Hello,
These add read permissions to read user groups and hostgroups.
For most attributes, anonymous read access is given.
For member, memberOf, memberUID, read access is given only to
authenticated users.
--
PetrĀ³
From af2054d54dbb9818255b87e2b78ecc37b87e469a Mon Sep 17 00:00:00 2001
From: Petr Viktorin <[email protected]>
Date: Wed, 26 Mar 2014 15:17:34 +0100
Subject: [PATCH] Add managed read permissions to group
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
ipalib/plugins/group.py | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/ipalib/plugins/group.py b/ipalib/plugins/group.py
index 318f0746a2f66f68db2b22e17b0d1689ad9ce3bc..644954d94a50e7a1222cc0cfc9b5de1eac47238a 100644
--- a/ipalib/plugins/group.py
+++ b/ipalib/plugins/group.py
@@ -137,6 +137,26 @@ class group(LDAPObject):
'sudorule'],
}
rdn_is_primary_key = True
+ managed_permissions = {
+ 'System: Read Groups': {
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'anonymous',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'businesscategory', 'cn', 'description', 'gidnumber',
+ 'ipaexternalmember', 'ipauniqueid', 'mepmanagedby', 'o',
+ 'objectclass', 'ou', 'owner', 'seealso',
+ },
+ },
+ 'System: Read Group Membership': {
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'all',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'member', 'memberof', 'memberuid',
+ },
+ },
+ }
label = _('User Groups')
label_singular = _('User Group')
--
1.9.0
From fb03d37b87e2177e0f7487991a7dcfdd3ecd624b Mon Sep 17 00:00:00 2001
From: Petr Viktorin <[email protected]>
Date: Wed, 26 Mar 2014 16:21:26 +0100
Subject: [PATCH] Add managed read permission to hostgroup
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
ipalib/plugins/hostgroup.py | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py
index a3dd3a4a9bad24fe966abc7294a3c8aebd6fadf7..2addf20640bda967b0d3a0f0a56f7f8012b7da60 100644
--- a/ipalib/plugins/hostgroup.py
+++ b/ipalib/plugins/hostgroup.py
@@ -72,6 +72,25 @@ class hostgroup(LDAPObject):
'memberindirect': ['host', 'hostgroup'],
'memberofindirect': ['hostgroup', 'hbacrule', 'sudorule'],
}
+ managed_permissions = {
+ 'System: Read Hostgroups': {
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'anonymous',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'businesscategory', 'cn', 'description', 'ipauniqueid', 'o',
+ 'objectclass', 'ou', 'owner', 'seealso',
+ },
+ },
+ 'System: Read Hostgroup Membership': {
+ 'replaces_global_anonymous_aci': True,
+ 'ipapermbindruletype': 'all',
+ 'ipapermright': {'read', 'search', 'compare'},
+ 'ipapermdefaultattr': {
+ 'member', 'memberof',
+ },
+ },
+ }
label = _('Host Groups')
label_singular = _('Host Group')
--
1.9.0
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
