On 11/03/2010 08:32 AM, Endi Sukma Dewata wrote:
On 11/1/2010 9:28 AM, Adam Young wrote:
Check effective rights. If the right is not explicitly allowed, show the
field as read only.

It seems to be working, but I think it has to wait until the
attributelevelrights is returned in the JSON response because without
it the UI would become unusable because all fields would be disabled.

That is part of the patch. attributelevelrights has been added as a flag
to the JSON request. The change to baseldap.py will only apply on to of
the change made to return the rights.

I suspect that what you are seeing is that there is some holes in the
coverage of the attribute level rights, and I made the decision to
default to "don't allow changes". Thus, this code needs to go in before
we can identify places where the rights are not being properly reported,
otherwise, we just won't know.

Still NACK. I have tested this again. It looks like the UI does not send the --rights parameter which is required to get the attributelevelrights. With this patch even the admin can't edit anything.

Ah...that was because I did it as two commits, and only made a patch out of one.

Here is the missing part:
[ayo...@ayoung freeipa]$ git show HEAD~1
commit d3b146090cbf74f1fe0978fcae23e0632be01a77
Author: adam <ayo...@ipa.ayoung.boston.devel.redhat.com>
Date:   Fri Oct 29 14:09:15 2010 -0400

    add rights to show call

diff --git a/install/static/details.js b/install/static/details.js
index e4cbec7..4bc1791 100644
--- a/install/static/details.js
+++ b/install/static/details.js
@@ -344,7 +344,7 @@ function ipa_details_load(container, pkey, on_win, on_fail)
         params = [];
-        'show', params, {all: true}, load_on_win, load_on_fail, obj_name
+ 'show', params, {all: true, rights: 1 }, load_on_win, load_on_fail, ob
 function ipa_details_update(container, pkey, on_win, on_fail)

Freeipa-devel mailing list

Reply via email to