diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 16:21:26 +0100 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-04-09 17:14:29 +0200 |
| commit | 13f3ba5eb009a4af3bdb60a54e058fb5f62545dd (patch) | |
| tree | 8b73167d3d47a3825fd363f5cc74b3eea8fe3a6b | |
| parent | 49e45f28a2b4a3b2c02bff32c24d9ffb8ef7dfc0 (diff) | |
| download | freeipa-13f3ba5eb009a4af3bdb60a54e058fb5f62545dd.tar.gz freeipa-13f3ba5eb009a4af3bdb60a54e058fb5f62545dd.tar.xz freeipa-13f3ba5eb009a4af3bdb60a54e058fb5f62545dd.zip | |
Add managed read permission to hostgroup
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
| -rw-r--r-- | ipalib/plugins/hostgroup.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py index a3dd3a4a9..9c125131d 100644 --- a/ipalib/plugins/hostgroup.py +++ b/ipalib/plugins/hostgroup.py @@ -72,6 +72,25 @@ class hostgroup(LDAPObject): 'memberindirect': ['host', 'hostgroup'], 'memberofindirect': ['hostgroup', 'hbacrule', 'sudorule'], } + managed_permissions = { + 'System: Read Hostgroups': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'businesscategory', 'cn', 'description', 'ipauniqueid', 'o', + 'objectclass', 'ou', 'owner', 'seealso', + }, + }, + 'System: Read Hostgroup Membership': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'member', 'memberof', + }, + }, + } label = _('Host Groups') label_singular = _('Host Group') |