diff options
Diffstat (limited to 'ipalib/plugins/permission.py')
-rw-r--r-- | ipalib/plugins/permission.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipalib/plugins/permission.py b/ipalib/plugins/permission.py index f2e896935..7d2a4dd15 100644 --- a/ipalib/plugins/permission.py +++ b/ipalib/plugins/permission.py @@ -21,6 +21,7 @@ import re import traceback from ipalib.plugins import baseldap +from ipalib.plugins.privilege import validate_permission_to_privilege from ipalib import errors from ipalib.parameters import Str, StrEnum, DNParam, Flag from ipalib import api, _, ngettext @@ -1377,6 +1378,12 @@ class permission_add_member(baseldap.LDAPAddMember): """Add members to a permission.""" NO_CLI = True + def pre_callback(self, ldap, dn, member_dns, failed, *keys, **options): + # We can only add permissions with bind rule type set to + # "permission" (or old-style permissions) + validate_permission_to_privilege(self.api, keys[-1]) + return dn + @register() class permission_remove_member(baseldap.LDAPRemoveMember): |