diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-09-19 17:41:04 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 14:18:12 +0100 |
commit | f4de4a2aa75db990c787b7a8dbc6b3bdd7e01a06 (patch) | |
tree | 02d799adcab253b8d0b6c6a629283ca01150bbcc /ipalib/plugins/netgroup.py | |
parent | 1df9b5836ad26bab3513b726305f5e061424e2c9 (diff) | |
download | freeipa-f4de4a2aa75db990c787b7a8dbc6b3bdd7e01a06.tar.gz freeipa-f4de4a2aa75db990c787b7a8dbc6b3bdd7e01a06.tar.xz freeipa-f4de4a2aa75db990c787b7a8dbc6b3bdd7e01a06.zip |
Add Object metadata and update plugin for managed permissions
The default read permission is added for Netgroup as an example.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Design: http://www.freeipa.org/page/V3/Managed_Read_permissions
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib/plugins/netgroup.py')
-rw-r--r-- | ipalib/plugins/netgroup.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py index fe27e6cb6..7136c18f9 100644 --- a/ipalib/plugins/netgroup.py +++ b/ipalib/plugins/netgroup.py @@ -105,6 +105,25 @@ class netgroup(LDAPObject): 'memberuser': ('Member', '', 'no_'), 'memberhost': ('Member', '', 'no_'), } + managed_permissions = { + 'System: Read Netgroups': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'description', 'hostcategory', 'ipaenabledflag', + 'ipauniqueid', 'nisdomainname', 'usercategory' + }, + }, + 'System: Read Netgroup Membership': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'externalhost', 'member', 'memberof', 'memberuser' + }, + }, + } label = _('Netgroups') label_singular = _('Netgroup') |