[Freeipa-devel] [PATCH] 48 Document the --rights output format
https://fedorahosted.org/freeipa/ticket/563
https://fedorahosted.org/freeipa/ticket/588
Jan
From 5d23b3fad0dd8bc9633e5a69d069d9346f52 Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Thu, 17 Feb 2011 03:55:14 -0500
Subject: [PATCH] Document the --rights output format
https://fedorahosted.org/freeipa/ticket/563
https://fedorahosted.org/freeipa/ticket/588
---
ipa.1 | 15 ++-
ipalib/plugins/baseldap.py |6 +++---
2 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/ipa.1 b/ipa.1
index eb8fe8cd085f8ab7c76fbee6a8357965e279d5e6..a322d246f1f74d2bd31796663c1dea1e1d895880 100644
--- a/ipa.1
+++ b/ipa.1
@@ -106,13 +106,26 @@ The above types of commands take the objects primary key as their only positiona
For some types of objects, these commands might need to take more than one primary key. This applies to IPA objects organized in hierarchies where the parent object needs to be identified first. Parent primary keys are always aligned to the left (higher in the hierarchy = more to the left). For example the automount IPA plugin enables users to manage automount maps per location, as a result all automount commands take an automountlocation primary key as their first positional argument.
-All commands that display objects have two special options for controlling output:
+All commands that display objects have three special options for controlling output:
.TP
\fB\-\-all\fR
Dispaly all attributes. Without this option only the most relevant attributes are displayed.
.TP
\fB\-\-raw\fR
Display objects as they are stored in the backing store. Disables formatting and attribute labels.
+.TP
+\fB\-\-rights\fR
+Display effective rights on all attributes of the entry. You also have to specify \fB\-\-all\fR for this to work. User rights are returned as Python dictionary where index is the name of an attribute and value is a string composed of following letters:
+
+.ad l
+r - read\p
+s - search\p
+w - write\p
+o - obliterate (delete)\p
+c - compare\p
+W - self-write\p
+O - self-obliterate
+
.SH EXAMPLES
.TP
\fBipa help commands\fR
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index f403990ff86f33140b2a91405f8f0cde2d079644..43183c264884b4db2b9f2f50733d0fe1182082d9 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -180,7 +180,7 @@ def get_effective_rights(ldap, dn, attrs=None):
rights = rights[0].split(', ')
for r in rights:
(k,v) = r.split(':')
-rdict[k.strip().lower()] = v
+rdict[k.strip().lower()] = str(v)
return rdict
@@ -666,7 +666,7 @@ class LDAPRetrieve(LDAPQuery):
takes_options = (
Flag('rights',
label=_('Rights'),
-doc=_('Display the access rights to modify this entry (requires --all)'),
+doc=_('Display the access rights of this entry (requires --all). See ipa man page for details.'),
),
)
@@ -732,7 +732,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
takes_options = _attr_options + (
Flag('rights',
label=_('Rights'),
-doc=_('Display the access rights to modify this entry (requires --all)'),
+doc=_('Display the access rights of this entry (requires --all). See ipa man page for details.'),
),
)
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 48 Document the --rights output format
Jan Zelený wrote: https://fedorahosted.org/freeipa/ticket/563 https://fedorahosted.org/freeipa/ticket/588 Jan This is a good start, I think we need to include some guidance on why this exists and why it exists where it does. It exists so a user interface can know in advance what the current user's rights are for a given entry so that the user experience is better (currently used by the Web UI to disable attributes that are not writable). It appears in the add and mod commands to avoid having to do a show after an entry is added or updated. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 48 Document the --rights output format
Rob Crittenden rcrit...@redhat.com wrote:
Jan Zelený wrote:
https://fedorahosted.org/freeipa/ticket/563
https://fedorahosted.org/freeipa/ticket/588
Jan
This is a good start, I think we need to include some guidance on why
this exists and why it exists where it does.
It exists so a user interface can know in advance what the current
user's rights are for a given entry so that the user experience is
better (currently used by the Web UI to disable attributes that are not
writable).
It appears in the add and mod commands to avoid having to do a show
after an entry is added or updated.
rob
I updated the patch with a note that it is primarily used for internal
purposes of CLI and WebUI, I think this should be sufficient description.
I also deleted the line converting unicode strings to str because it broke
JSON-RPC communication.
Jan
From ac16208ca8cc25b02b9d17f40b4124d4c084c566 Mon Sep 17 00:00:00 2001
From: Jan Zeleny jzel...@redhat.com
Date: Thu, 17 Feb 2011 03:55:14 -0500
Subject: [PATCH] Document the --rights output format
https://fedorahosted.org/freeipa/ticket/563
https://fedorahosted.org/freeipa/ticket/588
---
ipa.1 | 15 ++-
ipalib/plugins/baseldap.py |4 ++--
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/ipa.1 b/ipa.1
index eb8fe8cd085f8ab7c76fbee6a8357965e279d5e6..e346853877317b19a4904fbbde6baa90aefd028c 100644
--- a/ipa.1
+++ b/ipa.1
@@ -106,13 +106,26 @@ The above types of commands take the objects primary key as their only positiona
For some types of objects, these commands might need to take more than one primary key. This applies to IPA objects organized in hierarchies where the parent object needs to be identified first. Parent primary keys are always aligned to the left (higher in the hierarchy = more to the left). For example the automount IPA plugin enables users to manage automount maps per location, as a result all automount commands take an automountlocation primary key as their first positional argument.
-All commands that display objects have two special options for controlling output:
+All commands that display objects have three special options for controlling output:
.TP
\fB\-\-all\fR
Dispaly all attributes. Without this option only the most relevant attributes are displayed.
.TP
\fB\-\-raw\fR
Display objects as they are stored in the backing store. Disables formatting and attribute labels.
+.TP
+\fB\-\-rights\fR
+Display effective rights on all attributes of the entry. You also have to specify \fB\-\-all\fR for this to work. User rights are returned as Python dictionary where index is the name of an attribute and value is a unicode string composed (hence the u'' format) of letters specified below. Note that user rights are primarily used for internal purposes of CLI and WebUI.
+
+.ad l
+r - read\p
+s - search\p
+w - write\p
+o - obliterate (delete)\p
+c - compare\p
+W - self-write\p
+O - self-obliterate
+
.SH EXAMPLES
.TP
\fBipa help commands\fR
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index f403990ff86f33140b2a91405f8f0cde2d079644..2d25219daa2e4a464d650705665aaa6ff33f1a16 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -666,7 +666,7 @@ class LDAPRetrieve(LDAPQuery):
takes_options = (
Flag('rights',
label=_('Rights'),
-doc=_('Display the access rights to modify this entry (requires --all)'),
+doc=_('Display the access rights of this entry (requires --all). See ipa man page for details.'),
),
)
@@ -732,7 +732,7 @@ class LDAPUpdate(LDAPQuery, crud.Update):
takes_options = _attr_options + (
Flag('rights',
label=_('Rights'),
-doc=_('Display the access rights to modify this entry (requires --all)'),
+doc=_('Display the access rights of this entry (requires --all). See ipa man page for details.'),
),
)
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 48 Document the --rights output format
Jan Zelený wrote: Rob Crittendenrcrit...@redhat.com wrote: Jan Zelený wrote: https://fedorahosted.org/freeipa/ticket/563 https://fedorahosted.org/freeipa/ticket/588 Jan This is a good start, I think we need to include some guidance on why this exists and why it exists where it does. It exists so a user interface can know in advance what the current user's rights are for a given entry so that the user experience is better (currently used by the Web UI to disable attributes that are not writable). It appears in the add and mod commands to avoid having to do a show after an entry is added or updated. rob I updated the patch with a note that it is primarily used for internal purposes of CLI and WebUI, I think this should be sufficient description. I also deleted the line converting unicode strings to str because it broke JSON-RPC communication. Jan ack, pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
