On 11/1/2010 9:28 AM, Adam Young wrote:
Check effective rights. If the right is not explicitly allowed, show the
field as read only.

It seems to be working, but I think it has to wait until the
attributelevelrights is returned in the JSON response because without
it the UI would become unusable because all fields would be disabled.

That is part of the patch. attributelevelrights has been added as a flag
to the JSON request. The change to baseldap.py will only apply on to of
the change made to return the rights.

I suspect that what you are seeing is that there is some holes in the
coverage of the attribute level rights, and I made the decision to
default to "don't allow changes". Thus, this code needs to go in before
we can identify places where the rights are not being properly reported,
otherwise, we just won't know.

Still NACK. I have tested this again. It looks like the UI does not send the --rights parameter which is required to get the attributelevelrights. With this patch even the admin can't edit anything.

Endi S. Dewata

Freeipa-devel mailing list

Reply via email to