Add managed read permissions to trust

A single permission is added to cover trust, trustconfig, and trustdomain. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-03-26 17:11:23 +01:00 · 2014-03-26 17:11:23 +01:00 · 7eb12f1fb5
commit 7eb12f1fb5
parent e31688909c
1 changed files with 15 additions and 0 deletions
--- a/ipalib/plugins/trust.py
+++ b/ipalib/plugins/trust.py
@ -311,6 +311,21 @@ class trust(LDAPObject):
        'ipanttrustposixoffset', 'ipantsupportedencryptiontypes' ]
    search_display_attributes = ['cn', 'ipantflatname',
                                 'ipanttrusteddomainsid', 'ipanttrusttype']
+    managed_permissions = {
+        'System: Read Trust Information': {
+            # Allow reading of attributes needed for SSSD subdomains support
+            'non_object': True,
+            'ipapermlocation': DN(container_dn, api.env.basedn),
+            'replaces_global_anonymous_aci': True,
+            'ipapermbindruletype': 'all',
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'cn', 'objectclass',
+                'ipantflatname', 'ipantsecurityidentifier',
+                'ipanttrusteddomainsid',
+            },
+        },
+    }

    label = _('Trusts')
    label_singular = _('Trust')