Endi Sukma Dewata wrote:
On 1/4/2012 3:47 PM, Rob Crittenden wrote:
I guess I'm just not convinced this additional complexity would buy us
anything.

Updated patch attached that fixes the memberof display and updates the
tests trivially.

OK, the mod output is fixed. Since the exclusivity rules aren't changed,
the following combinations are currently possible via CLI:

1. filter
2a. type
2b. type + memberof
3a. subtree
3b. subtree + memberof
4a. targetgroup
4b. targetgroup + memberof

As discussed previously it doesn't really make sense to use memberof
with targetgroup, so should we fix the rules to avoid combination #4b?
If #4b is acceptable then this patch is ACKed as is.

Here's the UI modification that Petr has created in patch #66 (click Add):

http://edewata.fedorapeople.org/freeipa/install/ui/#rolebased=permission&ipaserver=rolebased&navigation=ipaserver


To reflect the correct possible combinations, we probably should move
the 'Member of group' field somewhere below the 'Target' drop-down list
and show it only when 'Type' or 'Subtree' is selected. If we keep option
#4b then we should also show it when the 'Target group' is selected.


I opened ticket 2222 to disallow memberof and targetgroup.

Pushed to master.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to