diff options
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/hbacrule.py | 15 | ||||
-rw-r--r-- | ipalib/plugins/hbacsvc.py | 11 | ||||
-rw-r--r-- | ipalib/plugins/hbacsvcgroup.py | 12 |
3 files changed, 38 insertions, 0 deletions
diff --git a/ipalib/plugins/hbacrule.py b/ipalib/plugins/hbacrule.py index 99758b25a..52abb408b 100644 --- a/ipalib/plugins/hbacrule.py +++ b/ipalib/plugins/hbacrule.py @@ -115,6 +115,7 @@ class hbacrule(LDAPObject): object_name = _('HBAC rule') object_name_plural = _('HBAC rules') object_class = ['ipaassociation', 'ipahbacrule'] + permission_filter_objectclasses = ['ipahbacrule'] default_attributes = [ 'cn', 'ipaenabledflag', 'description', 'usercategory', 'hostcategory', @@ -130,6 +131,20 @@ class hbacrule(LDAPObject): 'sourcehost': ['host', 'hostgroup'], 'memberservice': ['hbacsvc', 'hbacsvcgroup'], } + managed_permissions = { + 'System: Read HBAC Rules': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'accessruletype', 'accesstime', 'cn', 'description', + 'externalhost', 'hostcategory', 'ipaenabledflag', + 'ipauniqueid', 'memberhost', 'memberservice', 'memberuser', + 'servicecategory', 'sourcehost', 'sourcehostcategory', + 'usercategory', 'objectclass', + }, + }, + } label = _('HBAC Rules') label_singular = _('HBAC Rule') diff --git a/ipalib/plugins/hbacsvc.py b/ipalib/plugins/hbacsvc.py index 6c6bc94fe..58861fcfa 100644 --- a/ipalib/plugins/hbacsvc.py +++ b/ipalib/plugins/hbacsvc.py @@ -57,11 +57,22 @@ class hbacsvc(LDAPObject): object_name = _('HBAC service') object_name_plural = _('HBAC services') object_class = [ 'ipaobject', 'ipahbacservice' ] + permission_filter_objectclasses = ['ipahbacservice'] default_attributes = ['cn', 'description', 'memberof'] uuid_attribute = 'ipauniqueid' attribute_members = { 'memberof': ['hbacsvcgroup'], } + managed_permissions = { + 'System: Read HBAC Services': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'description', 'ipauniqueid', 'memberof', 'objectclass', + }, + }, + } label = _('HBAC Services') label_singular = _('HBAC Service') diff --git a/ipalib/plugins/hbacsvcgroup.py b/ipalib/plugins/hbacsvcgroup.py index 5fc0635c4..5e3ef5b70 100644 --- a/ipalib/plugins/hbacsvcgroup.py +++ b/ipalib/plugins/hbacsvcgroup.py @@ -52,11 +52,23 @@ class hbacsvcgroup(LDAPObject): object_name = _('HBAC service group') object_name_plural = _('HBAC service groups') object_class = ['ipaobject', 'ipahbacservicegroup'] + permission_filter_objectclasses = ['ipahbacservicegroup'] default_attributes = [ 'cn', 'description', 'member' ] uuid_attribute = 'ipauniqueid' attribute_members = { 'member': ['hbacsvc'], } + managed_permissions = { + 'System: Read HBAC Service Groups': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'businesscategory', 'cn', 'description', 'ipauniqueid', + 'member', 'o', 'objectclass', 'ou', 'owner', 'seealso', + }, + }, + } label = _('HBAC Service Groups') label_singular = _('HBAC Service Group') |