On 8/22/2014 11:29 AM, Petr Vobornik wrote:
Ticket: https://fedorahosted.org/freeipa/ticket/4507

Support for delegating RBAC roles to service principals added new
attribute members. [1][2] Most of Web UI was automatically extended but
the defaults chose wrong associator for service's memberof_role facet

traditionally it would be solved by

        {
             $type: 'association',
             name: 'memberof_role',
             associator: IPA.serial_associator
         }

This patch tries to make the auto-magic functionality little bit less
stupid to eliminate a need for ^^ patches. It's far from perfect -
doesn't support things like:

        {
             $type: 'association',
             name: 'memberof_sudorule',
             associator: IPA.serial_associator,
             add_method: 'add_user',
             remove_method: 'remove_user'
         }

[1]
https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=8fabd6dde152fc394bd4f093d93c8a46e5b2851b

[2] https://fedorahosted.org/freeipa/ticket/3164

ACK.

--
Endi S. Dewata

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to