DNS Locations: permission: allow to read status of services

New permission was added: "System: Read Status of Services on IPA Servers"
This permission is needed for detection which records should be created
on which servers.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/ipaserver/plugins/server.py b/ipaserver/plugins/server.py
index a2c2752d9..edbd3bb78 100644
--- a/ipaserver/plugins/server.py
+++ b/ipaserver/plugins/server.py
@@ -66,7 +66,7 @@ class server(LDAPObject):
         'ipalocation': ('IPA', 'in_', 'not_in_'),
         'role': ('Enabled', '', 'no_'),
     }
-    permission_filter_objectclasses = ['ipaLocationMember']
+    permission_filter_objectclasses = ['ipaConfigObject']
     managed_permissions = {
         'System: Read Locations of IPA Servers': {
             'ipapermright': {'read', 'search', 'compare'},
@@ -75,6 +75,11 @@ class server(LDAPObject):
             },
             'default_privileges': {'DNS Administrators'},
         },
+        'System: Read Status of Services on IPA Servers': {
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {'objectclass', 'cn', 'ipaconfigstring'},
+            'default_privileges': {'DNS Administrators'},
+        }
     }
 
     takes_params = (