On Mon, 2011-01-31 at 22:18 -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > There are some permissions we can't display because they are stored
> > outside of the basedn (such as the replication permissions). We are
> > adding a new attribute to store extra information to make this clear, in
> > this case READONLY.
> >
> > ticket 853
> >
> > rob
> I goofed on the schema, updated patch attached.
> rob

NACK (but a small one)

The patch is fine, I have found only 2 minor issues and a question:

1) Permission tests got broken. You may want to apply my "[PATCH] 021
Permission rename test failing" before fixing that - so that Permission
test suite is clean.

2) In delegation.ldif: ipapermission object class is missing for
removeentitlements and modifyentitlements (it has been added for
addentitlements though)

In this patch you add READONLY flag to Replica permissions. However it
is not actually used and stays as just an informative flag. It won't
prevent user from modifying/removing READONLY permissions.

I guess enhancing permission-mod and permission-del of READONLY check
will be a subject of another ticket?


Freeipa-devel mailing list

Reply via email to