search.py +++ b/tests/test_ldap/test_util/test_search.py @@ -544,7 +544,7 @@ async def test_ldap_search_access_control_denied( ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, base_dn="cn=Groups,dc=md,dc=test", - attribute_type_id=None, + attribute_type_name=None, entity_type_id=None, is_allow=True, )