diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-07-06 17:45:53 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-07-14 19:23:17 -0400 |
| commit | bea7818adde2712be3ee052634bdf314fd63b5da (patch) | |
| tree | 6a81f97e87e9ef1b6795eebac4bc0e53cec20a6a /ipalib/plugins | |
| parent | 9dfdf55034223e05c72e59239169be8cf315fc29 (diff) | |
| download | freeipa-bea7818adde2712be3ee052634bdf314fd63b5da.tar.gz freeipa-bea7818adde2712be3ee052634bdf314fd63b5da.tar.xz freeipa-bea7818adde2712be3ee052634bdf314fd63b5da.zip | |
Remove the ability to create new HBAC deny rules.
New rules will all be allow type. Existing rules cannot be changed to
deny.
The type attribute now defaults to allow with autofill so it won't be
prompted in interactive mode in the cli.
https://fedorahosted.org/freeipa/ticket/1432
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/hbacrule.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 2488b1d91..2dcdddd58 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -87,6 +87,10 @@ from ipalib import _, ngettext topic = ('hbac', 'Host-based access control commands') +def validate_type(ugettext, type): + if type.lower() == 'deny': + raise errors.ValidationError(name='type', error=_('The deny type has been deprecated.')) + def is_all(options, attribute): """ See if options[attribute] is lower-case 'all' in a safe way. @@ -132,11 +136,13 @@ class hbacrule(LDAPObject): label=_('Rule name'), primary_key=True, ), - StrEnum('accessruletype', + StrEnum('accessruletype', validate_type, cli_name='type', - doc=_('Rule type (allow or deny)'), + doc=_('Rule type (allow)'), label=_('Rule type'), values=(u'allow', u'deny'), + default=u'allow', + autofill=True, ), # FIXME: {user,host,sourcehost,service}categories should expand in the future StrEnum('usercategory?', |