Rewrite the Permission plugin

Ticket: https://fedorahosted.org/freeipa/ticket/3566 Design: http://www.freeipa.org/page/V3/Permissions_V2
author: Petr Viktorin <pviktori@redhat.com> 2013-11-13 16:31:58 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-12-13 15:08:52 +0100
commit: d7ee87cfa1e288fe18dc2dbeb2d691753048f4db (patch)
tree: 10f41a5a3a82011428f170fe725bafdce77845d7 /API.txt
parent: 445634d6ac39669cc007871861e19e15ae22c12d (diff)
download: freeipa-d7ee87cfa1e288fe18dc2dbeb2d691753048f4db.tar.gz
freeipa-d7ee87cfa1e288fe18dc2dbeb2d691753048f4db.tar.xz
freeipa-d7ee87cfa1e288fe18dc2dbeb2d691753048f4db.zip
1 files changed, 57 insertions, 38 deletions
diff --git a/API.txt b/API.txt
index f1103e0ff..842a06bf9 100644
--- a/API.txt
+++ b/API.txt
@@ -2228,27 +2228,33 @@ output: Output('result', <type 'bool'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_add
-args: 1,13,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, required=True)
+args: 1,19,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Str('attrs', alwaysask=True, attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=False, required=False)
-option: Str('filter', alwaysask=True, attribute=True, autofill=False, cli_name='filter', multivalue=False, query=False, required=False)
-option: Str('memberof', alwaysask=True, attribute=True, autofill=False, cli_name='memberof', multivalue=False, query=False, required=False)
+option: Str('attrs', attribute=False, cli_name='attrs', multivalue=True, required=False)
+option: Str('filter', attribute=False, cli_name='filter', multivalue=True, required=False)
+option: Str('ipapermallowedattr', attribute=True, cli_name='attrs', multivalue=True, required=False)
+option: StrEnum('ipapermbindruletype', attribute=True, autofill=True, cli_name='bindtype', default=u'permission', multivalue=False, required=True, values=(u'permission',))
+option: DNOrURL('ipapermlocation', alwaysask=True, attribute=True, autofill=False, cli_name='subtree', default=ipapython.dn.DN('dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'), multivalue=False, query=False, required=False)
+option: StrEnum('ipapermright', attribute=True, cli_name='permissions', multivalue=True, required=False, values=(u'read', u'search', u'compare', u'write', u'add', u'delete', u'all'))
+option: DNParam('ipapermtarget', attribute=True, cli_name='target', multivalue=False, required=False)
+option: Str('ipapermtargetfilter', attribute=True, cli_name='filter', multivalue=False, required=False)
+option: Str('memberof', alwaysask=True, attribute=False, autofill=False, cli_name='memberof', multivalue=False, query=False, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
-option: Str('permissions', attribute=True, cli_name='permissions', csv=True, multivalue=True, required=True)
+option: Str('permissions', attribute=False, cli_name='permissions', multivalue=True, required=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: Str('subtree', alwaysask=True, attribute=True, autofill=False, cli_name='subtree', multivalue=False, query=False, required=False)
-option: Str('targetgroup', alwaysask=True, attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, query=False, required=False)
-option: StrEnum('type', alwaysask=True, attribute=True, autofill=False, cli_name='type', multivalue=False, query=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
+option: Str('subtree', attribute=False, cli_name='subtree', multivalue=True, required=False)
+option: Str('targetgroup', alwaysask=True, attribute=False, autofill=False, cli_name='targetgroup', multivalue=False, query=False, required=False)
+option: StrEnum('type', alwaysask=True, attribute=False, autofill=False, cli_name='type', multivalue=False, query=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_add_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2259,18 +2265,18 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_add_noaci
 args: 1,5,3
-arg: Str('cn', cli_name='name', multivalue=False, pattern=None, primary_key=True, required=True)
-option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Flag('no_members', autofill=True, default=False, exclude='webui')
-option: StrEnum('permissiontype?', values=(u'SYSTEM',))
-option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('version?', exclude='webui')
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, required=True)
+option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', multivalue=False, required=True)
+option: Str('ipapermissiontype', cli_name='ipapermissiontype', multivalue=True, required=True)
+option: Flag('no_members', autofill=True, cli_name='no_members', default=False, exclude='webui', multivalue=False, required=True)
+option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', multivalue=False, required=True)
+option: Str('version', cli_name='version', exclude='webui', multivalue=False, required=False)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_del
 args: 1,3,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=True, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=True)
 option: Flag('continue', autofill=True, cli_name='continue', default=False)
 option: Flag('force', autofill=True, default=False)
 option: Str('version?', exclude='webui')
@@ -2278,52 +2284,64 @@ output: Output('result', <type 'dict'>, None)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_find
-args: 1,15,4
+args: 1,21,4
 arg: Str('criteria?', noextrawhitespace=False)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, query=True, required=False)
-option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=False)
-option: Str('filter', attribute=True, autofill=False, cli_name='filter', multivalue=False, query=True, required=False)
-option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', multivalue=False, query=True, required=False)
+option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, query=True, required=False)
+option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=False)
+option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, query=True, required=False)
+option: Str('ipapermallowedattr', attribute=True, autofill=False, cli_name='attrs', multivalue=True, query=True, required=False)
+option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, query=True, required=False, values=(u'permission',))
+option: DNOrURL('ipapermlocation', attribute=True, autofill=False, cli_name='subtree', default=ipapython.dn.DN('dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'), multivalue=False, query=True, required=False)
+option: StrEnum('ipapermright', attribute=True, autofill=False, cli_name='permissions', multivalue=True, query=True, required=False, values=(u'read', u'search', u'compare', u'write', u'add', u'delete', u'all'))
+option: DNParam('ipapermtarget', attribute=True, autofill=False, cli_name='target', multivalue=False, query=True, required=False)
+option: Str('ipapermtargetfilter', attribute=True, autofill=False, cli_name='filter', multivalue=False, query=True, required=False)
+option: Str('memberof', attribute=False, autofill=False, cli_name='memberof', multivalue=False, query=True, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
-option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, query=True, required=False)
+option: Str('permissions', attribute=False, autofill=False, cli_name='permissions', multivalue=True, query=True, required=False)
 option: Flag('pkey_only?', autofill=True, default=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
 option: Int('sizelimit?', autofill=False, minvalue=0)
-option: Str('subtree', attribute=True, autofill=False, cli_name='subtree', multivalue=False, query=True, required=False)
-option: Str('targetgroup', attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, query=True, required=False)
+option: Str('subtree', attribute=False, autofill=False, cli_name='subtree', multivalue=True, query=True, required=False)
+option: Str('targetgroup', attribute=False, autofill=False, cli_name='targetgroup', multivalue=False, query=True, required=False)
 option: Int('timelimit?', autofill=False, minvalue=0)
-option: StrEnum('type', attribute=True, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
+option: StrEnum('type', attribute=False, autofill=False, cli_name='type', multivalue=False, query=True, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
 option: Str('version?', exclude='webui')
 output: Output('count', <type 'int'>, None)
 output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('truncated', <type 'bool'>, None)
 command: permission_mod
-args: 1,16,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+args: 1,22,3
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=True)
 option: Str('addattr*', cli_name='addattr', exclude='webui')
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
-option: Str('attrs', attribute=True, autofill=False, cli_name='attrs', csv=True, multivalue=True, required=False)
+option: Str('attrs', attribute=False, autofill=False, cli_name='attrs', multivalue=True, required=False)
 option: Str('delattr*', cli_name='delattr', exclude='webui')
-option: Str('filter', attribute=True, autofill=False, cli_name='filter', multivalue=False, required=False)
-option: Str('memberof', attribute=True, autofill=False, cli_name='memberof', multivalue=False, required=False)
+option: Str('filter', attribute=False, autofill=False, cli_name='filter', multivalue=True, required=False)
+option: Str('ipapermallowedattr', attribute=True, autofill=False, cli_name='attrs', multivalue=True, required=False)
+option: StrEnum('ipapermbindruletype', attribute=True, autofill=False, cli_name='bindtype', default=u'permission', multivalue=False, required=False, values=(u'permission',))
+option: DNOrURL('ipapermlocation', attribute=True, autofill=False, cli_name='subtree', default=ipapython.dn.DN('dc=idm,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com'), multivalue=False, required=False)
+option: StrEnum('ipapermright', attribute=True, autofill=False, cli_name='permissions', multivalue=True, required=False, values=(u'read', u'search', u'compare', u'write', u'add', u'delete', u'all'))
+option: DNParam('ipapermtarget', attribute=True, autofill=False, cli_name='target', multivalue=False, required=False)
+option: Str('ipapermtargetfilter', attribute=True, autofill=False, cli_name='filter', multivalue=False, required=False)
+option: Str('memberof', attribute=False, autofill=False, cli_name='memberof', multivalue=False, required=False)
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
-option: Str('permissions', attribute=True, autofill=False, cli_name='permissions', csv=True, multivalue=True, required=False)
+option: Str('permissions', attribute=False, autofill=False, cli_name='permissions', multivalue=True, required=False)
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
-option: Str('rename', cli_name='rename', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, required=False)
+option: Str('rename', cli_name='rename', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, required=False)
 option: Flag('rights', autofill=True, default=False)
 option: Str('setattr*', cli_name='setattr', exclude='webui')
-option: Str('subtree', attribute=True, autofill=False, cli_name='subtree', multivalue=False, required=False)
-option: Str('targetgroup', attribute=True, autofill=False, cli_name='targetgroup', multivalue=False, required=False)
-option: StrEnum('type', attribute=True, autofill=False, cli_name='type', multivalue=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
+option: Str('subtree', attribute=False, autofill=False, cli_name='subtree', multivalue=True, required=False)
+option: Str('targetgroup', attribute=False, autofill=False, cli_name='targetgroup', multivalue=False, required=False)
+option: StrEnum('type', attribute=False, autofill=False, cli_name='type', multivalue=False, required=False, values=(u'user', u'group', u'host', u'service', u'hostgroup', u'netgroup', u'dnsrecord'))
 option: Str('version?', exclude='webui')
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 command: permission_remove_member
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Str('privilege*', alwaysask=True, cli_name='privileges', csv=True)
@@ -2334,7 +2352,7 @@ output: Output('failed', <type 'dict'>, None)
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 command: permission_show
 args: 1,5,3
-arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9]+$', primary_key=True, query=True, required=True)
+arg: Str('cn', attribute=True, cli_name='name', multivalue=False, pattern='^[-_ a-zA-Z0-9.]+$', primary_key=True, query=True, required=True)
 option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui')
 option: Flag('no_members', autofill=True, default=False, exclude='webui')
 option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui')
@@ -3871,3 +3889,4 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
 output: Output('value', <type 'unicode'>, None)
 capability: messages 2.52
 capability: optional_uid_params 2.54
+capability: permissions2 2.69
author	Petr Viktorin <pviktori@redhat.com>	2013-11-13 16:31:58 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-12-13 15:08:52 +0100
commit	d7ee87cfa1e288fe18dc2dbeb2d691753048f4db (patch)
tree	10f41a5a3a82011428f170fe725bafdce77845d7 /API.txt
parent	445634d6ac39669cc007871861e19e15ae22c12d (diff)
download	freeipa-d7ee87cfa1e288fe18dc2dbeb2d691753048f4db.tar.gz freeipa-d7ee87cfa1e288fe18dc2dbeb2d691753048f4db.tar.xz freeipa-d7ee87cfa1e288fe18dc2dbeb2d691753048f4db.zip