Add "Extending FreeIPA" developer guide

"Extending FreeIPA" is a developer guide of FreeIPA core framework.
Please make sure to improve the guide every time parts of the core framework
are affected by your changes. This document ideally should correspond to
the current state of the framework.

The Guide is written using Emacs Org Mode but can be edited with any
plain text editing tool. Emacs is only required to convert it to
distribution formats like HTML and TXT.

See guide/Makefile for building the guide and README for details of
the build environment.

1 files changed, 140 insertions, 0 deletions

diff --git a/doc/guide/role.py b/doc/guide/role.py
new file mode 100644
index 00000000..068fd84b
--- /dev/null
+++ b/doc/guide/role.py
@@ -0,0 +1,140 @@
+from ipalib.plugins.baseldap import *
+from ipalib import api, Str, _, ngettext
+from ipalib import Command
+from ipalib.plugins import privilege
+
+class role(LDAPObject):
+    """
+    Role object.
+    """
+    container_dn = api.env.container_rolegroup
+    object_name = _('role')
+    object_name_plural = _('roles')
+    object_class = ['groupofnames', 'nestedgroup']
+    default_attributes = ['cn', 'description', 'member', 'memberof',
+        'memberindirect', 'memberofindirect',
+    ]
+    attribute_members = {
+        'member': ['user', 'group', 'host', 'hostgroup'],
+        'memberof': ['privilege'],
+    }
+    reverse_members = {
+        'member': ['privilege'],
+    }
+    rdnattr='cn'
+
+    label = _('Roles')
+    label_singular = _('Role')
+
+    takes_params = (
+        Str('cn',
+            cli_name='name',
+            label=_('Role name'),
+            primary_key=True,
+        ),
+        Str('description',
+            cli_name='desc',
+            label=_('Description'),
+            doc=_('A description of this role-group'),
+        ),
+    )
+
+api.register(role)
+
+
+class role_add(LDAPCreate):
+    __doc__ = _('Add a new role.')
+
+    msg_summary = _('Added role "%(value)s"')
+
+api.register(role_add)
+
+
+class role_del(LDAPDelete):
+    __doc__ = _('Delete a role.')
+
+    msg_summary = _('Deleted role "%(value)s"')
+
+api.register(role_del)
+
+
+class role_mod(LDAPUpdate):
+    __doc__ = _('Modify a role.')
+
+    msg_summary = _('Modified role "%(value)s"')
+
+api.register(role_mod)
+
+
+class role_find(LDAPSearch):
+    __doc__ = _('Search for roles.')
+
+    msg_summary = ngettext(
+        '%(count)d role matched', '%(count)d roles matched', 0
+    )
+
+api.register(role_find)
+
+
+class role_show(LDAPRetrieve):
+    __doc__ = _('Display information about a role.')
+
+api.register(role_show)
+
+
+class role_add_member(LDAPAddMember):
+    __doc__ = _('Add members to a role.')
+
+api.register(role_add_member)
+
+
+class role_remove_member(LDAPRemoveMember):
+    __doc__ = _('Remove members from a role.')
+
+api.register(role_remove_member)
+
+
+class role_add_privilege(LDAPAddReverseMember):
+    __doc__ = _('Add privileges to a role.')
+
+    show_command = 'role_show'
+    member_command = 'privilege_add_member'
+    reverse_attr = 'privilege'
+    member_attr = 'role'
+
+    has_output = (
+        output.Entry('result'),
+        output.Output('failed',
+            type=dict,
+            doc=_('Members that could not be added'),
+        ),
+        output.Output('completed',
+            type=int,
+            doc=_('Number of privileges added'),
+        ),
+    )
+
+api.register(role_add_privilege)
+
+
+class role_remove_privilege(LDAPRemoveReverseMember):
+    __doc__ = _('Remove privileges from a role.')
+
+    show_command = 'role_show'
+    member_command = 'privilege_remove_member'
+    reverse_attr = 'privilege'
+    member_attr = 'role'
+
+    has_output = (
+        output.Entry('result'),
+        output.Output('failed',
+            type=dict,
+            doc=_('Members that could not be added'),
+        ),
+        output.Output('completed',
+            type=int,
+            doc=_('Number of privileges removed'),
+        ),
+    )
+
+api.register(role_remove_privilege)