summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/permission.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r--ipalib/plugins/permission.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py
index f2e896935..7d2a4dd15 100644
--- a/ipalib/plugins/permission.py
+++ b/ipalib/plugins/permission.py
@@ -21,6 +21,7 @@ import re
import traceback
from ipalib.plugins import baseldap
+from ipalib.plugins.privilege import validate_permission_to_privilege
from ipalib import errors
from ipalib.parameters import Str, StrEnum, DNParam, Flag
from ipalib import api, _, ngettext
@@ -1377,6 +1378,12 @@ class permission_add_member(baseldap.LDAPAddMember):
"""Add members to a permission."""
NO_CLI = True
+ def pre_callback(self, ldap, dn, member_dns, failed, *keys, **options):
+ # We can only add permissions with bind rule type set to
+ # "permission" (or old-style permissions)
+ validate_permission_to_privilege(self.api, keys[-1])
+ return dn
+
@register()
class permission_remove_member(baseldap.LDAPRemoveMember):
generated by cgit (git 2.34.1) at 2024-10-02 12:37:27 +0000