Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Re-implement access control using an updated model. | Rob Crittenden | 2010-12-01 | 1 | -136/+0 |
| | | | | | | | | | | | | | | | | | | | The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445 | ||||
* | Populate indirect members when showing a group object. | Rob Crittenden | 2010-10-28 | 1 | -14/+4 |
| | | | | | | | | | | | | | | | This is done by creating a new attribute, memberindirect, to hold this indirect membership. The new function get_members() can return all members or just indirect or direct. We are only using it to retrieve indirect members currently. This also: * Moves all member display attributes into baseldap.py to reduce duplication * Adds netgroup nesting * Use a unique object name in hbacsvc and hbacsvcgroup ticket 296 | ||||
* | Allow RDN changes for users, groups, rolegroups and taskgroups. | Rob Crittenden | 2010-10-28 | 1 | -0/+1 |
| | | | | | | | | | | | | To do a change right now you have to perform a setattr like: ipa user-mod --setattr uid=newuser olduser The RDN change is performed before the rest of the mods. If the RDN change is the only change done then the EmptyModlist that update_entry() throws is ignored. ticket 323 | ||||
* | Update command documentation based on feedback from docs team. | Rob Crittenden | 2010-08-27 | 1 | -9/+11 |
| | | | | ticket #158 | ||||
* | First pass at per-command documentation | Rob Crittenden | 2010-06-22 | 1 | -0/+6 |
| | |||||
* | Code cleanup: remove unused stuff, take 1. | Pavel Zuna | 2010-03-01 | 1 | -7/+0 |
| | |||||
* | Translatable Param.label, Param.doc | Jason Gerard DeRose | 2010-02-24 | 1 | -7/+6 |
| | |||||
* | Use the Output tuple to determine the order of output | Rob Crittenden | 2010-02-15 | 1 | -3/+15 |
| | | | | | | | | | | | | | | The attributes displayed is now dependant upon their definition in a Param. This enhances that, giving some level of control over how the result is displayed to the user. This also fixes displaying group membership, including failures of adding/removing entries. All tests pass now though there is still one problem. We need to return the dn as well. Once that is fixed we just need to comment out all the dn entries in the tests and they should once again pass. | ||||
* | Add Object.label class attribute, enable in webUI | Jason Gerard DeRose | 2010-02-12 | 1 | -0/+2 |
| | |||||
* | Add messages, declarative tests for rolegroup, taskgroup plugins | Jason Gerard DeRose | 2009-12-18 | 1 | -2/+14 |
| | |||||
* | Remove 'ipaObject' objectClass from rolegroups and taskgroups. | Pavel Zuna | 2009-11-18 | 1 | -2/+1 |
| | |||||
* | Display membership attributes (member, memberOf) by default in show/find. | Pavel Zuna | 2009-10-21 | 1 | -1/+1 |
| | |||||
* | Make the taskgroup plugin use baseldap classes. | Pavel Zuna | 2009-10-07 | 1 | -135/+40 |
| | |||||
* | Change command names from *group-del-member to *group-remove-member. | Pavel Zuna | 2009-07-09 | 1 | -3/+3 |
| | | | | Signed-off-by: Jason Gerard DeRose <jderose@redhat.com> | ||||
* | Make basegroup-{add, del}-member print failed members with error descriptions. | Pavel Zuna | 2009-07-02 | 1 | -16/+20 |
| | |||||
* | Fix minor bugs, typos, etc. discovered by unit tests in plugins. | Pavel Zuna | 2009-07-02 | 1 | -4/+8 |
| | |||||
* | Rename *-create/*-delete commands to *-add/*-del respectively. | Pavel Zuna | 2009-07-02 | 1 | -4/+4 |
| | |||||
* | Replace references to basegroup2 in taskgroup plugin. | Pavel Zuna | 2009-07-02 | 1 | -11/+11 |
| | |||||
* | Rename plugins2 to plugins. | Pavel Zuna | 2009-07-02 | 1 | -16/+16 |
| | |||||
* | Rename plugins2 files (remove '2' suffix'). | Pavel Zuna | 2009-07-02 | 1 | -0/+207 |
| | |||||
* | Delete plugins using old LDAP backend. | Pavel Zuna | 2009-07-02 | 1 | -176/+0 |
| | |||||
* | Add a 'showall' command so one can pick from a list of tasks to add to a role | Rob Crittenden | 2009-03-25 | 1 | -1/+35 |
| | |||||
* | Modify the taskgroup plugin to use the new group baseclass and add tests | Rob Crittenden | 2009-03-20 | 1 | -159/+73 |
| | |||||
* | Add taskgroups plugin | Rob Crittenden | 2009-03-17 | 1 | -0/+228 |
Taskgroups are what we grant permission to with the new ACI system. |