| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
For each SAN in a request there must be a matching service entry writable by
the requestor. Users can request certificates with SAN only if they have
"Request Certificate With SubjectAltName" permission.
https://fedorahosted.org/freeipa/ticket/3977
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3977
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
new `extend` module should serve as a stable API for plugin authors.
It should expose the most commonly used global calls.
https://fedorahosted.org/freeipa/ticket/4345
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
| |
Standard facets sets `facet` attribute to widgets. This one adds
similar, more generic `parent` attribute which should be used for going through
the hierarchy up to top.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Router is not able to create hash from facet state for custom
routes/facets. This patch refactors router methods into providers. It
allows to create additional route handlers, navigators and hash creators.
These providers are mapped to facets and therefore it's possible
to create router hash for any facet without any logic in the facet itself.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
One can access standard standalone facets with:
`navigation.show('facet_name')`
and completely custom facets with low level call:
`navigation.show_generic('/custom/hash', facet)``
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
| |
`Facet` descendants don't have `container` attribute as opposite to
`facet.facet`. Therefore the registration will happen on every facet
visit.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
These entries are the same in all IPA installations, so there's
no need to hide them.
Also remove the ipaVirtualOperation objectclass, since it is
no longer needed.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
| |
Removed SIG, KEY, RRSIG, NSEG record types
Added NSEC3PARAM record type
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Forward zones are stored in idnsforwadzone objectclasses.
design: http://www.freeipa.org/page/V4/Forward_zones
Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes commit b243da415ecb2c28b5aa9bc563595efe35a40987
A bad version of the patch was sent and pushed.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ipa host-del command checks if the host to be deleted is an
IPA master by looking up the entry in cn=masters.
If the entry is not accessible, host-del would proceed to delete
the host.
Thus we need to allow reading the master entries to at least
those that can delete hosts.
Since the host information is also available via DNS, it makes
no sense be extremely secretive about it.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Convert the existing default permissions.
The Read permission is split between Read DNS Entries and Read
DNS Configuration.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
| |
Also fixes few incorrect imports.
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3306
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It enables declarative extraction of values from partial
results of a batch commands and also further extensibility
in custom adapters.
The default adapter has detection logic for this extraction so
it can use bare record or extract data from normal or batch RPC
command.
Minor change of user plugin fixed:
https://fedorahosted.org/freeipa/ticket/4355
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also constitutes a rethinking of the token ACIs after the introduction
of SELFDN support.
Admins, as before, have full access to all token permissions.
Normal users have read/search/compare access to all of the non-secret data
for tokens assigned to them, whether managed by them or not. Users can add
tokens if, and only if, they will also manage this token.
Managers can also read/search/compare tokens they manage. Additionally,
they can write non-secret data to their managed tokens and delete them.
When a normal user self-creates a token (the default behavior), then
managedBy is automatically set. When an admin creates a token for another
user (or no owner is assigned at all), then managed by is not set. In this
second case, the token is effectively read-only for the assigned owner.
This behavior enables two important other behaviors. First, an admin can
create a hardware token and assign it to the user as a read-only token.
Second, when the user is deleted, only his self-managed tokens are deleted.
All other (read-only) tokens are instead orphaned. This permits the same
token object to be reasigned to another user without loss of any counter
data.
https://fedorahosted.org/freeipa/ticket/4228
https://fedorahosted.org/freeipa/ticket/4259
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
TTL specified in idnsZone object class affects all records at zone apex,
not only SOA record.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
| |
part of
https://fedorahosted.org/freeipa/ticket/2348
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
`memberdenycmd_sudocmd` and `memberdenycmd_sudocmdgroup` tables are now
enabled/disabled based on `cmdcategory` as well.
https://fedorahosted.org/freeipa/ticket/4361
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Interface for setting default group is hidden when user doesn't have
necessary rights or if there is some error while loading the state.
https://fedorahosted.org/freeipa/ticket/4356
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
| |
Update widget status text on update.
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
using browser history when unauthenticated causes transition to
the original and/or preceding facets. But nothing works since
all commands fail due to expired credentials in session.
These changes make sure that user stays on login screen if he misses
valid session credentials while he wants to switch to facet which
requires authentication.
https://fedorahosted.org/freeipa/ticket/4353
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dialog instances no longer directly call IPA.opened_dialog methods. It's
handled through events (decoupled from dialog's POV). IPA.open_dialogs
with assistance of ApplicationController makes sure that there is only
one dialog opened at the same time.
It also makes sure to hide all dialogs, which are not global dialogs and
did not originate from current facet, when switching facets.
https://fedorahosted.org/freeipa/ticket/4348
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
| |
there is only one top level item -> no point of having this level.
This patch replaces top level with second menu level
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3801
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
GID field should be enabled by default since the default group is posix.
Was caused by option_widget_base not properly reporting value change while
selecting the default value. It has to be notified with delay otherwise the
event is consumed by FieldBinder.
https://fedorahosted.org/freeipa/ticket/4325
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
