summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/role.py
Commit message (Collapse)AuthorAgeFilesLines
* Removed nested role from UI.Endi S. Dewata2011-03-181-2/+1
| | | | | | | | | Nested role is not supported in 2.0.x, so the association facet for it should be removed from the UI. The attribute_members in role.py needs to be fixed because it is used to generate the association facet automatically. Ticket 1092.
* Fix translatable strings in ipalib plugins.Pavel Zuna2011-03-011-1/+1
| | | | Needed for xgettext/pygettext processing.
* Add handling for indirect memberof other entries.Rob Crittenden2011-02-211-3/+3
| | | | | | | | | | | | | | | This creates a new custom attribute, memberofindirect_[plugin]. Using this you can tell the difference between being an actual memberof another entry and being a memberof as the result if inheritence. This is particularly useful when trying to remove members of an entry, you can only remove direct members. I had to add a couple of short sleep calls to make things work a little better. The memberof plugin runs as a postop and we have no way of knowing when it has done its work. If we don't pause we may show some stale data that memberof hasn't updated yet. .3 seconds is an arbitrary choice. ticket 966
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* relabel roleAdam Young2010-12-131-1/+1
| | | | no longer calling them role groups.
* Re-implement access control using an updated model.Rob Crittenden2010-12-011-0/+212
The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445
generated by cgit (git 2.34.1) at 2024-06-03 10:07:19 +0000