From 2461d69242108fe6f4bc067cc8255e41f66c58aa Mon Sep 17 00:00:00 2001 From: Armando Neto Date: Mon, 18 Jun 2018 18:26:01 -0300 Subject: [PATCH] ipaserver config plugin: Increase search records minimum limit Check if the given search records value is greater than an arbitrary number that is not so close to zero. https://pagure.io/freeipa/issue/6617 Reviewed-By: Rob Crittenden --- ipaserver/plugins/config.py | 14 +++++- ipatests/test_xmlrpc/test_config_plugin.py | 76 ++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 1 deletion(-) diff --git a/ipaserver/plugins/config.py b/ipaserver/plugins/config.py index 33ed38ba016567b9df57503f2f8418cf7c7fc794..d367c3c5aa421bb22d1630c88bbac846e7d84386 100644 --- a/ipaserver/plugins/config.py +++ b/ipaserver/plugins/config.py @@ -85,6 +85,18 @@ EXAMPLES: register = Registry() + +def validate_search_records_limit(ugettext, value): + """Check if value is greater than a realistic minimum. + + Values 0 and -1 are valid, as they represent unlimited. + """ + if value in {-1, 0}: + return + if value < 10: + return _('must be at least 10') + + @register() class config(LDAPObject): """ @@ -161,10 +173,10 @@ class config(LDAPObject): minvalue=-1, ), Int('ipasearchrecordslimit', + validate_search_records_limit, cli_name='searchrecordslimit', label=_('Search size limit'), doc=_('Maximum number of records to search (-1 or 0 is unlimited)'), - minvalue=-1, ), IA5Str('ipausersearchfields', cli_name='usersearch', diff --git a/ipatests/test_xmlrpc/test_config_plugin.py b/ipatests/test_xmlrpc/test_config_plugin.py index c037224162e2c29f6dd76eabefe7fededc6f882d..666b7c2c87b4f0a1f7bde18c78780a1ea6072b71 100644 --- a/ipatests/test_xmlrpc/test_config_plugin.py +++ b/ipatests/test_xmlrpc/test_config_plugin.py @@ -211,4 +211,80 @@ class test_config(Declarative): summary=None, ), ), + dict( + desc='Set the number of search records to -1 (unlimited)', + command=( + 'config_mod', [], { + 'ipasearchrecordslimit': u'-1', + }, + ), + expected={ + 'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',), + 'summary': None, + 'value': None, + }, + ), + dict( + desc='Set the number of search records to greater than 10', + command=( + 'config_mod', [], { + 'ipasearchrecordslimit': u'100', + }, + ), + expected={ + 'result': lambda d: d['ipasearchrecordslimit'] == (u'100',), + 'summary': None, + 'value': None, + }, + ), + dict( + desc='Set the number of search records to lower than -1', + command=( + 'config_mod', [], { + 'ipasearchrecordslimit': u'-10', + }, + ), + expected=errors.ValidationError( + name=u'searchrecordslimit', + error=u'must be at least 10', + ), + ), + dict( + desc='Set the number of search records to lower than 10', + command=( + 'config_mod', [], { + 'ipasearchrecordslimit': u'1', + }, + ), + expected=errors.ValidationError( + name=u'searchrecordslimit', + error=u'must be at least 10', + ), + ), + dict( + desc='Set the number of search records to zero (unlimited)', + command=( + 'config_mod', [], { + 'ipasearchrecordslimit': u'0', + }, + ), + expected={ + 'result': lambda d: d['ipasearchrecordslimit'] == (u'-1',), + 'summary': None, + 'value': None, + }, + ), + dict( + desc='Set the number of search records back to 100', + command=( + 'config_mod', [], { + 'ipasearchrecordslimit': u'100', + }, + ), + expected={ + 'result': lambda d: d['ipasearchrecordslimit'] == (u'100',), + 'summary': None, + 'value': None, + }, + ), ] -- 2.14.4