diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-27 15:36:54 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-04-24 14:36:41 +0200 |
| commit | af3a4adc46368f736151c118ccb1dd0e9bb89144 (patch) | |
| tree | b934696ede801ae4016e0d16fec9eb3ac2ef6611 | |
| parent | b9f69d4f0b310ed000fc7bde522f3657c032020b (diff) | |
| download | freeipa-af3a4adc46368f736151c118ccb1dd0e9bb89144.tar.gz freeipa-af3a4adc46368f736151c118ccb1dd0e9bb89144.tar.xz freeipa-af3a4adc46368f736151c118ccb1dd0e9bb89144.zip | |
Add support for non-plugin default permissions
Add support for managed permissions that are not tied to an object
class and thus can't be defined in an Object plugin.
A dict is added to hold templates for the non-plugin permissions.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
| -rw-r--r-- | ipaserver/install/plugins/update_managed_permissions.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/ipaserver/install/plugins/update_managed_permissions.py b/ipaserver/install/plugins/update_managed_permissions.py index 3bba1f06e..438767f1c 100644 --- a/ipaserver/install/plugins/update_managed_permissions.py +++ b/ipaserver/install/plugins/update_managed_permissions.py @@ -34,6 +34,9 @@ For example, an entry could look like this: }, } +For permissions not tied to an object plugin, a NONOBJECT_PERMISSIONS +dict of the same format is defined in this module. + The permission name must start with the "System:" prefix. The template dictionary can have the following keys: @@ -41,8 +44,8 @@ The template dictionary can have the following keys: - Directly used as attributes on the permission. - Replaced when upgrading an existing permission - If not specified, these default to the defaults of a permission of the - corresponding --type, or (if non_object is specified) to general permission - defaults. + corresponding --type, or, if non_object is specified, or if not on an + object, to general permission defaults . - ipapermlocation and ipapermtarget must be DNs - ipapermtargetfilter and objectclass must be iterables of strings * ipapermbindruletype @@ -77,6 +80,8 @@ from ipaserver.install.plugins.baseupdate import PostUpdate register = Registry() +NONOBJECT_PERMISSIONS = {} + @register() class update_managed_permissions(PostUpdate): @@ -123,6 +128,11 @@ class update_managed_permissions(PostUpdate): template, anonymous_read_blacklist) + self.log.info('Updating non-object managed permissions') + for name, template in NONOBJECT_PERMISSIONS.iteritems(): + self.update_permission(ldap, None, unicode(name), template, + anonymous_read_blacklist) + return False, False, () def update_permission(self, ldap, obj, name, template, |