Re: [Freeipa-devel] [PATCH] 0514 Add mechanism for adding default permissions to privileges

[Martin Kosek]

On 04/10/2014 01:44 PM, Petr Viktorin wrote:
> Hello,
> This allows adding default permissions to privileges.
> The privileges need to be created before the managed permission updater runs
> (e.g. via the file-based updater).
> 
> My updated patch 0513 will use this.
> 

ACK. Works fine.

Pushed to master: 41607774bc6146f83496bd469d59595261e314a7

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 0514 Add mechanism for adding default permissions to privileges

[Petr Viktorin]

Hello,
This allows adding default permissions to privileges.
The privileges need to be created before the managed permission updater 
runs (e.g. via the file-based updater).


My updated patch 0513 will use this.

--
Petr³
From 2cea76be8acaddf9fa7af6c5212dc2b1d0c6d100 Mon Sep 17 00:00:00 2001
From: Petr Viktorin 
Date: Thu, 10 Apr 2014 12:24:41 +0200
Subject: [PATCH] Add mechanism for adding default permissions to privileges

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
 ipaserver/install/plugins/update_managed_permissions.py | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py
index d938eecf175867f3a6a61a68d5f384bf9e79c055..efd87d0d197e463dc07efc8ae7fb9a88c87642a6 100644
--- a/ipaserver/install/plugins/update_managed_permissions.py
+++ b/ipaserver/install/plugins/update_managed_permissions.py
@@ -51,6 +51,9 @@
 * ipapermdefaultattr
   - Used as attribute of the permission.
   - When upgrading, only new values are added; all old values are kept.
+* default_privileges
+  - Names of privileges to add the permission to
+  - Only applied on newly created permissions
 * replaces_global_anonymous_aci
   - If true, any attributes specified (denied) in the legacy global anonymous
 read ACI will be added to excluded_attributes of the new permission.
@@ -200,6 +203,14 @@ def update_entry(self, obj, entry, template,
 
 entry['ipapermright'] = list(template.pop('ipapermright'))
 
+default_privileges = template.pop('default_privileges', None)
+if is_new and default_privileges:
+entry['member'] = list(
+DN(('cn', privilege_name),
+   self.api.env.container_privilege,
+   self.api.env.basedn)
+for privilege_name in default_privileges)
+
 # Add to the set of default attributes
 attributes = set(template.pop('ipapermdefaultattr', ()))
 attributes.update(entry.get('ipapermdefaultattr', ()))
-- 
1.9.0

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel