diff options
author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 17:11:23 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-04-17 12:38:50 +0200 |
commit | 1e46c0a36159c990e083f771de2c0a18ecdbc42e (patch) | |
tree | 739ce06237657933d13ed09da156bb6ec0b76267 /ipalib/plugins | |
parent | 81b0e7466d739a61b16c0e79c660a9f85d073c8c (diff) | |
download | freeipa-1e46c0a36159c990e083f771de2c0a18ecdbc42e.tar.gz freeipa-1e46c0a36159c990e083f771de2c0a18ecdbc42e.tar.xz freeipa-1e46c0a36159c990e083f771de2c0a18ecdbc42e.zip |
Add managed read permissions to automember
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib/plugins')
-rw-r--r-- | ipalib/plugins/automember.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/ipalib/plugins/automember.py b/ipalib/plugins/automember.py index 4b3f6f06f..dad35d458 100644 --- a/ipalib/plugins/automember.py +++ b/ipalib/plugins/automember.py @@ -183,10 +183,39 @@ class automember(LDAPObject): object_name = 'Automember rule' object_name_plural = 'Automember rules' object_class = ['top', 'automemberregexrule'] + permission_filter_objectclasses = ['automemberregexrule'] default_attributes = [ 'automemberinclusiveregex', 'automemberexclusiveregex', 'cn', 'automembertargetgroup', 'description', 'automemberdefaultgroup' ] + managed_permissions = { + 'System: Read Automember Definitions': { + 'non_object': True, + 'ipapermlocation': DN(container_dn, api.env.basedn), + 'ipapermtargetfilter': {'(objectclass=automemberdefinition)'}, + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'permission', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'objectclass', 'cn', 'automemberscope', 'automemberfilter', + 'automembergroupingattr', 'automemberdefaultgroup', + 'automemberdisabled', + }, + 'default_privileges': {'Automember Readers', + 'Automember Task Administrator'}, + }, + 'System: Read Automember Rules': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'permission', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'objectclass', 'automembertargetgroup', 'description', + 'automemberexclusiveregex', 'automemberinclusiveregex', + }, + 'default_privileges': {'Automember Readers', + 'Automember Task Administrator'}, + }, + } label = _('Auto Membership Rule') |