From af3a4adc46368f736151c118ccb1dd0e9bb89144 Mon Sep 17 00:00:00 2001 From: Petr Viktorin Date: Thu, 27 Mar 2014 15:36:54 +0100 Subject: Add support for non-plugin default permissions Add support for managed permissions that are not tied to an object class and thus can't be defined in an Object plugin. A dict is added to hold templates for the non-plugin permissions. Reviewed-By: Martin Kosek --- ipaserver/install/plugins/update_managed_permissions.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'ipaserver') diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index 3bba1f06e..438767f1c 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -34,6 +34,9 @@ For example, an entry could look like this: }, } +For permissions not tied to an object plugin, a NONOBJECT_PERMISSIONS +dict of the same format is defined in this module. + The permission name must start with the "System:" prefix. The template dictionary can have the following keys: @@ -41,8 +44,8 @@ The template dictionary can have the following keys: - Directly used as attributes on the permission. - Replaced when upgrading an existing permission - If not specified, these default to the defaults of a permission of the - corresponding --type, or (if non_object is specified) to general permission - defaults. + corresponding --type, or, if non_object is specified, or if not on an + object, to general permission defaults . - ipapermlocation and ipapermtarget must be DNs - ipapermtargetfilter and objectclass must be iterables of strings * ipapermbindruletype @@ -77,6 +80,8 @@ from ipaserver.install.plugins.baseupdate import PostUpdate register = Registry() +NONOBJECT_PERMISSIONS = {} + @register() class update_managed_permissions(PostUpdate): @@ -123,6 +128,11 @@ class update_managed_permissions(PostUpdate): template, anonymous_read_blacklist) + self.log.info('Updating non-object managed permissions') + for name, template in NONOBJECT_PERMISSIONS.iteritems(): + self.update_permission(ldap, None, unicode(name), template, + anonymous_read_blacklist) + return False, False, () def update_permission(self, ldap, obj, name, template, -- cgit