summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/permission.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r--ipalib/plugins/permission.py9
1 files changed, 8 insertions, 1 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index fef640c3..20457469 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -180,7 +180,7 @@ class permission(baseldap.LDAPObject):
label=_('Bind rule type'),
doc=_('Bind rule type'),
autofill=True,
- values=(u'permission',),
+ values=(u'permission', u'all', u'anonymous'),
default=u'permission',
),
DNOrURL(
@@ -775,6 +775,13 @@ class permission_mod(baseldap.LDAPUpdate):
self.obj.reject_system(old_entry)
self.obj.upgrade_permission(old_entry)
+ # Check setting bindtype for an assigned permission
+ if options.get('ipapermbindruletype') and old_entry.get('member'):
+ raise errors.ValidationError(
+ name='ipapermbindruletype',
+ error=_('cannot set bindtype for a permission that is '
+ 'assigned to a privilege'))
+
# Since `entry` only contains the attributes we are currently changing,
# it cannot be used directly to generate an ACI.
# First we need to copy the original data into it.
generated by cgit (git 2.34.1) at 2025-09-03 22:25:02 +0000