| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).
A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.
ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).
This makes the aci plugin internal only.
ticket 445
|
| |
|
|
|
|
| |
Also add validation to the List parameter type.
ticket 357
|
| |
|
|
|
|
|
| |
This is added mainly so the self service rules can be updated without
resorting to ldapmodify.
ticket 80
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The problem was trying to operate directly on the ACI itself. I
introduced a new function, _aci_to_kw(), that converts an ACI
into a set of keywords. We can take these keywords, like those passed
in when an ACI is created, to merge in any changes and then re-create the
ACI.
I also switched the ACI tests to be declarative and added a lot more
cases around the modify operation.
|
| |
|
