On 02/26/2016 01:30 PM, Martin Kosek wrote:
> Greetings, welcome!
> 
> On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote:
> ...
>> Btw, is there some better place to share patches than a pasting tool?
>> Maybe some form of pull request?
> 
> There is :-) Please see advise here:
> 
> http://www.freeipa.org/page/Contribute/Code#Submit_a_patch
> 
> It has more information on top of submitting patches. For example, I think it
> would actually make sense to start with a design page where you would describe
> the use cases, design, APIs, etc:
> 
> http://www.freeipa.org/page/Contribute/Code#Prepare
> 
> Martin
> 

Should I send it as an attachment? Ok, sending, but do not apply it yet
(even if you don't find bugs), I just need some feedback - not
everything is done yet.


-- 
Lukas Hellebrandt
Associate Quality Engineer
lhell...@redhat.com
From 001d6c90c6fd007a49a22a9d96fe31fcc5b8ba6c Mon Sep 17 00:00:00 2001
From: Lukas Hellebrandt <lhell...@redhat.com>
Date: Thu, 18 Feb 2016 18:43:59 +0100
Subject: [PATCH] Adding URL to HBAC rule

---
 ACI.txt                            |  2 +-
 API.txt                            |  9 ++++++---
 VERSION                            |  4 ++--
 install/share/60basev2.ldif        |  3 ++-
 install/ui/src/freeipa/hbac.js     | 14 ++++++++++++--
 install/ui/test/data/ipa_init.json |  3 ++-
 ipalib/plugins/hbacrule.py         |  7 +++++--
 ipalib/plugins/internal.py         |  1 +
 8 files changed, 31 insertions(+), 12 deletions(-)

diff --git a/ACI.txt b/ACI.txt
index 24cb332ce6e10c82a5bfab76d084fb6c0277800d..ecacc1ca50b6203d90879dcca35fdad16f7fc15b 100644
--- a/ACI.txt
+++ b/ACI.txt
@@ -93,7 +93,7 @@ aci: (targetattr = "externalhost || memberhost || memberservice || memberuser")(
 dn: cn=hbac,dc=ipa,dc=example
 aci: (targetattr = "accessruletype || accesstime || cn || description || hostcategory || ipaenabledflag || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Modify HBAC Rule";allow (write) groupdn = "ldap:///cn=System: Modify HBAC Rule,cn=permissions,cn=pbac,dc=ipa,dc=example";)
 dn: cn=hbac,dc=ipa,dc=example
-aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";;)
+aci: (targetattr = "accessruletype || accesstime || cn || createtimestamp || description || entryusn || externalhost || hostcategory || ipaenabledflag || ipauniqueid || member || memberhost || memberservice || memberuser || modifytimestamp || objectclass || servicecategory || sourcehost || sourcehostcategory || url || usercategory")(targetfilter = "(objectclass=ipahbacrule)")(version 3.0;acl "permission:System: Read HBAC Rules";allow (compare,read,search) userdn = "ldap:///all";;)
 dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
 aci: (targetfilter = "(objectclass=ipahbacservice)")(version 3.0;acl "permission:System: Add HBAC Services";allow (add) groupdn = "ldap:///cn=System: Add HBAC Services,cn=permissions,cn=pbac,dc=ipa,dc=example";)
 dn: cn=hbacservices,cn=hbac,dc=ipa,dc=example
diff --git a/API.txt b/API.txt
index e2976e0e2897355bdb7ead438d4b67524f2fb1e8..5886e6a94bd8f25caa54c373e9ac9314e0755aff 100644
--- a/API.txt
+++ b/API.txt
@@ -1656,7 +1656,7 @@ output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDA
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: hbacrule_add
-args: 1,16,3
+args: 1,17,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
 option: StrEnum('accessruletype', attribute=True, autofill=True, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=True, values=(u'allow', u'deny'))
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1672,6 +1672,7 @@ option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: DeprecatedParam('sourcehost_host', attribute=True, cli_name='sourcehost_host', multivalue=False, required=False)
 option: DeprecatedParam('sourcehost_hostgroup', attribute=True, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
 option: DeprecatedParam('sourcehostcategory', attribute=True, cli_name='sourcehostcategory', multivalue=False, required=False)
+option: Str('url', attribute=True, cli_name='url', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
@@ -1748,7 +1749,7 @@ output: Output('result', <type 'bool'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: PrimaryKey('value', None, None)
 command: hbacrule_find
-args: 1,18,4
+args: 1,19,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, query=True, required=False, values=(u'allow', u'deny'))
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
@@ -1766,6 +1767,7 @@ option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_n
 option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, query=True, required=False)
 option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
+option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, query=True, required=False)
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',))
 option: Str('version?', exclude='webui')
 output: Output('count', <type 'int'>, None)
@@ -1773,7 +1775,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: hbacrule_mod
-args: 1,18,3
+args: 1,19,3
 arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
 option: StrEnum('accessruletype', attribute=True, autofill=False, cli_name='type', default=u'allow', exclude='webui', multivalue=False, required=False, values=(u'allow', u'deny'))
 option: Str('addattr*', cli_name='addattr', exclude='webui')
@@ -1791,6 +1793,7 @@ option: Str('setattr*', cli_name='setattr', exclude='webui')
 option: DeprecatedParam('sourcehost_host', attribute=True, autofill=False, cli_name='sourcehost_host', multivalue=False, required=False)
 option: DeprecatedParam('sourcehost_hostgroup', attribute=True, autofill=False, cli_name='sourcehost_hostgroup', multivalue=False, required=False)
 option: DeprecatedParam('sourcehostcategory', attribute=True, autofill=False, cli_name='sourcehostcategory', multivalue=False, required=False)
+option: Str('url', attribute=True, autofill=False, cli_name='url', multivalue=False, required=False)
 option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',))
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
diff --git a/VERSION b/VERSION
index 7053bea9dba13476a2138bfb0e9acc2165735ede..ccb4516f2635a1e91c31729c7ffe301f93e6ea63 100644
--- a/VERSION
+++ b/VERSION
@@ -90,5 +90,5 @@ IPA_DATA_VERSION=20100614120000
 #                                                      #
 ########################################################
 IPA_API_VERSION_MAJOR=2
-IPA_API_VERSION_MINOR=163
-# Last change: jcholast - replica install: add remote connection check over API
+IPA_API_VERSION_MINOR=164
+# Last change: lhellebr - add URL to HBAC rule
diff --git a/install/share/60basev2.ldif b/install/share/60basev2.ldif
index 00712ddda2c548b7f7924a012f3f68499f2f01da..4205958db20be2e9bc27198814000d60cb7caa21 100644
--- a/install/share/60basev2.ldif
+++ b/install/share/60basev2.ldif
@@ -37,7 +37,8 @@ attributeTypes: (2.16.840.1.113730.3.8.3.11 NAME 'externalHost' DESC 'Multivalue
 attributeTypes: (2.16.840.1.113730.3.8.3.12 NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
 attributeTypes: (2.16.840.1.113730.3.8.3.13 NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
 attributeTypes: (2.16.840.1.113730.3.8.3.14 NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
-objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' )
+attributeTypes: (2.16.840.1.113730.3.8.3.21 NAME 'url' DESC 'Url of the source' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2')
+objectClasses: (2.16.840.1.113730.3.8.4.7 NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime $ url ) X-ORIGIN 'IPA v2' )
 attributeTypes: (2.16.840.1.113730.3.8.3.15 NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
 objectClasses: (2.16.840.1.113730.3.8.4.8 NAME 'ipaNISNetgroup' DESC 'IPA version of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' )
 attributeTypes: (1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
diff --git a/install/ui/src/freeipa/hbac.js b/install/ui/src/freeipa/hbac.js
index 6161942b93fce654830330fdbdf6853ce9e428ff..539849d681f03a4e89b94d817c4a40a16fc62bc3 100644
--- a/install/ui/src/freeipa/hbac.js
+++ b/install/ui/src/freeipa/hbac.js
@@ -52,7 +52,8 @@ var spec =  {
                     label: '@i18n:status.label',
                     formatter: 'boolean_status'
                 },
-                'description'
+                'description',
+		'url'
             ],
             actions: [
                 'batch_disable',
@@ -244,6 +245,11 @@ var add_hbacrule_details_facet_widgets = function (spec) {
             $type: 'textarea',
             name: 'description',
             widget: 'general.description'
+        },
+        {
+            $type: 'textarea',
+            name: 'url',
+            widget: 'general.url'
         }
     ];
 
@@ -259,6 +265,10 @@ var add_hbacrule_details_facet_widgets = function (spec) {
                 {
                     $type: 'textarea',
                     name: 'description'
+                },
+                {
+                    $type: 'textarea',
+                    name: 'url'
                 }
             ]
         }
@@ -503,4 +513,4 @@ exp.register = function() {
 phases.on('registration', exp.register);
 
 return exp;
-});
\ No newline at end of file
+});
diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 852b953736da0ccb8a7803259e2bd5d4c4108ab9..ad12f771f605fed235982dbcef055a2ae0b68c47 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -353,7 +353,8 @@
                             "specified_hosts": "Specified Hosts and Groups",
                             "specified_services": "Specified Services and Groups",
                             "specified_users": "Specified Users and Groups",
-                            "user": "Who"
+                            "user": "Who",
+                            "url": "URL"
                         },
                         "hbacsvc": {},
                         "hbacsvcgroup": {
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py
index 54487eded21637bcd9d78179ad51c4abdedfc561..6569aa8ecc45d1513cce786fa5000c94a88f6b49 100644
--- a/ipalib/plugins/hbacrule.py
+++ b/ipalib/plugins/hbacrule.py
@@ -137,7 +137,7 @@ class hbacrule(LDAPObject):
         'description', 'usercategory', 'hostcategory',
         'servicecategory', 'ipaenabledflag',
         'memberuser', 'sourcehost', 'memberhost', 'memberservice',
-        'externalhost',
+        'externalhost','url',
     ]
     uuid_attribute = 'ipauniqueid'
     rdn_attribute = 'ipauniqueid'
@@ -157,7 +157,7 @@ class hbacrule(LDAPObject):
                 'externalhost', 'hostcategory', 'ipaenabledflag',
                 'ipauniqueid', 'memberhost', 'memberservice', 'memberuser',
                 'servicecategory', 'sourcehost', 'sourcehostcategory',
-                'usercategory', 'objectclass', 'member',
+                'usercategory', 'objectclass', 'member', 'url',
             },
         },
         'System: Add HBAC Rule': {
@@ -275,6 +275,9 @@ class hbacrule(LDAPObject):
             label=_('Service Groups'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
+	Str('url?',
+		label=_('URL'),
+	),
         external_host_param,
     )
 
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 7156d4f47004dd702d3896ca736cc1f42227a321..99b55b60517d55e09e545dac9541d8d00f79bef8 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -498,6 +498,7 @@ class i18n_messages(Command):
                 "specified_services": _("Specified Services and Groups"),
                 "specified_users": _("Specified Users and Groups"),
                 "user": _("Who"),
+                "url": _("URL"),
             },
             "hbacsvc": {
             },
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to