diff options
-rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index d938eecf1..efd87d0d1 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -51,6 +51,9 @@ The template dictionary can have the following keys: * ipapermdefaultattr - Used as attribute of the permission. - When upgrading, only new values are added; all old values are kept. +* default_privileges + - Names of privileges to add the permission to + - Only applied on newly created permissions * replaces_global_anonymous_aci - If true, any attributes specified (denied) in the legacy global anonymous read ACI will be added to excluded_attributes of the new permission. @@ -200,6 +203,14 @@ class update_managed_permissions(PostUpdate): entry['ipapermright'] = list(template.pop('ipapermright')) + default_privileges = template.pop('default_privileges', None) + if is_new and default_privileges: + entry['member'] = list( + DN(('cn', privilege_name), + self.api.env.container_privilege, + self.api.env.basedn) + for privilege_name in default_privileges) + # Add to the set of default attributes attributes = set(template.pop('ipapermdefaultattr', ())) attributes.update(entry.get('ipapermdefaultattr', ())) |