Lightweight CAs: implement deletion API and CLI

Implement lightweight authority deletion including CLI command.  To
be deleted an authority must be disabled and have no sub-CAs.

Fixes: https://fedorahosted.org/pki/ticket/1324

2 files changed, 2 insertions, 0 deletions

diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif
index 54c9f1d5c..27d89a313 100644
--- a/base/ca/shared/conf/acl.ldif
+++ b/base/ca/shared/conf/acl.ldif
@@ -59,3 +59,4 @@ resourceACLS: certServer.ca.selftests:read,execute:allow (read,execute) group="A
 resourceACLS: certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations
 resourceACLS: certServer.ca.authorities:list,read:allow (list,read) user="anybody":Anybody may list and read lightweight authorities
 resourceACLS: certServer.ca.authorities:create,modify:allow (create,modify) group="Administrators":Administrators may create and modify lightweight authorities
+resourceACLS: certServer.ca.authorities:delete:allow (delete) group="Administrators":Administrators may delete lightweight authorities
diff --git a/base/ca/shared/conf/acl.properties b/base/ca/shared/conf/acl.properties
index f0b5b9f65..8b3e9d0ee 100644
--- a/base/ca/shared/conf/acl.properties
+++ b/base/ca/shared/conf/acl.properties
@@ -25,3 +25,4 @@ authorities.create = certServer.ca.authorities,create
 authorities.list = certServer.ca.authorities,list
 authorities.modify = certServer.ca.authorities,modify
 authorities.read = certServer.ca.authorities,read
+authorities.delete = certServer.ca.authorities,delete