diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-06-19 18:14:31 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-23 10:54:43 +0200 |
commit | 02b5074d84ad42cb6ffc2abd7a84fbff62747470 (patch) | |
tree | 88c909a899b6d080bd6e3533856ac7b12d8ce34f /ipaserver | |
parent | 013bf3d4e282643ca1c424b4afc42237093ec412 (diff) | |
download | freeipa-02b5074d84ad42cb6ffc2abd7a84fbff62747470.tar.gz freeipa-02b5074d84ad42cb6ffc2abd7a84fbff62747470.tar.xz freeipa-02b5074d84ad42cb6ffc2abd7a84fbff62747470.zip |
permission plugin: Join --type objectclass filters with OR
For groups, we will need to filter on either posixgroup (which UPGs
have but non-posix groups don't) and groupofnames/nestedgroup
(which normal groups have but UPGs don't).
Join permission_filter_objectclasses with `|` and add them as
a single ipapermtargetfilter value.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index 7394e6282..8c83b1ccc 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -516,6 +516,8 @@ class update_managed_permissions(PostUpdate): template = dict(template) template.pop('replaces', None) template.pop('replaces_system', None) + template.pop('replaces_permissions', None) + template.pop('replaces_acis', None) fixup_function = template.pop('fixup_function', None) if fixup_function: @@ -536,8 +538,7 @@ class update_managed_permissions(PostUpdate): ldap_filter = template.pop('ipapermtargetfilter', None) if obj and ldap_filter is None: - ldap_filter = ['(objectclass=%s)' % oc - for oc in obj.permission_filter_objectclasses] + ldap_filter = [self.api.Object[permission].make_type_filter(obj)] entry['ipapermtargetfilter'] = list(ldap_filter or []) ipapermlocation = template.pop('ipapermlocation', None) |