Found a couple of issues with Undo:
1. Using the scenario described in the ticket, if I undo the Type back
to User Group the Attributes aren't updated, it still shows the Service
attributes.
2. After that, if I undo the Attributes it will show the originally
selected attribute (description) but the attribute will appear at the
end of Service attributes (not User Group attributes) and the attributes
are not sorted.
I also have some comments below.
On 8/22/2012 7:17 AM, Petr Vobornik wrote:
Problem:
When a permission is edited, and Type switched, the attributes
selected for previous Type are still selected, and update fails, if they
are invalid for the new Type. But it should get deselected or not even
listed if Type changes.
Fix:
When Type is changed, attribute list is refreshed and still applicable
attributes are chosen. If Type is reverted back, previously chosen
attributes are back as chosen.
If attributes are extended outside Web UI by not listed attr, this
attr is listed at the list end.
To my understanding the list of ACI attributes are obtained from the
LDAP schema, so if a new attribute is added to the object class the UI
will know about it and show it in the attribute list. However, if the
attribute is added using the extensibleObject the UI may not know about
it because there's no schema change, is this what you meant? In that
case the UI won't show a checkbox for the attribute, so we'd probably
have to use the Filter or Subtree permission target that accepts
arbitrary attributes.
Ideally the server should support a generic LDAP ACI target which would
accept any combination of LDAP filter, subtree, and attributes, but that
probably depends on the actual needs.
Note:
If user makes change in attribute list before type change, this change
is forgotten.
https://fedorahosted.org/freeipa/ticket/2617
--
Endi S. Dewata
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
