On 11/1/2010 9:28 AM, Adam Young wrote:
Check effective rights. If the right is not explicitly allowed, show the field as read only.
It seems to be working, but I think it has to wait until the attributelevelrights is returned in the JSON response because without it the UI would become unusable because all fields would be disabled.
That is part of the patch. attributelevelrights has been added as a flag to the JSON request. The change to baseldap.py will only apply on to of the change made to return the rights. I suspect that what you are seeing is that there is some holes in the coverage of the attribute level rights, and I made the decision to default to "don't allow changes". Thus, this code needs to go in before we can identify places where the rights are not being properly reported, otherwise, we just won't know.
Still NACK. I have tested this again. It looks like the UI does not send the --rights parameter which is required to get the attributelevelrights. With this patch even the admin can't edit anything.
-- Endi S. Dewata _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel