[Freeipa-devel] [PATCH] 0527 Add managed read permission to idrange

[Petr Viktorin]

Read access is given to all authenticated users.

--
Petr³
From 1234bfbc321444365cdf7e7b263cf46e1eb25624 Mon Sep 17 00:00:00 2001
From: Petr Viktorin pvikt...@redhat.com
Date: Wed, 26 Mar 2014 16:29:16 +0100
Subject: [PATCH] Add managed read permission to idrange

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
 ipalib/plugins/idrange.py | 13 +
 1 file changed, 13 insertions(+)

diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py
index 91d8525dbc0c5a294e3d2782c58ef14af2d5a972..5cc2786ce2debb5646cb06e0ba996d0840fa06fd 100644
--- a/ipalib/plugins/idrange.py
+++ b/ipalib/plugins/idrange.py
@@ -161,10 +161,23 @@ class idrange(LDAPObject):
 object_name = ('range')
 object_name_plural = ('ranges')
 object_class = ['ipaIDrange']
+permission_filter_objectclasses = ['ipaidrange']
 possible_objectclasses = ['ipadomainidrange', 'ipatrustedaddomainrange']
 default_attributes = ['cn', 'ipabaseid', 'ipaidrangesize', 'ipabaserid',
   'ipasecondarybaserid', 'ipanttrusteddomainsid',
   'iparangetype']
+managed_permissions = {
+'System: Read ID Ranges': {
+'replaces_global_anonymous_aci': True,
+'ipapermbindruletype': 'all',
+'ipapermright': {'read', 'search', 'compare'},
+'ipapermdefaultattr': {
+'cn', 'objectclass',
+'ipabaseid', 'ipaidrangesize', 'iparangetype',
+'ipabaserid', 'ipasecondarybaserid', 'ipanttrusteddomainsid',
+},
+},
+}
 
 label = _('ID Ranges')
 label_singular = _('ID Range')
-- 
1.9.0

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0527 Add managed read permission to idrange

[Martin Kosek]

On 04/16/2014 01:02 PM, Petr Viktorin wrote:
 Read access is given to all authenticated users.

Works fine, no problem found - ACK.

Pushed to master: bb4e47d9ea249d7f3ead460284dd67312cc82bd5

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel