diff options
| author | Tomas Babej <tbabej@redhat.com> | 2014-07-31 13:13:29 +0200 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2014-09-17 14:41:50 +0200 |
| commit | 9793e44380f8fcdefa1a33fad5fad30ac9a9ac3f (patch) | |
| tree | 9c38bd867dbdc6c4fbe14132aea2f0815c254c15 /ipalib/plugins/idviews.py | |
| parent | f6ada7bab3e4773d8c3fdccd72116c163be98300 (diff) | |
| download | freeipa-9793e44380f8fcdefa1a33fad5fad30ac9a9ac3f.tar.gz freeipa-9793e44380f8fcdefa1a33fad5fad30ac9a9ac3f.tar.xz freeipa-9793e44380f8fcdefa1a33fad5fad30ac9a9ac3f.zip | |
idvies: Add managed permissions for idview and idoverride objects
Part of: https://fedorahosted.org/freeipa/ticket/3979
Diffstat (limited to 'ipalib/plugins/idviews.py')
| -rw-r--r-- | ipalib/plugins/idviews.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/ipalib/plugins/idviews.py b/ipalib/plugins/idviews.py index b4909de91..e7a26dea2 100644 --- a/ipalib/plugins/idviews.py +++ b/ipalib/plugins/idviews.py @@ -64,6 +64,17 @@ class idview(LDAPObject): ), ) + permission_filter_objectclasses = ['nsContainer'] + managed_permissions = { + 'System: Read ID Views': { + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'description', 'objectClass', + }, + }, + } + @register() class idview_add(LDAPCreate): @@ -160,6 +171,18 @@ class idoverride(LDAPObject): ), ) + permission_filter_objectclasses = ['ipaOverrideAnchor'] + managed_permissions = { + 'System: Read ID Overrides': { + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'objectClass', 'ipaAnchorUUID', 'uidNumber', 'gidNumber', + 'description', 'homeDirectory', 'uid', + }, + }, + } + @register() class idoverride_add(LDAPCreate): |