diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2014-03-26 16:29:16 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-04-16 16:37:43 +0200 |
| commit | bb4e47d9ea249d7f3ead460284dd67312cc82bd5 (patch) | |
| tree | 4f0d6793f1695babd9cdecd64ba17b4cae732315 /ipalib | |
| parent | 5c8548a4ad27fadcf58e4c414eafbc3c5e888450 (diff) | |
| download | freeipa-bb4e47d9ea249d7f3ead460284dd67312cc82bd5.tar.gz freeipa-bb4e47d9ea249d7f3ead460284dd67312cc82bd5.tar.xz freeipa-bb4e47d9ea249d7f3ead460284dd67312cc82bd5.zip | |
Add managed read permission to idrange
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/idrange.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipalib/plugins/idrange.py b/ipalib/plugins/idrange.py index 91d8525db..5cc2786ce 100644 --- a/ipalib/plugins/idrange.py +++ b/ipalib/plugins/idrange.py @@ -161,10 +161,23 @@ class idrange(LDAPObject): object_name = ('range') object_name_plural = ('ranges') object_class = ['ipaIDrange'] + permission_filter_objectclasses = ['ipaidrange'] possible_objectclasses = ['ipadomainidrange', 'ipatrustedaddomainrange'] default_attributes = ['cn', 'ipabaseid', 'ipaidrangesize', 'ipabaserid', 'ipasecondarybaserid', 'ipanttrusteddomainsid', 'iparangetype'] + managed_permissions = { + 'System: Read ID Ranges': { + 'replaces_global_anonymous_aci': True, + 'ipapermbindruletype': 'all', + 'ipapermright': {'read', 'search', 'compare'}, + 'ipapermdefaultattr': { + 'cn', 'objectclass', + 'ipabaseid', 'ipaidrangesize', 'iparangetype', + 'ipabaserid', 'ipasecondarybaserid', 'ipanttrusteddomainsid', + }, + }, + } label = _('ID Ranges') label_singular = _('ID Range') |