diff options
author | Thierry Bordaz <tbordaz@redhat.com> | 2015-05-08 10:41:44 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2015-05-18 09:37:21 +0200 |
commit | 51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b (patch) | |
tree | 814d8c84a4e54d817164208858425c3db42f15a0 /ipalib/plugins/permission.py | |
parent | c9e1ad0dbc28c6c5b0e7381144a969f6b77d504d (diff) | |
download | freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.gz freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.xz freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.zip |
User life cycle: Stage user Administrators permission/priviledge
Creation of stage user administrator
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r-- | ipalib/plugins/permission.py | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index 3895d8eae..f46affc34 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -302,6 +302,22 @@ class permission(baseldap.LDAPObject): '(must be in the subtree, but may not yet exist)'), ), + DNParam( + 'ipapermtargetto?', + cli_name='targetto', + label=_('Target DN subtree'), + doc=_('Optional DN subtree where an entry can be moved to ' + '(must be in the subtree, but may not yet exist)'), + ), + + DNParam( + 'ipapermtargetfrom?', + cli_name='targetfrom', + label=_('Origin DN subtree'), + doc=_('Optional DN subtree from where an entry can be moved ' + '(must be in the subtree, but may not yet exist)'), + ), + Str('memberof*', label=_('Member of group'), # FIXME: Does this label make sense? doc=_('Target members of a group (sets memberOf targetfilter)'), @@ -532,6 +548,18 @@ class permission(baseldap.LDAPObject): aci_parts.append("(target = \"%s\")" % 'ldap:///%s' % ipapermtarget) + # target_to + ipapermtargetto = entry.single_value.get('ipapermtargetto') + if ipapermtargetto: + aci_parts.append("(target_to = \"%s\")" % + 'ldap:///%s' % ipapermtargetto) + + # target_from + ipapermtargetfrom = entry.single_value.get('ipapermtargetfrom') + if ipapermtargetfrom: + aci_parts.append("(target_from = \"%s\")" % + 'ldap:///%s' % ipapermtargetfrom) + # targetfilter ipapermtargetfilter = entry.get('ipapermtargetfilter') if ipapermtargetfilter: |