diff options
43 files changed, 3160 insertions, 371 deletions
diff --git a/install/static/Makefile.am b/install/static/Makefile.am index 8e4981984..40d3b521b 100644 --- a/install/static/Makefile.am +++ b/install/static/Makefile.am @@ -8,6 +8,7 @@ SUBDIRS = \ appdir = $(IPA_DATA_DIR)/static app_DATA = \ + aci.js \ add.js \ associate.js \ ipa_logo_180x50.png \ diff --git a/install/static/aci.js b/install/static/aci.js new file mode 100644 index 000000000..d536e34f7 --- /dev/null +++ b/install/static/aci.js @@ -0,0 +1,868 @@ +/* Authors: + * Adam Young <ayoung@redhat.com> + * + * Copyright (C) 2010 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; version 2 only + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +/* REQUIRES: ipa.js, details.js, search.js, add.js, entity.js */ + + +/*TODO Merge this code into the attribtue table widget */ +IPA.populate_attribute_table = function (table, entity){ + var attr_per_col = 400; + var aciattrs = IPA.metadata[entity].aciattrs; + var col_span = aciattrs.length / attr_per_col + 1; + + $('tbody tr', table).remove(); + + var tbody = $('tbody',table); + var td; + for (var a = 0; a < aciattrs.length ; a += 1){ + var aci_tr = $('<tr/>').appendTo(tbody); + + td = $('<td/>').appendTo(aci_tr); + td.append($('<input/>',{ + type:"checkbox", + id:'aciattr-'+aciattrs[a].toLowerCase(), + "class":'aci-attribute' + })); + td.append($('<label/>',{ + text:aciattrs[a].toLowerCase()})); + } +} + + +IPA.attribute_table_widget= function (spec){ + var id = spec.name; + var that = ipa_widget(spec); + var object_type = spec.objecttype || 'user'; + var table; + + that.create = function(container){ + + var dd = $('<dd/>').appendTo(container); + table = $('<table/>',{ + id:id, + 'class':'search-table'}). + append('<thead/>'). + append($('<tbody/>',{ + style:"height:30em; overflow:auto;" + })). + appendTo(dd); + + $('<tr></tr>'). + append($('<th/>',{ + style:"height:2em; vertical-align:bottom;", + html:$('<input/>',{ + type: "checkbox", + click: function(){ + $('.aci-attribute'). + attr('checked', $(this).attr('checked')); + }}). + after('<label>Attribute</lable>') + })). + appendTo($('thead', table)); + IPA.populate_attribute_table(table, object_type); + }; + + that.save = function(){ + var attrs_boxes = $('table#'+id+" td :checked"); + if (!attrs_boxes.length){ + return []; + } + var retval = ""; + for (var i = 0; i < attrs_boxes.length; i += 1){ + if (i > 0){ + retval += ','; + } + retval += attrs_boxes[i].id.substring("aciattr-".length); + } + + return [retval]; + } + + var attrs = []; + that.reset =function(){ + $('input[type=checkbox]', table).attr('checked',''); + for (var i = 0; i < attrs.length; i+=1){ + $(attrs[i], table).attr('checked','checked'); + } + } + + that.load = function(record){ + if (!record.attrs) return; + attrs = []; + for (var i = 0; i < record.attrs.length; i+=1){ + attrs.push('#aciattr-' +record.attrs[i]); + } + that.reset(); + } + + return that; +} + + + +IPA.entity_select_widget = function(spec){ + + var that = ipa_widget(spec); + var entity = spec.entity || 'group'; + + function populate_select(value){ + var selected = value; + function find_success(result){ + $('option', that.entity_select).remove(); + var entities = result.result.result; + for (var i =0; i < result.result.count; i +=1){ + var option = + that.entity_select.append($('<option/>',{ + text:entities[i].cn[0], + value:entities[i].cn[0] + })); + if (selected === entities[i].cn[0]){ + option.attr('selected','selected'); + } + } + } + function find_error(err){ + } + ipa_command({ + method: entity+'_find', + args:[that.entity_filter.val()], + options:{}, + on_success:find_success, + on_error:find_error, + }).execute(); + } + + that.create = function(container){ + var dd = $('<dd/>').appendTo(container); + + that.entity_select = $('<select/>', { + id: that.name + '-entity-select', + change: function(){ + + } + }).appendTo(dd); + + + that.entity_filter = $('<input/>',{ + size:10, + type: 'text', + id: 'entity_filter', + style: 'display: none;', + keypress: function(){ + populate_select(); + } + }).appendTo(dd); + + $('<a />',{ + href:"", + text: 'filter: ', + click:function(){ + that.entity_filter.css('display','inline'); + $(this).css('display','none'); + return false; + } + }).appendTo(dd); + + } + var value = ''; + that.reset = function(){ + that.entity_filter.val(value ); + populate_select(value); + + } + that.load = function(record){ + value = record[that.name]; + that.reset(); + } + + that.save = function(){ + return [$('option:selected', that.entity_select).val()]; + } + + return that; +} + +IPA.rights_widget = function(spec){ + var rights = ['write','add','delete']; + + var that = ipa_widget({name:'permissions',label:'Permissions'}); + that.id = spec.id; + + that.create = function(container){ + for (var i =0; i < rights.length; i += 1){ + $("<dd/>"). + append($('<input/>',{ + type:'checkbox', + 'class':that.entity_name +"_"+ that.name, + 'id':rights[i], + value:rights[i] + })). + append($('<label/>',{ + text:rights[i] + })). + appendTo(container); + } + + } + var values = []; + + that.reset = function(){ + var selector = '.'+ that.entity_name +"_"+ that.name; + + var checkboxes = $(selector); + + for (var i = 0; i < checkboxes.length; i +=1){ + checkboxes.attr('checked',''); + } + + for (var i = 0; i < values.length; i +=1){ + var value = values[i]; + var cb = $('#'+value+ selector); + cb.attr('checked', 'checked'); + } + + } + + that.load = function(record) { + values = record[that.name] || []; + that.reset(); + } + + that.save = function(){ + var rights_input = $('.'+ that.entity_name +"_"+ that.name); + var retval = ""; + for (var i =0; i < rights_input.length; i+=1){ + if (i > 0) { + retval += ','; + } + retval += rights_input[i].value; + } + return [retval]; + } + + return that; +} + + + + +function ipa_rights_section() { + var spec = {'name':'rights', + 'label': 'Rights'} + var that = ipa_details_section(spec); + that.add_field(IPA.rights_widget({name:'permissions'})); + + return that; +} + +function ipa_target_section() { + var spec = {'name':'target', + 'label': 'Target'} + + var that = ipa_details_section(spec); + var groupings = ['aci_by_type', 'aci_by_query', 'aci_by_group', + 'aci_by_filter' ]; + var inputs = ['input', 'select', 'textarea']; + + function disable_inputs(){ + for (var g = 0; g < groupings.length; g += 1 ){ + for (var t = 0 ; t < inputs.length; t += 1){ + $('.' + groupings[g] + ' '+ inputs[t]). + attr('disabled', 'disabled'); + } + } + } + function enable_by(grouping){ + for (var t = 0 ; t < inputs.length; t += 1){ + $('.' + grouping + ' '+ inputs[t]). + attr('disabled', ''); + } + } + + function display_filter_target(dl){ + $("<dt/>"). + append($("<label/>",{ + text: "Filter", + })). + append($('<input/>',{ + type:"radio", + name:"type", + checked:"true", + id:"aci_by_filter" + })).appendTo(dl); + + $('<dd/>',{ + 'class': 'aci_by_filter first'}). + append($('<input />',{ + + disabled:'true', + type:'text', + id:'aci_filter' + })). + appendTo(dl); + } + + + function display_type_target(dl){ + $("<dt/>"). + append($("<label/>",{ + text: "Object By Type ", + })). + append($('<input/>',{ + type:"radio", + name:"type", + checked:"true", + id:"aci_by_type" + })).appendTo(dl); + + var dd = $('<dd/>',{ + "class":"aci_by_type first", + }).appendTo(dl); + + var type_select = $('<select/>', { + id: 'object_type_select', + change: function(){ + var attribute_table = $('#aci_attributes_table'); + IPA.populate_attribute_table( + attribute_table, this.options[this.selectedIndex].value); + } + }).appendTo(dd); + var type_params=ipa_get_param_info("permission","type"); + for (var pc =0; pc < type_params.values.length; pc += 1){ + type_select.append($('<option/>',{ + value: type_params.values[pc], + text: type_params.values[pc] + })); + } + dd = $('<dd />',{ + "class":"aci_by_type other"}).appendTo(dl); + + var attribute_table = IPA.attribute_table_widget( + {name:'aci_attributes_table',object_type:'user'}); + + attribute_table.create(dl); + + + } + + function display_query_target(dl){ + $('<dt/>'). + append($('<label />',{ html: 'By Subtree'} )). + append($('<input />',{ + type:"radio", + name:"type", + id:"aci_by_query" })). + appendTo(dl); + + $("<dd/>",{ + "class":'aci_by_query first'}).append($('<textarea />',{ + id: 'aci_query_text', + cols:'30', + rows:'1'})) .appendTo(dl); + } + + function populate_target_group_select(){ + function find_success(result){ + var groups = result.result.result; + for (var i =0; i < result.result.count; i +=1){ + var option = groups[i].cn[0]; + that.group_select.append($('<option/>',{ + text:groups[i].cn[0], + value:groups[i].cn[0] + })); + } + } + function find_error(err){ + } + + $('option', that.group_select).remove(); + ipa_command({ + method:'group_find', + args:[that.group_filter.val()], + options:{}, + on_success:find_success, + on_error:find_error}).execute(); + } + + function display_group_target(dl){ + $('<dt/>' ). + append($('<label />',{ + html: 'Target Group'} )). + append($('<input />',{ + type:"radio", + name:"type", + id:"aci_by_group" })). + appendTo(dl); + + that.group_filter = $('<input/>',{ + type: 'text', + id: 'group_filter', + }); + that.group_select = $('<select/>', { + id: 'aci_target_group_select', + change: function(){ + } + }); + + $("<dd/>",{ + 'class':'aci_by_group first' + }). + append(that.group_filter). + append($('<label>Group Filter</label>')). + appendTo(dl); + + $("<dd/>",{ + 'class':'aci_by_group other' + }). + append(that.group_select). + appendTo(dl); + } + + + + + that.create = function(container) { + dl = $('<dl class="entryattrs"/>').appendTo(container); + + display_filter_target(dl); + display_query_target(dl); + display_group_target(dl); + display_type_target(dl); + + $('#aci_by_filter', dl).click(function (){ + disable_inputs(); + enable_by(groupings[3]); + }); + + $('#aci_by_type', dl).click(function (){ + disable_inputs(); + enable_by(groupings[0]); + }); + + $('#aci_by_query', dl).click(function (){ + disable_inputs(); + enable_by(groupings[1]); + }); + + $('#aci_by_group', dl).click(function (){ + disable_inputs(); + enable_by(groupings[2]); + populate_target_group_select(); + }); + + $('#aci_by_query', dl).click(); + + + }; + + that.setup = function(container) { + + } + + that.load = function(result) { + if(result.subtree){ + $('#aci_query_text').val(result.subtree); + $('#aci_by_query').click(); + }else if(result.type){ + $('#aci_by_type').click(); + $('#object_type_select').val(result.type); + IPA.populate_attribute_table($('#aci_attributes_table'), + result.type); + if (result.attrs){ + for (var a = 0; a < result.attrs.length; a += 1){ + var cb = $('#aciattr-'+result.attrs[a]); + if (!cb.length){ + alert('unmatched:'+result.attrs[a]); + } + cb.attr('checked',true); + } + } + }else if (result.targetgroup){ + var segments = result.targetgroup.split(/,/); + var targetgroup=segments[0].split(/=/)[1]; + that.group_filter.val( targetgroup); + $('#aci_by_group').click(); + }else if (result.filter){ + $('#aci_by_filter').click(); + $('#aci_filter').val(result.filter); + }else{ + alert('permission with invalid target specification'); + } + + } + + that.reset = function() { + }; + + that.save = function (record){ + + var record_type = $("input[name='type']:checked").attr('id'); + + if (record_type === 'aci_by_group'){ + record.targetgroup = + $('#aci_target_group_select option:selected').val(); + }else if (record_type === 'aci_by_type'){ + record.type = $('#object_type_select option:selected').val(); + }else if (record_type === 'aci_by_query'){ + record.subtree = $('#aci_query_text').val(); + }else if (record_type === 'aci_by_filter'){ + var filter = $('#aci_filter').val(); + record.filter = filter; + } + + var attrs = $('.aci-attribute:checked').each(function(){ + var id = this.id.split('-')[1]; + + if (!record.attributes){ + record.attributes = ""; + }else{ + record.attributes += ","; + } + record.attributes += id; + }); + } + + + return that; +} + + + + +function ipa_permission() { + + var that = ipa_entity({ + 'name': 'permission' + }); + + that.init = function() { + + var dialog = ipa_permission_add_dialog({ + name: 'add', + title: 'Add New Permission', + entity_name: 'permission' + }); + that.add_dialog(dialog); + dialog.init(); + + var facet = ipa_permission_search_facet({ + name: 'search', + label: 'Search' + }); + that.add_facet(facet); + + facet = ipa_permission_details_facet(); + that.add_facet(facet); + + that.entity_init(); + }; + + return that; +} + +IPA.add_entity(ipa_permission()); + + + +function ipa_permission_add_dialog(spec) { + + spec = spec || {}; + + var that = ipa_add_dialog(spec); + + that.init = function() { + + that.add_field(ipa_text_widget({ + name: 'cn', + undo: false + })); + + that.add_field(ipa_text_widget({ + name: 'description', + undo: false + })); + + that.add_field(IPA.rights_widget({name:'permissions'})); + that.add_field(ipa_text_widget({name:'filter'})); + that.add_dialog_init(); + + }; + + + return that; +} + + +function ipa_permission_search_facet(spec) { + + spec = spec || {}; + var that = ipa_search_facet(spec); + that.init = function() { + that.create_column({name:'cn'}); + that.create_column({name:'description'}); + that.search_facet_init(); + } + + return that; +} + + +function ipa_permission_details_facet() { + + var spec = { + name: 'details', + label: 'Details' + }; + var that = ipa_details_facet(spec); + + that.init = function() { + + var section = that.add_section(ipa_details_list_section({ + name:'identity',label:'Identity' })); + section.create_field({ name: 'cn', 'read_only': true }); + section.create_field({ name: 'description'}); + + that.rights_section = ipa_rights_section(); + that.add_section(that.rights_section); + + that.target_section = ipa_target_section(); + + that.add_section(that.target_section); + that.details_facet_init(); + }; + + that.superior_load = that.load; + + that.load = function(result) { + that.superior_load(result); + } + + that.superior_update = that.update; + that.update = function(on_win, on_fail){ + that.superior_update(on_win, on_fail); + } + + return that; +} + +IPA.add_entity( function() { + var that = ipa_entity({ + 'name': 'privilege' + }); + that.init = function() { + + var search_facet = ipa_search_facet({ + name: 'search', + label: 'Search', + entity_name: that.name + }); + search_facet.create_column({name:'cn'}); + search_facet.create_column({name:'description'}); + that.add_facet(search_facet); + + that.add_facet(function() { + var that = ipa_details_facet({name:'details',label:'Details'}); + that.add_section( + ipa_stanza({name:'identity', label:'Privilege Details'}). + input({name:'cn'}). + input({name: 'description'})); + return that; + }()); + + + var dialog = ipa_add_dialog({ + name: 'add', + title: 'Add Privilege', + entity_name: that.entity + }); + that.add_dialog(dialog); + + dialog.add_field(ipa_text_widget({ name: 'cn', undo: false})); + dialog.add_field(ipa_text_widget({ name: 'description', undo: false})); + dialog.init(); + + that.create_association_facets(); + that.entity_init(); + }; + return that; +}()); + + +IPA.add_entity( function() { + var that = ipa_entity({ + 'name': 'role' + }); + that.init = function() { + var search_facet = ipa_search_facet({ + name: 'search', + label: 'Search', + entity_name: that.name + }); + search_facet.create_column({name:'cn'}); + search_facet.create_column({name:'description'}); + that.add_facet(search_facet); + + that.add_facet(function() { + var that = ipa_details_facet({name:'details',label:'Details'}); + that.add_section( + ipa_stanza({name:'identity', label:'Role Details'}). + input({name:'cn'}). + input({name: 'description'})); + return that; + }()); + + var dialog = ipa_add_dialog({ + name: 'add', + title: 'Add Role' + }); + that.add_dialog(dialog); + + dialog.add_field(ipa_text_widget({ name: 'cn', undo: false})); + dialog.add_field(ipa_text_widget({ name: 'description', undo: false})); + dialog.init(); + + that.create_association_facets(); + + that.entity_init(); + }; + return that; +}()); + + +IPA.add_entity( function() { + var that = ipa_entity({ + 'name': 'selfservice' + }); + + that.add_facet(function () { + var spec = { + name: 'search', + label: 'Search' + }; + var that = ipa_search_facet(spec); + that.init = function() { + that.create_column({name:'aciname'}); + that.search_facet_init(); + } + return that; + }()); + + + that.add_facet(function(){ + var that = ipa_details_facet({'name':'details',label:'Details'}); + + that.init = function() { + that.add_section( + ipa_stanza({name:'general', label:'General'}). + input({name:'aciname'}). + custom_input(IPA.rights_widget({name:'permissions'})). + custom_input(IPA.attribute_table_widget({ + object_type:'user', + name:'attrs' + })) + ); + + } + + + + return that; + }()); + + + that.parent_init = that.init; + that.init = function(){ + that.parent_init(); + var dialog = ipa_add_dialog({ + name: 'add', + title: 'Add Self Service Definition' + }); + that.add_dialog(dialog); + dialog.add_field(ipa_text_widget({ name: 'aciname', undo: false})); + dialog.add_field(IPA.rights_widget({name:'permissions'})); + dialog.add_field(IPA.attribute_table_widget({ + object_type:'user', + name:'attrs' + })); + dialog.init(); + } + + return that; +}()); + + +IPA.add_entity( function() { + var that = ipa_entity({ + 'name': 'delegation' + }); + + that.add_facet(function () { + var spec = { + name: 'search', + label: 'Search' + }; + var that = ipa_search_facet(spec); + that.init = function() { + that.create_column({name:'aciname'}); + that.search_facet_init(); + } + return that; + }()); + that.add_facet(function(){ + var that = ipa_details_facet({'name':'details',label:'Details'}); + var section = + ipa_stanza({name:'general', label:'General'}). + input({name:'aciname'}). + custom_input(IPA.entity_select_widget( + {name:'group', entity:'group'})). + custom_input(IPA.entity_select_widget( + {name:'memberof', entity:'group'})). + custom_input( + IPA.rights_widget({ + id:'delegation_rights'})). + custom_input( + IPA.attribute_table_widget({ + name:'attrs'})); + that.add_section(section); + return that; + }()); + + that.super_init = that.init; + that.init = function(){ + that.super_init(); + var dialog = ipa_add_dialog({ + name: 'add', + title: 'Add Delegation', + entity_name: that.entity + }); + that.add_dialog(dialog); + dialog.add_field(ipa_text_widget({ name: 'aciname', undo: false})); + dialog.add_field(IPA.entity_select_widget({name:'group', + entity:'group'})); + dialog.add_field(IPA.entity_select_widget({name:'memberof', + entity:'group'})); + dialog.add_field(IPA.attribute_table_widget({ name: 'attrs'})); + + dialog.init(); + that.create_association_facets(); + } + + return that; +}());
\ No newline at end of file diff --git a/install/static/add.js b/install/static/add.js index ef08ba329..782bb185f 100644 --- a/install/static/add.js +++ b/install/static/add.js @@ -88,24 +88,34 @@ function ipa_add_dialog(spec) { that.dialog_init(); }; - that.add = function(record, on_success, on_error) { - + /* Fields that are not displayed directly, but that are managed by + another mechanism, such as the ACI permissions*/ + that.additional_fields = []; + that.additional_field = function(field) { + that.additional_fields.push(field); + } + + function save_field(field, record, args, options){ var pkey_name = IPA.metadata[that.entity_name].primary_key; + var value = record[field.name]; + if (!value) return; + if (field.name == pkey_name) { + args.push(value); + } else { + options[field.name] = value; + } + } + + that.add = function(record, on_success, on_error) { var args = []; var options = {}; for (var i=0; i<that.fields.length; i++) { - var field = that.fields[i]; - - var value = record[field.name]; - if (!value) continue; - - if (field.name == pkey_name) { - args.push(value); - } else { - options[field.name] = value; - } + save_field(that.fields[i], record, args, options); + } + for (var i=0; i<that.additional_fields.length; i++) { + save_field(that.additional_fields[i], record, args, options); } ipa_cmd('add', args, options, on_success, on_error, that.entity_name); diff --git a/install/static/details.js b/install/static/details.js index 28de8975e..1aeffb1df 100644 --- a/install/static/details.js +++ b/install/static/details.js @@ -79,6 +79,15 @@ function ipa_details_field(spec) { } if (that.values) { + /* + Too much logic currently assumes an array. + This is true everywhere but ACIs. */ + + if (!(that.values instanceof Array)){ + that.values = [that.values]; + } + + dd = ipa_create_first_dd(that.name); dd.append(ipa_details_field_create_input.call(that, that.values[0], hint_span, rights, 0)); dd.appendTo(that.container); @@ -165,6 +174,7 @@ function ipa_details_section(spec){ field.entity_name = that.entity_name; that.fields.push(field); that.fields_by_name[field.name] = field; + return field; }; that.create_field = function(spec) { @@ -396,6 +406,7 @@ function ipa_details_facet(spec) { section.entity_name = that.entity_name; that.sections.push(section); that.sections_by_name[section.name] = section; + return section; }; that.create_section = function(spec) { @@ -413,7 +424,11 @@ function ipa_details_facet(spec) { that.get_primary_key = function() { var pkey_name = IPA.metadata[that.entity_name].primary_key; - return that.record[pkey_name][0]; + if (that.record[pkey_name] instanceof Array){ + return that.record[pkey_name][0]; + }else{ + return that.record[pkey_name]; + } }; that.get_section_header_prefix = function(visible) { @@ -631,6 +646,11 @@ function ipa_details_update(on_win, on_fail) for (var i=0; i<that.sections.length; i++) { var section = that.sections[i]; + if (section.save){ + section.save(modlist); + continue; + } + var div = $('#'+that.entity_name+'-'+that.name+'-'+section.name, that.container); for (var j=0; j<section.fields.length; j++) { diff --git a/install/static/hbac.js b/install/static/hbac.js index 29db3aa84..264b7c5ae 100755 --- a/install/static/hbac.js +++ b/install/static/hbac.js @@ -121,15 +121,6 @@ function ipa_hbac_search_facet(spec) { that.search_facet_create(container); - - container.children().last().prepend( - $('<h2/>', { 'html': IPA.metadata.hbac.label })); - container.children().last().prepend('<br/><br/>'); - - }; - - that.setup = function(container) { - that.search_facet_setup(container); }; return that; diff --git a/install/static/hbacsvc.js b/install/static/hbacsvc.js index 7f5793e2a..dd2efee80 100755 --- a/install/static/hbacsvc.js +++ b/install/static/hbacsvc.js @@ -86,36 +86,6 @@ function ipa_hbacsvc_search_facet(spec) { that.search_facet_init(); }; - that.create = function(container) { - that.search_facet_create(container); - container.children().last().prepend( - $('<h2/>', { 'html': IPA.metadata.hbacsvc.label })); - container.children().last().prepend('<br/><br/>'); - }; - - that.setup = function(container) { - - that.search_facet_setup(container); - - var action_panel = that.get_action_panel(); - - var li = $('li[title=hbac]', action_panel); - li.click(function() { - var state = {}; - state['hbac-entity'] = 'hbac'; - nav_push_state(state); - return false; - }); - - li = $('li[title=hbacsvcgroup]', action_panel); - li.click(function() { - var state = {}; - state['hbac-entity'] = 'hbacsvcgroup'; - nav_push_state(state); - return false; - }); - }; - return that; } diff --git a/install/static/hbacsvcgroup.js b/install/static/hbacsvcgroup.js index 7db557132..e4b1eeacf 100755 --- a/install/static/hbacsvcgroup.js +++ b/install/static/hbacsvcgroup.js @@ -92,35 +92,6 @@ function ipa_hbacsvcgroup_search_facet(spec) { that.search_facet_init(); }; - that.create = function(container) { - that.search_facet_create(container); - container.children().last().prepend( - $('<h2/>', { 'html':IPA.metadata.hbacsvcgroup.label })); - container.children().last().prepend('<br/><br/>'); - }; - - that.setup = function(container) { - - that.search_facet_setup(container); - - var action_panel = that.get_action_panel(); - - var li = $('li[title=hbac]', action_panel); - li.click(function() { - var state = {}; - state['hbac-entity'] = 'hbac'; - nav_push_state(state); - return false; - }); - - li = $('li[title=hbacsvc]', action_panel); - li.click(function() { - var state = {}; - state['hbac-entity'] = 'hbacsvc'; - nav_push_state(state); - return false; - }); - }; return that; } diff --git a/install/static/index.html b/install/static/index.html index a27201033..1142000ff 100644 --- a/install/static/index.html +++ b/install/static/index.html @@ -35,6 +35,7 @@ <script type="text/javascript" src="sudocmd.js"></script> <script type="text/javascript" src="sudocmdgroup.js"></script> <script type="text/javascript" src="policy.js"></script> + <script type="text/javascript" src="aci.js"></script> <script type="text/javascript" src="develop.js"></script> diff --git a/install/static/search.js b/install/static/search.js index d5638697d..061824cc7 100644 --- a/install/static/search.js +++ b/install/static/search.js @@ -352,6 +352,11 @@ function ipa_search_facet(spec) { var span = $('<span/>', { 'name': 'search' }).appendTo(container); that.table.create(span); + + container.children().last().prepend( + $('<h2/>', { 'html': IPA.metadata[that.entity_name].label })); + container.children().last().prepend('<br/>'); + } function setup(container) { diff --git a/install/static/serverconfig.js b/install/static/serverconfig.js index e83274a8b..bf5b5c815 100644 --- a/install/static/serverconfig.js +++ b/install/static/serverconfig.js @@ -23,30 +23,6 @@ -/* ACI */ -ipa_entity_set_search_definition('aci', [ - ['cn', 'ACI name', null] -]); - -ipa_entity_set_add_definition('aci', [ - 'dialog-add-aci', 'Add New Aci', [ - ['cn', 'Name', null], - ['description', 'Description', null], - ] -]); - -ipa_entity_set_details_definition('aci', [ - ipa_stanza({name:'ipaserver', label:'Aci Details'}). - input({name:'cn', label:'Name'}). - input({name:'description', label:'Description'}) -]); - - - - - - - /* Configuration */ ipa_entity_set_details_definition('config',[ diff --git a/install/static/sudocmd.js b/install/static/sudocmd.js index edfc27d00..864063f62 100755 --- a/install/static/sudocmd.js +++ b/install/static/sudocmd.js @@ -86,38 +86,6 @@ function ipa_sudocmd_search_facet(spec) { that.search_facet_init(); }; - that.create = function(container) { - - that.search_facet_create(container); - - container.children().last().prepend( - $('<h2/>', { 'html': IPA.metadata.sudocmd.label })); - container.children().last().prepend('<br/><br/>'); - }; - - that.setup = function(container) { - - that.search_facet_setup(container); - - var action_panel = that.get_action_panel(); - - var li = $('li[title=sudorule]', action_panel); - li.click(function() { - var state = {}; - state['sudorule-entity'] = 'sudorule'; - nav_push_state(state); - return false; - }); - - li = $('li[title=sudocmdgroup]', action_panel); - li.click(function() { - var state = {}; - state['sudorule-entity'] = 'sudocmdgroup'; - nav_push_state(state); - return false; - }); - }; - return that; } diff --git a/install/static/sudocmdgroup.js b/install/static/sudocmdgroup.js index 6ebe8b1c5..1fb5e1899 100755 --- a/install/static/sudocmdgroup.js +++ b/install/static/sudocmdgroup.js @@ -92,39 +92,6 @@ function ipa_sudocmdgroup_search_facet(spec) { that.search_facet_init(); }; - that.create = function(container) { - - that.search_facet_create(container); - - container.children().last().prepend( - $('<h2/>', { 'html': IPA.metadata.sudocmdgroup.label })); - container.children().last().prepend('<br/><br/>'); - - }; - - that.setup = function(container) { - - that.search_facet_setup(container); - - var action_panel = that.get_action_panel(); - - var li = $('li[title=sudorule]', action_panel); - li.click(function() { - var state = {}; - state['sudorule-entity'] = 'sudorule'; - nav_push_state(state); - return false; - }); - - li = $('li[title=sudocmd]', action_panel); - li.click(function() { - var state = {}; - state['sudorule-entity'] = 'sudocmd'; - nav_push_state(state); - return false; - }); - }; - return that; } diff --git a/install/static/sudorule.js b/install/static/sudorule.js index 66c010ed8..c314ccd0b 100755 --- a/install/static/sudorule.js +++ b/install/static/sudorule.js @@ -86,19 +86,6 @@ function ipa_sudorule_search_facet(spec) { that.search_facet_init(); }; - that.create = function(container) { - that.search_facet_create(container); - - container.children().last().prepend( - $('<h2/>', { 'html': IPA.metadata.sudorule.label })); - container.children().last().prepend('<br/><br/>'); - - }; - - that.setup = function(container) { - that.search_facet_setup(container); - }; - return that; } diff --git a/install/static/test/aci_tests.html b/install/static/test/aci_tests.html new file mode 100755 index 000000000..7cdbeffa3 --- /dev/null +++ b/install/static/test/aci_tests.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html> +<head> + <title>Access Control Interface Test Suite</title> + <link rel="stylesheet" href="qunit.css" type="text/css" media="screen"> + <script type="text/javascript" src="qunit.js"></script> + + + + <script type="text/javascript" src="../jquery.js"></script> + <script type="text/javascript" src="../jquery.ba-bbq.js"></script> + <script type="text/javascript" src="../jquery-ui.js"></script> + <script type="text/javascript" src="../ipa.js"></script> + <script type="text/javascript" src="../widget.js"></script> + <script type="text/javascript" src="../details.js"></script> + <script type="text/javascript" src="../search.js"></script> + <script type="text/javascript" src="../add.js"></script> + <script type="text/javascript" src="../entity.js"></script> + <script type="text/javascript" src="../associate.js"></script> + <script type="text/javascript" src="../navigation.js"></script> + <script type="text/javascript" src="../aci.js"></script> + + <script type="text/javascript" src="aci_tests.js"></script> +</head> +<body> + <h1 id="qunit-header">Certificate Test Suite</h1> + <h2 id="qunit-banner"></h2> + <div id="qunit-testrunner-toolbar"></div> + <h2 id="qunit-userAgent"></h2> + <ol id="qunit-tests"></ol> + <div id="qunit-fixture"></div> +</body> +</html> diff --git a/install/static/test/aci_tests.js b/install/static/test/aci_tests.js new file mode 100644 index 000000000..76bff355b --- /dev/null +++ b/install/static/test/aci_tests.js @@ -0,0 +1,81 @@ +/* Authors: + * Endi Sukma Dewata <edewata@redhat.com> + * + * Copyright (C) 2010 Red Hat + * see file 'COPYING' for use and warranty information + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; version 2 only + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +var target_section; +var aci_container; + +module('aci',{ + setup: function() { + IPA.ajax_options.async = false; + IPA.init( + "data", + true, + function(data, text_status, xhr) { + ok(true, "ipa_init() succeeded."); + }, + function(xhr, text_status, error_thrown) { + ok(false, "ipa_init() failed: "+error_thrown); + } + ); + aci_container = $('<div id="aci"/>').appendTo(document.body); + target_section = ipa_target_section(); + target_section.create(aci_container); + }, + teardown: function() { + aci_container.remove(); + }} +); + + +test("Testing aci grouptarget.", function() { + var sample_data_filter_only = {"targetgroup":"ipausers"}; + target_section.load(sample_data_filter_only); + ok($('#aci_by_group')[0].checked, 'aci_by_group control selected'); + ok ($('#aci_target_group_select option').length > 2,'group select populated'); + +}); + + + +test("Testing aci object type.", function() { + var sample_data_filter_only = {"type":"hostgroup"}; + target_section.load(sample_data_filter_only); + ok($('.aci-attribute', aci_container).length > 4); + ok($('#aci_by_type')[0].checked, 'aci_by_type control selected'); + +}); + + +test("Testing aci filter only.", function() { + + var sample_data_filter_only = {"filter":"somevalue"}; + + target_section.load(sample_data_filter_only); + + var filter_radio = $('#aci_by_filter'); + + ok(filter_radio.length,'find "filter_only_radio" control'); + ok(filter_radio[0].checked,'filter_only_radio control is checked'); + +}); + + + diff --git a/install/static/test/all_tests.html b/install/static/test/all_tests.html index 64412b01b..6a29daffa 100644 --- a/install/static/test/all_tests.html +++ b/install/static/test/all_tests.html @@ -16,12 +16,14 @@ <script type="text/javascript" src="../associate.js"></script> <script type="text/javascript" src="../navigation.js"></script> <script type="text/javascript" src="../certificate.js"></script> + <script type="text/javascript" src="../aci.js"></script> <script type="text/javascript" src="ipa_tests.js"></script> <script type="text/javascript" src="details_tests.js"></script> <script type="text/javascript" src="entity_tests.js"></script> <script type="text/javascript" src="association_tests.js"></script> <script type="text/javascript" src="navigation_tests.js"></script> <script type="text/javascript" src="certificate_tests.js"></script> + <script type="text/javascript" src="aci_tests.js"></script> </head> <body> <h1 id="qunit-header">Complete Test Suite</h1> diff --git a/install/static/test/certificate_tests.html b/install/static/test/certificate_tests.html index 90f09b21a..5b411ff13 100755 --- a/install/static/test/certificate_tests.html +++ b/install/static/test/certificate_tests.html @@ -5,6 +5,8 @@ <link rel="stylesheet" href="qunit.css" type="text/css" media="screen"> <script type="text/javascript" src="qunit.js"></script> <script type="text/javascript" src="../jquery.js"></script> + <script type="text/javascript" src="../jquery.ba-bbq.js"></script> + <script type="text/javascript" src="../jquery-ui.js"></script> <script type="text/javascript" src="../ipa.js"></script> <script type="text/javascript" src="../details.js"></script> <script type="text/javascript" src="../search.js"></script> diff --git a/install/static/test/certificate_tests.js b/install/static/test/certificate_tests.js index cfa96b2bd..c50ec1867 100755 --- a/install/static/test/certificate_tests.js +++ b/install/static/test/certificate_tests.js @@ -18,6 +18,8 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +module('certificate'); + test("Testing certificate_parse_dn().", function() { same( diff --git a/install/static/test/data/aci_find.json b/install/static/test/data/aci_find.json index 3f0018c8e..23077876b 100644 --- a/install/static/test/data/aci_find.json +++ b/install/static/test/data/aci_find.json @@ -1,64 +1,63 @@ { - "error": null, - "id": 0, + "error": null, + "id": 6, "result": { - "count": 54, + "count": 53, "result": [ - "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)", - "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groupss,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr != \"aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaUniqueId\")(targetfilter = \"(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))\")(version 3.0;acl \"Account Admins can manage Users and Groups\";allow (add,delete,read,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", - "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", - "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", - "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)", + "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId || memberOf || serverHostName || enrolledBy\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hostgroups\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hostgroups\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hostgroups\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", + "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)", + "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", + "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)", "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from a different host\";allow (write) groupdn = \"ldap:///cn=request_cert_different_host,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)" - ], - "summary": "54 ACIs matched" + ], + "summary": "53 ACIs matched" } }
\ No newline at end of file diff --git a/install/static/test/data/delegation_find.json b/install/static/test/data/delegation_find.json new file mode 100644 index 000000000..82b31fc58 --- /dev/null +++ b/install/static/test/data/delegation_find.json @@ -0,0 +1,35 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 2, + "result": [ + { + "aciname": "delegme", + "attrs": [ + "cn" + ], + "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + }, + { + "aciname": "m2m", + "attrs": [ + "title" + ], + "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + } + ], + "summary": "2 delegations matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/delegation_list.json b/install/static/test/data/delegation_list.json new file mode 100644 index 000000000..d4d9fc060 --- /dev/null +++ b/install/static/test/data/delegation_list.json @@ -0,0 +1,35 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 2, + "result": [ + { + "aciname": "delegme", + "attrs": [ + "cn" + ], + "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + }, + { + "aciname": "m2m", + "attrs": [ + "title" + ], + "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + } + ], + "summary": "2 delegations matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/delegation_mod.json b/install/static/test/data/delegation_mod.json new file mode 100644 index 000000000..9f7da68bf --- /dev/null +++ b/install/static/test/data/delegation_mod.json @@ -0,0 +1,21 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "aciname": "m2m", + "attrs": [ + "title" + ], + "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "add", + "delete" + ] + }, + "summary": "Modified delegation \"m2m\"", + "value": "m2m" + } +}
\ No newline at end of file diff --git a/install/static/test/data/delegation_show.json b/install/static/test/data/delegation_show.json new file mode 100644 index 000000000..9444c8750 --- /dev/null +++ b/install/static/test/data/delegation_show.json @@ -0,0 +1,20 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "aciname": "delegme", + "attrs": [ + "cn" + ], + "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)", + "group": "muppets", + "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "permissions": [ + "write" + ] + }, + "summary": null, + "value": "delegme" + } +}
\ No newline at end of file diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json index 606f84823..3a5301e82 100644 --- a/install/static/test/data/ipa_init.json +++ b/install/static/test/data/ipa_init.json @@ -52,7 +52,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "key", "cli_short_name": null, "default": null, @@ -78,7 +78,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "info", "cli_short_name": null, "default": null, @@ -234,7 +234,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "map", "cli_short_name": null, "default": null, @@ -295,7 +295,7 @@ "ipahomesrootdir", "ipadefaultloginshell", "ipadefaultprimarygroup", - "ipadefaultdomain", + "ipadefaultemaildomain", "ipasearchtimelimit", "ipasearchrecordslimit", "ipausersearchfields", @@ -347,7 +347,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "homedirectory", "cli_short_name": null, "default": null, @@ -497,7 +497,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "usersearch", "cli_short_name": null, "default": null, @@ -523,7 +523,7 @@ "alwaysask": false, "attribute": false, "autofill": false, - "class": "Str", + "class": "IA5Str", "cli_name": "groupsearch", "cli_short_name": null, "default": null, @@ -586,7 +586,9 @@ "default": null, "doc": "Base for certificate subjects (OU=Test,O=Example)", "exclude": null, - "flags": [], + "flags": [ + "no_update" + ], "hint": null, "include": null, "label": "Certificate Subject base", @@ -601,6 +603,103 @@ "query": false, "required": false, "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "groupobjectclasses", + "cli_short_name": null, + "default": null, + "doc": "Default group objectclassses (comma-separated list)", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Default group objectclasses", + "multivalue": true, + "name": "ipagroupobjectclasses", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "userobjectclasses", + "cli_short_name": null, + "default": null, + "doc": "Default user objectclassses (comma-separated list)", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Default user objectclasses", + "multivalue": true, + "name": "ipauserobjectclasses", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Int", + "cli_name": "pwdexpnotify", + "cli_short_name": null, + "default": null, + "doc": "Password Expiration Notification (days)", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Password Expiration Notification", + "maxvalue": null, + "minvalue": 0, + "multivalue": false, + "name": "ipapwdexpadvnotify", + "primary_key": false, + "query": false, + "required": false, + "type": "int" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "ipaconfigstring", + "cli_short_name": null, + "default": null, + "doc": "Extra hashes to generate in password plugin", + "exclude": null, + "flags": [ + "no_update" + ], + "hint": null, + "include": null, + "label": "Password plugin features", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "ipaconfigstring", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": false, + "type": "unicode" } ], "uuid_attribute": "" @@ -1614,6 +1713,151 @@ ], "uuid_attribute": "" }, + "delegation": { + "bindable": false, + "label": "Delegation", + "methods": [ + "add", + "del", + "find", + "mod", + "show" + ], + "name": "delegation", + "object_name": [ + "delegation" + ], + "object_name_plural": [ + "delegation" + ], + "primary_key": "aciname", + "takes_params": [ + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "name", + "cli_short_name": null, + "default": null, + "doc": "Delegation name", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Delegation name", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "aciname", + "pattern": null, + "pattern_errmsg": null, + "primary_key": true, + "query": false, + "required": true, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "permissions", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of permissions to grant (read, write). Default is write.", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Permissions", + "multivalue": true, + "name": "permissions", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "attrs", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of attributes", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Attributes", + "multivalue": true, + "name": "attrs", + "primary_key": false, + "query": false, + "required": true, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "membergroup", + "cli_short_name": null, + "default": null, + "doc": "User group to apply delegation to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Member user group", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "memberof", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": true, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "group", + "cli_short_name": null, + "default": null, + "doc": "User group ACI grants access to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "User group", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "group", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": true, + "type": "unicode" + } + ] + }, "dns": { "default_attributes": [ "idnsname", @@ -4887,7 +5131,7 @@ "objectclass", "aci" ], - "label": "Role Groups", + "label": "Role", "methods": [ "add", "add_member", @@ -4966,6 +5210,99 @@ ], "uuid_attribute": "" }, + "selfservice": { + "bindable": false, + "label": "Self Service Permissions", + "methods": [ + "add", + "del", + "find", + "mod", + "show" + ], + "name": "selfservice", + "object_name": [ + "selfservice" + ], + "object_name_plural": [ + "selfservice" + ], + "primary_key": "aciname", + "takes_params": [ + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "name", + "cli_short_name": null, + "default": null, + "doc": "Self-Service name", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Self-Service name", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "aciname", + "pattern": null, + "pattern_errmsg": null, + "primary_key": true, + "query": false, + "required": true, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "permissions", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of permissions to grant (read, write). Default is write.", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Permissions", + "multivalue": true, + "name": "permissions", + "primary_key": false, + "query": false, + "required": false, + "separator": ",", + "skipspace": true, + "type": "tuple" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "List", + "cli_name": "attrs", + "cli_short_name": null, + "default": null, + "doc": "Comma-separated list of attributes", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Attributes", + "multivalue": true, + "name": "attrs", + "primary_key": false, + "query": false, + "required": true, + "separator": ",", + "skipspace": true, + "type": "tuple" + } + ] + }, "service": { "aciattrs": [ "ipaUniqueID", @@ -5388,6 +5725,12 @@ "memberUser" ], "attribute_members": { + "ipasudorunas": [ + "user" + ], + "ipasudorunasgroup": [ + "group" + ], "memberallowcmd": [ "sudocmd", "sudocmdgroup" @@ -5409,7 +5752,15 @@ "container_dn": "cn=sudorules", "default_attributes": [ "cn", - "description" + "ipaenabledflag", + "description", + "usercategory", + "hostcategory", + "cmdcategory", + "memberuser", + "memberhost", + "memberallowcmd", + "memberdenycmd" ], "hidden_attributes": [ "objectclass", @@ -5421,13 +5772,19 @@ "add_allow_command", "add_deny_command", "add_host", + "add_runasgroup", + "add_runasuser", "add_user", "del", + "disable", + "enable", "find", "mod", "remove_allow_command", "remove_deny_command", "remove_host", + "remove_runasgroup", + "remove_runasuser", "remove_user", "show" ], @@ -5498,6 +5855,89 @@ { "alwaysask": false, "attribute": false, + "autofill": true, + "class": "Flag", + "cli_name": "ipaenabledflag", + "cli_short_name": null, + "default": false, + "doc": "Enabled", + "exclude": null, + "falsehoods": [ + 0, + "0", + "false" + ], + "flags": [ + "no_update", + "no_create", + "no_search" + ], + "hint": null, + "include": null, + "label": "Enabled", + "multivalue": false, + "name": "ipaenabledflag", + "primary_key": false, + "query": false, + "required": false, + "truths": [ + "1", + 1, + "true" + ], + "type": "bool" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "StrEnum", + "cli_name": "usercat", + "cli_short_name": null, + "default": null, + "doc": "User category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "User category", + "multivalue": false, + "name": "usercategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "StrEnum", + "cli_name": "hostcat", + "cli_short_name": null, + "default": null, + "doc": "Host category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Host category", + "multivalue": false, + "name": "hostcategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, "autofill": false, "class": "StrEnum", "cli_name": "cmdcat", @@ -5523,6 +5963,54 @@ "alwaysask": false, "attribute": false, "autofill": false, + "class": "StrEnum", + "cli_name": "runasusercat", + "cli_short_name": null, + "default": null, + "doc": "Run As User category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Run As User category", + "multivalue": false, + "name": "ipasudorunasusercategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "StrEnum", + "cli_name": "runasgroupcat", + "cli_short_name": null, + "default": null, + "doc": "Run As Group category the rule applies to", + "exclude": null, + "flags": [], + "hint": null, + "include": null, + "label": "Run As Group category", + "multivalue": false, + "name": "ipasudorunasgroupcategory", + "primary_key": false, + "query": false, + "required": false, + "type": "unicode", + "values": [ + "all" + ] + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, "class": "Str", "cli_name": "memberuser_user", "cli_short_name": null, @@ -5728,6 +6216,66 @@ "query": false, "required": false, "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "ipasudorunas_user", + "cli_short_name": null, + "default": null, + "doc": "Run As User", + "exclude": null, + "flags": [ + "no_update", + "no_create", + "no_search" + ], + "hint": null, + "include": null, + "label": "Run As User", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "ipasudorunas_user", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": false, + "type": "unicode" + }, + { + "alwaysask": false, + "attribute": false, + "autofill": false, + "class": "Str", + "cli_name": "ipasudorunasgroup_group", + "cli_short_name": null, + "default": null, + "doc": "Run As Group", + "exclude": null, + "flags": [ + "no_update", + "no_create", + "no_search" + ], + "hint": null, + "include": null, + "label": "Run As Group", + "length": null, + "maxlength": null, + "minlength": null, + "multivalue": false, + "name": "ipasudorunasgroup_group", + "pattern": null, + "pattern_errmsg": null, + "primary_key": false, + "query": false, + "required": false, + "type": "unicode" } ], "uuid_attribute": "ipauniqueid" @@ -5742,139 +6290,77 @@ "gidNumber", "uidNumber", "homeDirectory", - "radiusRealm", - "radiusSimultaneousUse", - "radiusProxyToRealm", - "radiusReplicateToRealm", - "radiusStripUserName", - "dialupAccess", - "radiusLoginTime", - "radiusUserCategory", - "radiusExpiration", - "radiusCheckItem", - "roomNumber", - "photo", - "mail", - "krbLastPwdChange", + "manager", + "userCertificate", + "homePostalAddress", "krbLoginFailedCount", + "krbLastSuccessfulAuth", + "title", "userSMIMECertificate", - "radiusNASIpAddress", - "radiusReplyItem", - "jpegPhoto", - "krbPrincipalAliases", - "telexNumber", - "telephoneNumber", - "facsimileTelephoneNumber", - "teletexTerminalIdentifier", - "internationalISDNNumber", - "x121Address", - "destinationIndicator", - "registeredAddress", - "radiusTunnelType", - "krbPrincipalKey", - "radiusTunnelClientEndpoint", - "radiusVSA", + "krbPrincipalExpiration", + "roomNumber", + "photo", + "description", "krbPrincipalName", - "displayName", - "preferredDeliveryMethod", - "audio", - "preferredLanguage", - "krbExtraData", - "krbCanonicalName", - "radiusLoginIPHost", - "krbTicketFlags", + "mail", + "employeeType", "krbPwdHistory", - "pager", - "mobile", + "carLicense", + "departmentNumber", + "employeeNumber", + "inetUserHttpURL", "memberOf", - "krbUPEnabled", - "krbPrincipalType", - "krbTicketPolicyReference", - "x500UniqueIdentifier", - "krbMaxTicketLife", - "givenName", - "homePostalAddress", - "radiusReplyMessage", - "krbPrincipalExpiration", - "userPKCS12", - "radiusFramedProtocol", - "radiusFramedRoute", - "radiusFramedIPXNetwork", - "radiusFramedMTU", - "radiusFramedIPAddress", - "radiusFramedIPNetmask", - "radiusFramedAppleTalkZone", - "radiusFramedCompression", - "radiusFramedAppleTalkLink", - "radiusFramedAppleTalkNetwork", + "displayName", "st", "street", "l", - "inetUserHttpURL", - "inetUserStatus", + "krbMaxRenewableAge", + "jpegPhoto", + "audio", + "pager", + "secretary", + "preferredLanguage", + "krbExtraData", + "krbCanonicalName", "o", "ou", - "title", - "description", + "seeAlso", + "userPassword", "businessCategory", "postalAddress", "postalCode", "postOfficeBox", "physicalDeliveryOfficeName", + "mobile", "krbPwdPolicyReference", - "secretary", - "homePhone", - "radiusLoginLATGroup", - "krbLastFailedAuth", - "radiusIdleTimeout", - "radiusFramedRouting", - "radiusLoginService", - "radiusLoginLATService", - "radiusLoginLATPort", - "radiusLoginLATNode", - "radiusPasswordRetry", - "radiusLoginTCPPort", - "radiusPortLimit", - "manager", - "radiusTerminationAction", - "radiusTunnelAssignmentId", - "radiusTunnelMediumType", - "radiusTunnelPassword", "labeledURI", - "radiusPrompt", - "radiusServiceType", - "radiusSessionTimeout", - "employeeType", - "radiusTunnelPreference", - "carLicense", - "departmentNumber", - "employeeNumber", - "radiusTunnelPrivateGroupId", - "userCertificate", - "radiusTunnelServerEndpoint", - "seeAlso", - "userPassword", - "radiusClientIPAddress", - "radiusAuthType", - "radiusHint", - "radiusGroupName", - "radiusProfileDn", - "radiusHuntgroupName", - "krbMaxRenewableAge", + "homePhone", "krbPasswordExpiration", - "krbLastSuccessfulAuth", + "inetUserStatus", + "krbLastPwdChange", + "krbMaxTicketLife", + "krbUPEnabled", "loginShell", + "x500UniqueIdentifier", + "krbLastFailedAuth", "gecos", - "radiusCallbackId", - "radiusCallbackNumber", - "radiusCalledStationId", - "radiusCallingStationId", - "radiusArapFeatures", - "radiusArapSecurity", - "radiusArapZoneAccess", + "krbPrincipalKey", + "krbTicketFlags", + "krbPrincipalType", + "userPKCS12", "initials", - "radiusClass", - "radiusFilterId" + "krbTicketPolicyReference", + "givenName", + "preferredDeliveryMethod", + "krbPrincipalAliases", + "telexNumber", + "telephoneNumber", + "facsimileTelephoneNumber", + "teletexTerminalIdentifier", + "internationalISDNNumber", + "x121Address", + "destinationIndicator", + "registeredAddress" ], "attribute_members": { "memberof": [ @@ -6683,19 +7169,19 @@ "Administrator" ], "gidnumber": [ - "2120898932" + "66000000" ], "homedirectory": [ "/home/admin" ], "ipauniqueid": [ - "cc2d5b64-fe52-11df-a795-525400674dcd" + "c9e61ada-0703-11e0-addd-525400674dcd" ], "krblastpwdchange": [ - "20101202203134Z" + "20101213215751Z" ], "krbpasswordexpiration": [ - "20110302203134Z" + "20110313215751Z" ], "krbprincipalname": [ "admin@AYOUNG.BOSTON.DEVEL.REDHAT.COM" @@ -6729,7 +7215,7 @@ "admin" ], "uidnumber": [ - "2120898932" + "66000000" ] } ], diff --git a/install/static/test/data/permission_add.json b/install/static/test/data/permission_add.json new file mode 100644 index 000000000..2235b74c4 --- /dev/null +++ b/install/static/test/data/permission_add.json @@ -0,0 +1,26 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "cn": [ + "testperm" + ], + "description": [ + "description" + ], + "dn": "cn=testperm,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "objectclass": [ + "groupofnames", + "top" + ], + "permissions": [ + "read", + "write" + ], + "targetgroup": "ipausers" + }, + "summary": "Added permission \"testperm\"", + "value": "testperm" + } +}
\ No newline at end of file diff --git a/install/static/test/data/permission_del b/install/static/test/data/permission_del new file mode 100644 index 000000000..c11368986 --- /dev/null +++ b/install/static/test/data/permission_del @@ -0,0 +1,9 @@ +{ + "error": null, + "id": 0, + "result": { + "result": true, + "summary": "Deleted permission \"testperm\"", + "value": "testperm" + } +}
\ No newline at end of file diff --git a/install/static/test/data/permission_find.json b/install/static/test/data/permission_find.json new file mode 100644 index 000000000..0cd4d9884 --- /dev/null +++ b/install/static/test/data/permission_find.json @@ -0,0 +1,887 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 47, + "result": [ + { + "cn": [ + "addusers" + ], + "description": [ + "Add Users" + ], + "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "add" + ], + "type": "user" + }, + { + "attrs": [ + "userPassword", + "krbPrincipalKey", + "sambaLMPassword", + "sambaNTPassword", + "passwordHistory" + ], + "cn": [ + "change_password" + ], + "description": [ + "Change a user password" + ], + "dn": "cn=change_password,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "write" + ] + }, + { + "attrs": [ + "member" + ], + "cn": [ + "add_user_to_default_group" + ], + "description": [ + "Add user to default group" + ], + "dn": "cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "write" + ], + "targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeusers" + ], + "description": [ + "Remove Users" + ], + "dn": "cn=removeusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "delete" + ], + "type": "user" + }, + { + "attrs": [ + "givenName", + "sn", + "cn", + "displayName", + "title", + "initials", + "loginShell", + "gecos", + "homePhone", + "mobile", + "pager", + "facsimileTelephoneNumber", + "telephoneNumber", + "street", + "roomNumber", + "l", + "st", + "postalCode", + "manager", + "secretary", + "description", + "carLicense", + "labeledURI", + "inetUserHTTPURL", + "seeAlso", + "employeeType", + "businessCategory", + "ou", + "mepManagedEntry", + "objectclass" + ], + "cn": [ + "modifyusers" + ], + "description": [ + "Modify Users" + ], + "dn": "cn=modifyusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "useradmin" + ], + "permissions": [ + "write" + ], + "type": "user" + }, + { + "cn": [ + "addgroups" + ], + "description": [ + "Add Groups" + ], + "dn": "cn=addgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "add" + ], + "type": "group" + }, + { + "cn": [ + "removegroups" + ], + "description": [ + "Remove Groups" + ], + "dn": "cn=removegroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "delete" + ], + "type": "group" + }, + { + "attrs": [ + "cn", + "description", + "gidnumber", + "objectclass", + "mepManagedBy", + "ipaUniqueId" + ], + "cn": [ + "modifygroups" + ], + "description": [ + "Modify Groups" + ], + "dn": "cn=modifygroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "write" + ], + "type": "group" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifygroupmembership" + ], + "description": [ + "Modify Group membership" + ], + "dn": "cn=modifygroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "groupadmin" + ], + "permissions": [ + "write" + ], + "type": "group" + }, + { + "cn": [ + "addhosts" + ], + "description": [ + "Add Hosts" + ], + "dn": "cn=addhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin" + ], + "permissions": [ + "add" + ], + "type": "host" + }, + { + "cn": [ + "removehosts" + ], + "description": [ + "Remove Hosts" + ], + "dn": "cn=removehosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin" + ], + "permissions": [ + "delete" + ], + "type": "host" + }, + { + "attrs": [ + "description", + "l", + "nshostlocation", + "nshardwareplatform", + "nsosversion" + ], + "cn": [ + "modifyhosts" + ], + "description": [ + "Modify Hosts" + ], + "dn": "cn=modifyhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin" + ], + "permissions": [ + "write" + ], + "type": "host" + }, + { + "cn": [ + "addhostgroups" + ], + "description": [ + "Add Hostgroups" + ], + "dn": "cn=addhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "add" + ], + "type": "hostgroup" + }, + { + "cn": [ + "removehostgroups" + ], + "description": [ + "Remove Hostgroups" + ], + "dn": "cn=removehostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "delete" + ], + "type": "hostgroup" + }, + { + "attrs": [ + "cn", + "description" + ], + "cn": [ + "modifyhostgroups" + ], + "description": [ + "Modify Hostgroups" + ], + "dn": "cn=modifyhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "hostgroup" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifyhostgroupmembership" + ], + "description": [ + "Modify Hostgroup membership" + ], + "dn": "cn=modifyhostgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "hostgroup" + }, + { + "cn": [ + "addservices" + ], + "description": [ + "Add Services" + ], + "dn": "cn=addservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin" + ], + "permissions": [ + "add" + ], + "type": "service" + }, + { + "cn": [ + "removeservices" + ], + "description": [ + "Remove Services" + ], + "dn": "cn=removeservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin" + ], + "permissions": [ + "delete" + ], + "type": "service" + }, + { + "attrs": [ + "userCertificate" + ], + "cn": [ + "modifyservices" + ], + "description": [ + "Modify Services" + ], + "dn": "cn=modifyservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin" + ], + "permissions": [ + "write" + ], + "type": "service" + }, + { + "cn": [ + "addroles" + ], + "description": [ + "Add Roles" + ], + "dn": "cn=addroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeroles" + ], + "description": [ + "Remove Roles" + ], + "dn": "cn=removeroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "cn", + "description" + ], + "cn": [ + "modifyroles" + ], + "description": [ + "Modify Roles" + ], + "dn": "cn=modifyroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifyrolemembership" + ], + "description": [ + "Modify Role Group membership" + ], + "dn": "cn=modifyrolemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "member" + ], + "cn": [ + "modifyprivilegemembership" + ], + "description": [ + "Modify privilege membership" + ], + "dn": "cn=modifyprivilegemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "delegationadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=*,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "addautomountmaps" + ], + "description": [ + "Add Automount maps" + ], + "dn": "cn=addautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeautomountmaps" + ], + "description": [ + "Remove Automount maps" + ], + "dn": "cn=removeautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "addautomountkeys" + ], + "description": [ + "Add Automount keys" + ], + "dn": "cn=addautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeautomountkeys" + ], + "description": [ + "Remove Automount keys" + ], + "dn": "cn=removeautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "automountadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "addnetgroups" + ], + "description": [ + "Add netgroups" + ], + "dn": "cn=addnetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "add" + ], + "type": "netgroup" + }, + { + "cn": [ + "removenetgroups" + ], + "description": [ + "Remove netgroups" + ], + "dn": "cn=removenetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "delete" + ], + "type": "netgroup" + }, + { + "attrs": [ + "description" + ], + "cn": [ + "modifynetgroups" + ], + "description": [ + "Modify netgroups" + ], + "dn": "cn=modifynetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "netgroup" + }, + { + "attrs": [ + "memberhost", + "externalhost", + "memberuser", + "member" + ], + "cn": [ + "modifynetgroupmembership" + ], + "description": [ + "Modify netgroup membership" + ], + "dn": "cn=modifynetgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "netgroupadmin" + ], + "permissions": [ + "write" + ], + "type": "netgroup" + }, + { + "attrs": [ + "krbPrincipalKey", + "krbLastPwdChange" + ], + "cn": [ + "manage_host_keytab" + ], + "description": [ + "Manage host keytab" + ], + "dn": "cn=manage_host_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin", + "enrollhost" + ], + "permissions": [ + "write" + ], + "type": "host" + }, + { + "attrs": [ + "krbPrincipalKey", + "krbLastPwdChange" + ], + "cn": [ + "manage_service_keytab" + ], + "description": [ + "Manage service keytab" + ], + "dn": "cn=manage_service_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "serviceadmin", + "admins" + ], + "permissions": [ + "write" + ], + "type": "service" + }, + { + "attrs": [ + "enrolledBy", + "objectClass" + ], + "cn": [ + "enroll_host" + ], + "description": [ + "Enroll a host" + ], + "dn": "cn=enroll_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "hostadmin", + "enrollhost" + ], + "permissions": [ + "write" + ], + "type": "host" + }, + { + "cn": [ + "managereplica" + ], + "description": [ + "Manage Replication Agreements" + ], + "dn": "cn=managereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "replicaadmin" + ], + "memberindirect": [ + "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + }, + { + "cn": [ + "deletereplica" + ], + "description": [ + "Delete Replication Agreements" + ], + "dn": "cn=deletereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "replicaadmin" + ], + "memberindirect": [ + "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + }, + { + "cn": [ + "addentitlements" + ], + "description": [ + "Add Entitlements" + ], + "dn": "cn=addentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "entitlementadmin" + ], + "permissions": [ + "add" + ], + "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "removeentitlements" + ], + "description": [ + "Remove Entitlements" + ], + "dn": "cn=removeentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "entitlementadmin" + ], + "permissions": [ + "delete" + ], + "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "userCertificate" + ], + "cn": [ + "modifyentitlements" + ], + "description": [ + "Modify Entitlements" + ], + "dn": "cn=modifyentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "entitlementadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "retrieve_certs" + ], + "description": [ + "Retrieve Certificates from the CA" + ], + "dn": "cn=retrieve_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "request_certs" + ], + "description": [ + "Request Certificates from the CA" + ], + "dn": "cn=request_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "request_cert_different_host" + ], + "description": [ + "Request Certificates from a different host" + ], + "dn": "cn=request_cert_different_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "certificate_status" + ], + "description": [ + "Get Certificates status from the CA" + ], + "dn": "cn=certificate_status,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "revoke_certificate" + ], + "description": [ + "Revoke Certificate" + ], + "dn": "cn=revoke_certificate,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "attrs": [ + "objectClass" + ], + "cn": [ + "certificate_remove_hold" + ], + "description": [ + "Certificate Remove Hold" + ], + "dn": "cn=certificate_remove_hold,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "certadmin" + ], + "permissions": [ + "write" + ], + "subtree": "ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "update_dns" + ], + "description": [ + "DNS Servers Updates" + ], + "dn": "cn=update_dns,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member_privilege": [ + "dnsadmin", + "dnsserver" + ], + "memberindirect": [ + "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + } + ], + "summary": "47 permissions matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/permission_show.json b/install/static/test/data/permission_show.json new file mode 100644 index 000000000..ac12ef0e2 --- /dev/null +++ b/install/static/test/data/permission_show.json @@ -0,0 +1,41 @@ +{ + "error": null, + "id": 6, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "businesscategory": "rscwo", + "cn": "rscwo", + "description": "rscwo", + "member": "rscwo", + "nsaccountlock": "rscwo", + "o": "rscwo", + "objectclass": "rscwo", + "ou": "rscwo", + "owner": "rscwo", + "seealso": "rscwo" + }, + "cn": [ + "addusers" + ], + "description": [ + "Add Users" + ], + "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "member": [ + "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ], + "objectclass": [ + "top", + "groupofnames" + ], + "permissions": [ + "add" + ], + "type": "user" + }, + "summary": null, + "value": "addusers" + } +}
\ No newline at end of file diff --git a/install/static/test/data/privilege_find.json b/install/static/test/data/privilege_find.json new file mode 100644 index 000000000..c48c4a0e8 --- /dev/null +++ b/install/static/test/data/privilege_find.json @@ -0,0 +1,215 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 14, + "result": [ + { + "cn": [ + "useradmin" + ], + "description": [ + "User Administrators" + ], + "dn": "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addusers", + "change_password", + "add_user_to_default_group", + "removeusers", + "modifyusers" + ] + }, + { + "cn": [ + "groupadmin" + ], + "description": [ + "Group Administrators" + ], + "dn": "cn=groupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addgroups", + "removegroups", + "modifygroups", + "modifygroupmembership" + ] + }, + { + "cn": [ + "hostadmin" + ], + "description": [ + "Host Administrators" + ], + "dn": "cn=hostadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addhosts", + "removehosts", + "modifyhosts", + "manage_host_keytab", + "enroll_host" + ] + }, + { + "cn": [ + "hostgroupadmin" + ], + "description": [ + "Host Group Administrators" + ], + "dn": "cn=hostgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addhostgroups", + "removehostgroups", + "modifyhostgroups", + "modifyhostgroupmembership" + ] + }, + { + "cn": [ + "delegationadmin" + ], + "description": [ + "Role administration" + ], + "dn": "cn=delegationadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addroles", + "removeroles", + "modifyroles", + "modifyrolemembership", + "modifyprivilegemembership" + ] + }, + { + "cn": [ + "serviceadmin" + ], + "description": [ + "Service Administrators" + ], + "dn": "cn=serviceadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addservices", + "removeservices", + "modifyservices", + "manage_service_keytab" + ] + }, + { + "cn": [ + "automountadmin" + ], + "description": [ + "Automount Administrators" + ], + "dn": "cn=automountadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addautomountmaps", + "removeautomountmaps", + "addautomountkeys", + "removeautomountkeys" + ] + }, + { + "cn": [ + "netgroupadmin" + ], + "description": [ + "Netgroups Administrators" + ], + "dn": "cn=netgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addnetgroups", + "removenetgroups", + "modifynetgroups", + "modifynetgroupmembership" + ] + }, + { + "cn": [ + "certadmin" + ], + "description": [ + "Certificate Administrators" + ], + "dn": "cn=certadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "retrieve_certs", + "request_certs", + "request_cert_different_host", + "certificate_status", + "revoke_certificate", + "certificate_remove_hold" + ] + }, + { + "cn": [ + "replicaadmin" + ], + "description": [ + "Replication Administrators" + ], + "dn": "cn=replicaadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberindirect": [ + "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ], + "memberof_permission": [ + "managereplica", + "deletereplica" + ] + }, + { + "cn": [ + "enrollhost" + ], + "description": [ + "Host Enrollment" + ], + "dn": "cn=enrollhost,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "manage_host_keytab", + "enroll_host" + ] + }, + { + "cn": [ + "entitlementadmin" + ], + "description": [ + "Entitlement Administrators" + ], + "dn": "cn=entitlementadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberof_permission": [ + "addentitlements", + "removeentitlements", + "modifyentitlements" + ] + }, + { + "cn": [ + "dnsadmin" + ], + "description": [ + "DNS Administrators" + ], + "dn": "cn=dnsadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + }, + { + "cn": [ + "dnsserver" + ], + "description": [ + "DNS Servers" + ], + "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberindirect": [ + "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ] + } + ], + "summary": "14 privileges matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/privilege_show.json b/install/static/test/data/privilege_show.json new file mode 100644 index 000000000..7d9328aa0 --- /dev/null +++ b/install/static/test/data/privilege_show.json @@ -0,0 +1,39 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "businesscategory": "rscwo", + "cn": "rscwo", + "description": "rscwo", + "member": "rscwo", + "memberof": "rsc", + "nsaccountlock": "rscwo", + "o": "rscwo", + "objectclass": "rscwo", + "ou": "rscwo", + "owner": "rscwo", + "seealso": "rscwo" + }, + "cn": [ + "dnsserver" + ], + "description": [ + "DNS Servers" + ], + "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "memberindirect": [ + "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + ], + "objectclass": [ + "top", + "groupofnames", + "nestedgroup" + ] + }, + "summary": null, + "value": "dnsserver" + } +}
\ No newline at end of file diff --git a/install/static/test/data/role_find.json b/install/static/test/data/role_find.json new file mode 100644 index 000000000..af013803c --- /dev/null +++ b/install/static/test/data/role_find.json @@ -0,0 +1,20 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 1, + "result": [ + { + "cn": [ + "helpdesk" + ], + "description": [ + "Helpdesk" + ], + "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com" + } + ], + "summary": "1 role matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/role_show.json b/install/static/test/data/role_show.json new file mode 100644 index 000000000..9ad8dd689 --- /dev/null +++ b/install/static/test/data/role_show.json @@ -0,0 +1,36 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "attributelevelrights": { + "aci": "rscwo", + "businesscategory": "rscwo", + "cn": "rscwo", + "description": "rscwo", + "member": "rscwo", + "memberof": "rsc", + "nsaccountlock": "rscwo", + "o": "rscwo", + "objectclass": "rscwo", + "ou": "rscwo", + "owner": "rscwo", + "seealso": "rscwo" + }, + "cn": [ + "helpdesk" + ], + "description": [ + "Helpdesk" + ], + "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com", + "objectclass": [ + "top", + "groupofnames", + "nestedgroup" + ] + }, + "summary": null, + "value": "helpdesk" + } +}
\ No newline at end of file diff --git a/install/static/test/data/selfservice_find.json b/install/static/test/data/selfservice_find.json new file mode 100644 index 000000000..91db6e40b --- /dev/null +++ b/install/static/test/data/selfservice_find.json @@ -0,0 +1,24 @@ +{ + "error": null, + "id": 0, + "result": { + "count": 1, + "result": [ + { + "aciname": "Self can write own password", + "attrs": [ + "userPassword", + "krbPrincipalKey", + "sambaLMPassword", + "sambaNTPassword" + ], + "permissions": [ + "write" + ], + "selfaci": true + } + ], + "summary": "1 selfservice matched", + "truncated": false + } +}
\ No newline at end of file diff --git a/install/static/test/data/selfservice_show.json b/install/static/test/data/selfservice_show.json new file mode 100644 index 000000000..358e65924 --- /dev/null +++ b/install/static/test/data/selfservice_show.json @@ -0,0 +1,21 @@ +{ + "error": null, + "id": 0, + "result": { + "result": { + "aciname": "Self can write own password", + "attrs": [ + "userPassword", + "krbPrincipalKey", + "sambaLMPassword", + "sambaNTPassword" + ], + "permissions": [ + "write" + ], + "selfaci": true + }, + "summary": null, + "value": "Self can write own password" + } +}
\ No newline at end of file diff --git a/install/static/test/details_tests.js b/install/static/test/details_tests.js index f0b8e15c3..baed80ce5 100644 --- a/install/static/test/details_tests.js +++ b/install/static/test/details_tests.js @@ -19,6 +19,8 @@ */ +module('details'); + test("Testing ipa_details_section.create().", function() { IPA.ajax_options.async = false; diff --git a/install/static/test/entity_tests.js b/install/static/test/entity_tests.js index 78fb5f4b6..4b60c3e93 100644 --- a/install/static/test/entity_tests.js +++ b/install/static/test/entity_tests.js @@ -18,6 +18,8 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +module('entity'); + test('Testing ipa_entity_set_search_definition().', function() { var uid_callback = function() { diff --git a/install/static/test/index.html b/install/static/test/index.html index 5467a683f..78b41e9b5 100644 --- a/install/static/test/index.html +++ b/install/static/test/index.html @@ -30,6 +30,7 @@ <li><a href="association_tests.html">Association Test Suite</a> <li><a href="navigation_tests.html">Navigation Test Suite</a> <li><a href="certificate_tests.html">Certificate Test Suite</a> + <li><a href="aci_tests.html">Access Control Interface Test Suite</a> </ul> </div> diff --git a/install/static/test/ipa_tests.js b/install/static/test/ipa_tests.js index ec95f6864..23190c1fb 100644 --- a/install/static/test/ipa_tests.js +++ b/install/static/test/ipa_tests.js @@ -18,6 +18,8 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +module('ipa'); + test("Testing ipa_init().", function() { expect(1); diff --git a/install/static/test/navigation_tests.js b/install/static/test/navigation_tests.js index f8e58026f..4321939f9 100644 --- a/install/static/test/navigation_tests.js +++ b/install/static/test/navigation_tests.js @@ -19,7 +19,7 @@ */ - +module('navigation'); test("Testing nav_create().", function() { diff --git a/install/static/webui.js b/install/static/webui.js index 47d4f3cb1..de90b72fc 100644 --- a/install/static/webui.js +++ b/install/static/webui.js @@ -47,6 +47,12 @@ var admin_tab_set = [ {name:'krbtpolicy', entity:'krbtpolicy'} ]}, {name:'ipaserver', children: [ + {name:'role',entity:'role' ,children:[ + {name:'privilege',entity:'privilege' }, + {name:'permission', entity:'permission'} + ]}, + {name:'selfservice' ,entity:'selfservice'}, + {name:'delegation' ,entity:'delegation'}, {name:'config', entity:'config'} ]} ]; diff --git a/install/static/widget.js b/install/static/widget.js index 322bdd1a8..07973c7ff 100755 --- a/install/static/widget.js +++ b/install/static/widget.js @@ -686,7 +686,11 @@ function ipa_table_widget(spec) { var name = that.columns[i].name; var values = result[name]; if (!values) continue; - record[name] = values[index]; + if (values instanceof Array){ + record[name] = values[index]; + }else{ + record[name] = values; + } } return record; }; diff --git a/ipalib/plugins/delegation.py b/ipalib/plugins/delegation.py index f68e7799f..6ed224421 100644 --- a/ipalib/plugins/delegation.py +++ b/ipalib/plugins/delegation.py @@ -138,6 +138,8 @@ class delegation(Object): json_dict = dict( (a, getattr(self, a)) for a in json_friendly_attributes ) + json_dict['primary_key'] = self.primary_key.name + json_dict['methods'] = [m for m in self.methods] return json_dict diff --git a/ipalib/plugins/selfservice.py b/ipalib/plugins/selfservice.py index bf1eccfde..9152895a5 100644 --- a/ipalib/plugins/selfservice.py +++ b/ipalib/plugins/selfservice.py @@ -70,7 +70,7 @@ class selfservice(Object): bindable = False object_name = 'selfservice', object_name_plural = 'selfservice', - label = _('Permissions') + label = _('Self Service Permissions') takes_params = ( Str('aciname', @@ -101,6 +101,7 @@ class selfservice(Object): json_dict = dict( (a, getattr(self, a)) for a in json_friendly_attributes ) + json_dict['primary_key'] = self.primary_key.name json_dict['methods'] = [m for m in self.methods] return json_dict |