# pytest-3 -s -l -vv --tb=native test_42080.py
import tempfile
import subprocess

import pytest

import univention.admin.modules
import univention.testing.strings as uts


def test_bug42080(udm, ucr):
	"""Create a valid ldap acl object"""
	primary_group = udm.create_object('groups/group', name=uts.random_name())
	user, username = udm.create_user(primaryGroup=primary_group)
	with tempfile.NamedTemporaryFile('w', prefix='50_test_') as temp:
		temp.write(f'\n\naccess to dn.exact="{primary_group}" by dn.exact="{user}" none stop by * +0 break\n\n')
		temp.flush()
		subprocess.check_call(f'python3 -m univention.lib.ldap_extension ucs_registerLDAPExtension --packagename ucs-test --packageversion 1.0 --acl {temp.name}', shell=True)

	lo = univention.admin.uldap.access(base=ucr['ldap/base'], binddn=user, bindpw='univention')
	po = univention.admin.uldap.position(lo.base)
	univention.admin.modules.update()
	obj = univention.admin.modules.get('users/user').object(None, lo, po, user)
	obj.open()
	assert obj['primaryGroup'] == ''
	with pytest.raises(univention.admin.uexceptions.permissionDenied):
		obj.modify()