diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 14:56:30 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-04-15 10:42:31 +0200 |
commit | 75eaf0bddfe0ce3eaea86b42a767c16846379b4b (patch) | |
tree | 883b96192b4d0ef626a9e85953e8a80c0a67f94f /ipalib | |
parent | 3deb76cf17a79a0736aa555f550415e6d9f2ed08 (diff) | |
download | freeipa-75eaf0bddfe0ce3eaea86b42a767c16846379b4b.tar.gz freeipa-75eaf0bddfe0ce3eaea86b42a767c16846379b4b.tar.xz freeipa-75eaf0bddfe0ce3eaea86b42a767c16846379b4b.zip |
Add managed read permission to config
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib')
-rw-r--r-- | ipalib/plugins/config.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ipalib/plugins/config.py b/ipalib/plugins/config.py index 05369be4e..4ac411c74 100644 --- a/ipalib/plugins/config.py +++ b/ipalib/plugins/config.py @@ -94,6 +94,28 @@ class config(LDAPObject): 'ipaselinuxusermapdefault', 'ipaconfigstring', 'ipakrbauthzdata', 'ipauserauthtype' ] + container_dn = DN(('cn', 'ipaconfig'), ('cn', 'etc')) + permission_filter_objectclasses = ['ipaguiconfig'] + managed_permissions = { + 'System: Read Global Configuration': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'objectclass', + 'ipacertificatesubjectbase', 'ipaconfigstring', + 'ipadefaultemaildomain', 'ipadefaultloginshell', + 'ipadefaultprimarygroup', 'ipagroupobjectclasses', + 'ipagroupsearchfields', 'ipahomesrootdir', + 'ipakrbauthzdata', 'ipamaxusernamelength', + 'ipamigrationenabled', 'ipapwdexpadvnotify', + 'ipaselinuxusermapdefault', 'ipaselinuxusermaporder', + 'ipasearchrecordslimit', 'ipasearchtimelimit', + 'ipauserauthtype', 'ipauserobjectclasses', + 'ipausersearchfields', 'ipacustomfields', + }, + }, + } label = _('Configuration') label_singular = _('Configuration') |