diff options
author | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-21 18:11:27 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem.moulin@fripost.org> | 2013-01-21 18:11:27 +0100 |
commit | 192be467f1d05e5e148481c5497444ffc97603eb (patch) | |
tree | d0362e606569f7b699c10f64313ea15b1f6da4cc /ldap/test-user-acl.sh | |
parent | 4697625becadbd2d3eea9feb3eaacd2bf91ecdd4 (diff) |
Everyone can check for the absence of the 'pending' status.
Diffstat (limited to 'ldap/test-user-acl.sh')
-rwxr-xr-x | ldap/test-user-acl.sh | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/ldap/test-user-acl.sh b/ldap/test-user-acl.sh index 1dda3dc..7046716 100755 --- a/ldap/test-user-acl.sh +++ b/ldap/test-user-acl.sh @@ -238,6 +238,7 @@ echo "Authenticated users, access to domain entries" # +w if owner or postmaster # * fripostPendingToken # =zscd if owner or postmaster +# =s for all if there is no pending token # * fripostCanAddAlias # =rscd if canAddAlias, owner or postmaster # +w if postmaster @@ -274,22 +275,34 @@ usersD fripostOwner/add fripostOwner/delete \ [ $? -eq 0 ] || exit $? -msg "Have =0 rights on the \"pending\" status (unless owner or postmaster)" +msg "Have =s rights on the \"pending\" status if absent" for U in ${USERS}; do for D in ${DOMAINS}; do - search -s base -b "${D},${SUFFIX}" "(|(fripostOwner=${U},${SUFFIX}) - (fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' || \ + search -s base -b "${D},${SUFFIX}" "(!(fripostPendingToken=*))" | grep -q '^dn: ' && \ + checkACL "${U}" "${D}" fripostPendingToken + done +done | isOK '=s$' +[ $? -eq 0 ] || exit $? + + +msg "Have =0 rights on the \"pending\" status if present (unless owner or postmaster)" +for U in ${USERS}; do + for D in ${DOMAINS}; do + search -s base -b "${D},${SUFFIX}" "(&(!(|(fripostOwner=${U},${SUFFIX}) + (fripostPostmaster=${U},${SUFFIX}))) + (fripostPendingToken=*))" | grep -q '^dn: ' && \ checkACL "${U}" "${D}" fripostPendingToken done done | isOK '=0$' [ $? -eq 0 ] || exit $? -msg "Have =zscd access on the \"pending\" status (if owner or postmaster)" +msg "Have =zscd access on the \"pending\" status if present (if owner or postmaster)" for U in ${USERS}; do for D in ${DOMAINS}; do - search -s base -b "${D},${SUFFIX}" "(|(fripostOwner=${U},${SUFFIX}) - (fripostPostmaster=${U},${SUFFIX}))" | grep -q '^dn: ' && \ + search -s base -b "${D},${SUFFIX}" "(&(|(fripostOwner=${U},${SUFFIX}) + (fripostPostmaster=${U},${SUFFIX})) + (fripostPendingToken=*))" | grep -q '^dn: ' && \ checkACL "${U}" "${D}" fripostPendingToken done done | isOK '=zscd$' |