User life cycle: Stage user Administrators permission/priviledge

Creation of stage user administrator https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Thierry Bordaz <tbordaz@redhat.com> 2015-05-08 10:41:44 +0200
committer: Martin Kosek <mkosek@redhat.com> 2015-05-18 09:37:21 +0200
commit: 51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b (patch)
tree: 814d8c84a4e54d817164208858425c3db42f15a0 /ipalib/plugins/permission.py
parent: c9e1ad0dbc28c6c5b0e7381144a969f6b77d504d (diff)
download: freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.gz
freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.xz
freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 3895d8eae..f46affc34 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -302,6 +302,22 @@ class permission(baseldap.LDAPObject):
                   '(must be in the subtree, but may not yet exist)'),
         ),
 
+        DNParam(
+            'ipapermtargetto?',
+            cli_name='targetto',
+            label=_('Target DN subtree'),
+            doc=_('Optional DN subtree where an entry can be moved to '
+                  '(must be in the subtree, but may not yet exist)'),
+        ),
+
+        DNParam(
+            'ipapermtargetfrom?',
+            cli_name='targetfrom',
+            label=_('Origin DN subtree'),
+            doc=_('Optional DN subtree from where an entry can be moved '
+                  '(must be in the subtree, but may not yet exist)'),
+        ),
+
         Str('memberof*',
             label=_('Member of group'),  # FIXME: Does this label make sense?
             doc=_('Target members of a group (sets memberOf targetfilter)'),
@@ -532,6 +548,18 @@ class permission(baseldap.LDAPObject):
             aci_parts.append("(target = \"%s\")" %
                              'ldap:///%s' % ipapermtarget)
 
+        # target_to
+        ipapermtargetto = entry.single_value.get('ipapermtargetto')
+        if ipapermtargetto:
+            aci_parts.append("(target_to = \"%s\")" %
+                             'ldap:///%s' % ipapermtargetto)
+
+        # target_from
+        ipapermtargetfrom = entry.single_value.get('ipapermtargetfrom')
+        if ipapermtargetfrom:
+            aci_parts.append("(target_from = \"%s\")" %
+                             'ldap:///%s' % ipapermtargetfrom)
+
         # targetfilter
         ipapermtargetfilter = entry.get('ipapermtargetfilter')
         if ipapermtargetfilter:
author	Thierry Bordaz <tbordaz@redhat.com>	2015-05-08 10:41:44 +0200
committer	Martin Kosek <mkosek@redhat.com>	2015-05-18 09:37:21 +0200
commit	51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b (patch)
tree	814d8c84a4e54d817164208858425c3db42f15a0 /ipalib/plugins/permission.py
parent	c9e1ad0dbc28c6c5b0e7381144a969f6b77d504d (diff)
download	freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.gz freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.xz freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.zip