freeipa.git/ipalib/plugins/taskgroup.py, branch webui_isolate FreeIPA patches Re-implement access control using an updated model. 2010-12-02T01:42:31+00:00 Rob Crittenden rcritten@redhat.com 2010-12-01T16:23:52+00:00 4ad8055341b9f12c833abdf757755ed95f1b375e The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445 
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).

A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.

ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).

This makes the aci plugin internal only.

ticket 445
Populate indirect members when showing a group object. 2010-10-28T19:15:52+00:00 Rob Crittenden rcritten@redhat.com 2010-10-04T21:45:40+00:00 c25d62965af9dffc655d659dfcd1f39e8d08e66c This is done by creating a new attribute, memberindirect, to hold this indirect membership. The new function get_members() can return all members or just indirect or direct. We are only using it to retrieve indirect members currently. This also: * Moves all member display attributes into baseldap.py to reduce duplication * Adds netgroup nesting * Use a unique object name in hbacsvc and hbacsvcgroup ticket 296 
This is done by creating a new attribute, memberindirect, to hold this
indirect membership.

The new function get_members() can return all members or just indirect or
direct. We are only using it to retrieve indirect members currently.

This also:
* Moves all member display attributes into baseldap.py to reduce duplication
* Adds netgroup nesting
* Use a unique object name in hbacsvc and hbacsvcgroup

ticket 296
Allow RDN changes for users, groups, rolegroups and taskgroups. 2010-10-28T12:39:10+00:00 Rob Crittenden rcritten@redhat.com 2010-10-18T18:53:32+00:00 70a57924c8e265df1e97b7f0be1adf8da802fbfd To do a change right now you have to perform a setattr like: ipa user-mod --setattr uid=newuser olduser The RDN change is performed before the rest of the mods. If the RDN change is the only change done then the EmptyModlist that update_entry() throws is ignored. ticket 323 
To do a change right now you have to perform a setattr like:

ipa user-mod --setattr uid=newuser olduser

The RDN change is performed before the rest of the mods. If the RDN
change is the only change done then the EmptyModlist that update_entry()
throws is ignored.

ticket 323
Update command documentation based on feedback from docs team. 2010-08-27T17:31:04+00:00 Rob Crittenden rcritten@redhat.com 2010-08-25T03:40:32+00:00 4b6b710ba6ce75ffcb9ced43acee0d55adb6163c ticket #158 
ticket #158
First pass at per-command documentation 2010-06-22T17:58:04+00:00 Rob Crittenden rcritten@redhat.com 2010-06-02T18:08:50+00:00 901ccc1393a7e494f7b1b64eaeb2f7809056aafa 






Code cleanup: remove unused stuff, take 1.
2010-03-01T21:53:30+00:00

Pavel Zuna
pzuna@redhat.com

2010-02-25T13:19:56+00:00

41312ca166f5192b6e6c507225e4333206d6b5c2












Translatable Param.label, Param.doc
2010-02-24T09:47:39+00:00

Jason Gerard DeRose
jderose@redhat.com

2010-02-19T16:08:16+00:00

8c46e09735d076e9689d04936cdeeca6dfd770d3












Use the Output tuple to determine the order of output
2010-02-15T20:10:11+00:00

Rob Crittenden
rcritten@redhat.com

2010-02-12T21:34:21+00:00

58746226d4b36bc40de91d4d1dd283e9faaff639

The attributes displayed is now dependant upon their definition in
a Param. This enhances that, giving some level of control over how
the result is displayed to the user.

This also fixes displaying group membership, including failures of
adding/removing entries.

All tests pass now though there is still one problem. We need to
return the dn as well. Once that is fixed we just need to comment
out all the dn entries in the tests and they should once again
pass.





The attributes displayed is now dependant upon their definition in
a Param. This enhances that, giving some level of control over how
the result is displayed to the user.

This also fixes displaying group membership, including failures of
adding/removing entries.

All tests pass now though there is still one problem. We need to
return the dn as well. Once that is fixed we just need to comment
out all the dn entries in the tests and they should once again
pass.







Add Object.label class attribute, enable in webUI
2010-02-12T22:07:37+00:00

Jason Gerard DeRose
jderose@redhat.com

2010-02-08T12:03:28+00:00

069763c5c616221fd0bcea813cad93ae3f7c072d












Add messages, declarative tests for rolegroup, taskgroup plugins
2009-12-18T15:56:16+00:00

Jason Gerard DeRose
jderose@redhat.com

2009-12-18T11:41:30+00:00

e83c54587f07e53bfc92bd03ce54933d844f2d30