diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-04-10 12:38:14 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2015-04-17 13:29:32 -0400 |
| commit | 7e58da6db8570e8472f5d76d0f50563f3c0e1970 (patch) | |
| tree | 184cb165c25dfe934d50079d86813d5a682a7419 /base/tps/shared | |
| parent | 5c50472a1d91390879a24df7fcfa60d741f1c011 (diff) | |
| download | pki-7e58da6db8570e8472f5d76d0f50563f3c0e1970.tar.gz pki-7e58da6db8570e8472f5d76d0f50563f3c0e1970.tar.xz pki-7e58da6db8570e8472f5d76d0f50563f3c0e1970.zip | |
Fixed TPS REST services.
The REST services have been modified to support submit and cancel
actions. The ACL has been fixed to allow admins and agents to
change the status.
https://fedorahosted.org/pki/ticket/1292
Diffstat (limited to 'base/tps/shared')
| -rw-r--r-- | base/tps/shared/conf/acl.ldif | 8 | ||||
| -rw-r--r-- | base/tps/shared/conf/acl.properties | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/base/tps/shared/conf/acl.ldif b/base/tps/shared/conf/acl.ldif index 41b38137b..d69c69e29 100644 --- a/base/tps/shared/conf/acl.ldif +++ b/base/tps/shared/conf/acl.ldif @@ -21,13 +21,13 @@ resourceACLS: certServer.admin.certificate:import:allow (import) user="anybody": resourceACLS: certServer.admin.request.enrollment:submit,read,execute:allow (submit) user="anybody":Anybody may submit an enrollment request resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to clone the configuration. resourceACLS: certServer.tps.account:login,logout:allow (login,logout) user="anybody":Anybody can login and logout -resourceACLS: certServer.tps.authenticators:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators":Only admins can access authenticators. +resourceACLS: certServer.tps.authenticators:read,change-status,add,modify,remove:allow (read,change-status,add,modify,remove) group="Administrators":Only admins can access authenticators. resourceACLS: certServer.tps.audit:read,modify:allow (read,modify) group="Administrators":Only admins can access configuration. resourceACLS: certServer.tps.config:read,modify:allow (read,modify) group="Administrators":Only admins can access configuration. -resourceACLS: certServer.tps.connectors:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators":Only admins can access connectors. +resourceACLS: certServer.tps.connectors:read,change-status,add,modify,remove:allow (read,change-status,add,modify,remove) group="Administrators":Only admins can access connectors. resourceACLS: certServer.tps.groups:execute:allow (execute) group="Administrators":Admins may execute group operations resourceACLS: certServer.tps.users:execute:allow (execute) group="Administrators":Admins may execute user operations -resourceACLS: certServer.tps.profiles:read,add,modify,approve,remove:allow (read) group="Administrators" || group="TPS Agents" ; allow (add,modify,remove) group="Administrators" ; allow (approve) group="TPS Agents":Admins and agents can read, but only admins can add, modify, and remove, and only agents can approve. -resourceACLS: certServer.tps.profile-mappings:read,add,modify,approve,remove:allow (read,add,modify,approve,remove) group="Administrators" :Only admins can access profile mappings. +resourceACLS: certServer.tps.profiles:read,change-status,add,modify,remove:allow (read,change-status) group="Administrators" || group="TPS Agents" ; allow (add,modify,remove) group="Administrators" :Admins and agents can read and change status, but only admins can add, modify, and remove. +resourceACLS: certServer.tps.profile-mappings:read,change-status,add,modify,remove:allow (read,change-status,add,modify,remove) group="Administrators" :Only admins can access profile mappings. resourceACLS: certServer.tps.selftests:read,execute:allow (read,execute) group="Administrators":Only admins can access selftests. resourceACLS: certServer.tps.tokens:read,add,modify,remove:allow (read) group="Administrators" || group="TPS Agents" || group="TPS Operators"; allow (add,remove) group="Administrators" ; allow (modify) group="TPS Agents":Admins, agents, operators can read tokens, but only admins can add and remove tokens, and only agents can modify tokens. diff --git a/base/tps/shared/conf/acl.properties b/base/tps/shared/conf/acl.properties index 840c0610e..2d2dc717a 100644 --- a/base/tps/shared/conf/acl.properties +++ b/base/tps/shared/conf/acl.properties @@ -20,7 +20,7 @@ config.modify = certServer.tps.config,modify connectors.read = certServer.tps.connectors,read connectors.add = certServer.tps.connectors,add connectors.modify = certServer.tps.connectors,modify -connectors.approve = certServer.tps.connectors,approve +connectors.change-status = certServer.tps.connectors,change-status connectors.remove = certServer.tps.connectors,remove groups = certServer.tps.groups,execute profiles.read = certServer.tps.profiles,read |