diff options
author | Thierry Bordaz <tbordaz@redhat.com> | 2015-05-08 10:41:44 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2015-05-18 09:37:21 +0200 |
commit | 51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b (patch) | |
tree | 814d8c84a4e54d817164208858425c3db42f15a0 /ipaserver | |
parent | c9e1ad0dbc28c6c5b0e7381144a969f6b77d504d (diff) | |
download | freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.gz freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.tar.xz freeipa-51937cc571ec8ea5e782b8dcd45f0ec5fe0f310b.zip |
User life cycle: Stage user Administrators permission/priviledge
Creation of stage user administrator
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index 9ca3eac6c..1fbfd9993 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -40,13 +40,13 @@ dict of the same format is defined in this module. The permission name must start with the "System:" prefix. The template dictionary can have the following keys: -* ipapermtarget, ipapermtargetfilter, ipapermlocation, ipapermright, objectclass +* ipapermtarget, ipapermtargetfilter, ipapermlocation, ipapermright, ,ipapermtargetto, ipapermtargetfrom, objectclass - Directly used as attributes on the permission. - Replaced when upgrading an existing permission - If not specified, these default to the defaults of a permission of the corresponding --type, or, if non_object is specified, or if not on an object, to general permission defaults . - - ipapermlocation and ipapermtarget must be DNs + - ipapermlocation, ipatargetto, ipapermtargetfrom, ipapermtarget must be DNs - ipapermtargetfilter and objectclass must be iterables of strings * ipapermbindruletype - Directly used as attribute on the permission. @@ -670,6 +670,14 @@ class update_managed_permissions(Updater): if ipapermtarget is not None: entry['ipapermtarget'] = ipapermtarget + ipapermtargetto = template.pop('ipapermtargetto', None) + if ipapermtargetto is not None: + entry['ipapermtargetto'] = ipapermtargetto + + ipapermtargetfrom = template.pop('ipapermtargetfrom', None) + if ipapermtargetfrom is not None: + entry['ipapermtargetfrom'] = ipapermtargetfrom + # Attributes from template bindruletype = template.pop('ipapermbindruletype', 'permission') if is_new: |