Read access is given to all authenticated users.

--
PetrĀ³
From 713b37bb023d7d895355a0cd8f8a4bb707d69d0f Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Wed, 26 Mar 2014 17:52:28 +0100
Subject: [PATCH] Add managed read permission for SELinux user map

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
 ipalib/plugins/selinuxusermap.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ipalib/plugins/selinuxusermap.py b/ipalib/plugins/selinuxusermap.py
index 3f26b16d0360d171525005f3ffa2b00bbe90635c..04a37bd0db5d6b9fa67fdb4fdf9ed4dc58be4626 100644
--- a/ipalib/plugins/selinuxusermap.py
+++ b/ipalib/plugins/selinuxusermap.py
@@ -134,6 +134,7 @@ class selinuxusermap(LDAPObject):
     object_name = _('SELinux User Map rule')
     object_name_plural = _('SELinux User Map rules')
     object_class = ['ipaassociation', 'ipaselinuxusermap']
+    permission_filter_objectclasses = ['ipaselinuxusermap']
     default_attributes = [
         'cn', 'ipaenabledflag',
         'description', 'usercategory', 'hostcategory',
@@ -146,6 +147,19 @@ class selinuxusermap(LDAPObject):
         'memberuser': ['user', 'group'],
         'memberhost': ['host', 'hostgroup'],
     }
+    managed_permissions = {
+        'System: Read SELinux User Maps': {
+            'replaces_global_anonymous_aci': True,
+            'ipapermbindruletype': 'all',
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'accesstime', 'cn', 'description', 'hostcategory',
+                'ipaenabledflag', 'ipaselinuxuser', 'ipauniqueid',
+                'memberhost', 'memberuser', 'seealso', 'usercategory',
+                'objectclass',
+            },
+        },
+    }
 
     # These maps will not show as members of other entries
 
-- 
1.9.0

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to