freeipa.git/makeaci, branch sync-token Unnamed repository; edit this file 'description' to name the repository. Make sure member* attrs are always granted together in read permissions 2014-06-11T11:21:30+00:00 Petr Viktorin pviktori@redhat.com 2014-06-10T10:31:29+00:00 b6258d08d6c5605b32151654c6259f7c77f1a32b Memberofindirect processing of an entry doesn't work if the user doesn't have rights to any one of these attributes: - member - memberuser - memberhost Add all of these to any read permission that specifies any of them. Add a check to makeaci that will enforce this for any future permissions. Reviewed-By: Martin Kosek <mkosek@redhat.com> 
Memberofindirect processing of an entry doesn't work if the user doesn't
have rights to any one of these attributes:
- member
- memberuser
- memberhost

Add all of these to any read permission that specifies any of them.

Add a check to makeaci that will enforce this for any future permissions.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Add ACI.txt 2014-06-11T11:21:29+00:00 Petr Viktorin pviktori@redhat.com 2014-06-09T17:12:46+00:00 6acaf73b0c6f7301d5a5d4292a4f9926cc370867 The ACI.txt file is a list all managed permissions in ACI form. Similarly to API.txt, it ensures that changes are not made lightly, since modifications must be reflected in ACI.txt and committed to Git. Add a script, makeaci, which parallels makeapi: it recreates or validates ACI.txt. Call makeaci --validate before the build, just after API.txt is validated. Reviewed-By: Martin Kosek <mkosek@redhat.com> 
The ACI.txt file is a list all managed permissions in ACI form.
Similarly to API.txt, it ensures that changes are not made lightly,
since modifications must be reflected in ACI.txt and committed to Git.

Add a script, makeaci, which parallels makeapi: it recreates or
validates ACI.txt.

Call makeaci --validate before the build, just after API.txt is validated.

Reviewed-By: Martin Kosek <mkosek@redhat.com>