summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/permission.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r--ipalib/plugins/permission.py28
1 files changed, 28 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index 3895d8eae..f46affc34 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -302,6 +302,22 @@ class permission(baseldap.LDAPObject):
'(must be in the subtree, but may not yet exist)'),
),
+ DNParam(
+ 'ipapermtargetto?',
+ cli_name='targetto',
+ label=_('Target DN subtree'),
+ doc=_('Optional DN subtree where an entry can be moved to '
+ '(must be in the subtree, but may not yet exist)'),
+ ),
+
+ DNParam(
+ 'ipapermtargetfrom?',
+ cli_name='targetfrom',
+ label=_('Origin DN subtree'),
+ doc=_('Optional DN subtree from where an entry can be moved '
+ '(must be in the subtree, but may not yet exist)'),
+ ),
+
Str('memberof*',
label=_('Member of group'), # FIXME: Does this label make sense?
doc=_('Target members of a group (sets memberOf targetfilter)'),
@@ -532,6 +548,18 @@ class permission(baseldap.LDAPObject):
aci_parts.append("(target = \"%s\")" %
'ldap:///%s' % ipapermtarget)
+ # target_to
+ ipapermtargetto = entry.single_value.get('ipapermtargetto')
+ if ipapermtargetto:
+ aci_parts.append("(target_to = \"%s\")" %
+ 'ldap:///%s' % ipapermtargetto)
+
+ # target_from
+ ipapermtargetfrom = entry.single_value.get('ipapermtargetfrom')
+ if ipapermtargetfrom:
+ aci_parts.append("(target_from = \"%s\")" %
+ 'ldap:///%s' % ipapermtargetfrom)
+
# targetfilter
ipapermtargetfilter = entry.get('ipapermtargetfilter')
if ipapermtargetfilter:
generated by cgit (git 2.34.1) at 2024-06-08 13:52:36 +0000