Read access is given to all authenticated users.
--
PetrĀ³
From 1234bfbc321444365cdf7e7b263cf46e1eb25624 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 16:29:16 +0100
Subject: [PATCH] Add managed read permission to idrange
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
ipalib/plugins/idrange.py | 13 +
1 file changed, 13 insertions(+)
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 91d8525dbc0c5a294e3d2782c58ef14af2d5a972..5cc2786ce2debb5646cb06e0ba996d0840fa06fd 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -161,10 +161,23 @@ class idrange(LDAPObject):
object_name = ('range')
object_name_plural = ('ranges')
object_class = ['ipaIDrange']
+permission_filter_objectclasses = ['ipaidrange']
possible_objectclasses = ['ipadomainidrange', 'ipatrustedaddomainrange']
default_attributes = ['cn', 'ipabaseid', 'ipaidrangesize', 'ipabaserid',
'ipasecondarybaserid', 'ipanttrusteddomainsid',
'iparangetype']
+managed_permissions = {
+'System: Read ID Ranges': {
+'replaces_global_anonymous_aci': True,
+'ipapermbindruletype': 'all',
+'ipapermright': {'read', 'search', 'compare'},
+'ipapermdefaultattr': {
+'cn', 'objectclass',
+'ipabaseid', 'ipaidrangesize', 'iparangetype',
+'ipabaserid', 'ipasecondarybaserid', 'ipanttrusteddomainsid',
+},
+},
+}
label = _('ID Ranges')
label_singular = _('ID Range')
--
1.9.0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel