From adde918f38a7df8f72e5293d1d0c5a5637b7e5a8 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH] Add managed read permission to automount

A single permission is added to cover automountlocation,
automountmap, and automountkey.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566

Reviewed-By: Martin Kosek <mkosek@redhat.com>
---
 ipalib/plugins/automount.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ipalib/plugins/automount.py b/ipalib/plugins/automount.py
index 4b94a5957..b961b1c17 100644
--- a/ipalib/plugins/automount.py
+++ b/ipalib/plugins/automount.py
@@ -208,6 +208,21 @@ class automountlocation(LDAPObject):
     default_attributes = ['cn']
     label = _('Automount Locations')
     label_singular = _('Automount Location')
+    managed_permissions = {
+        'System: Read Automount Configuration': {
+            # Single permission for all automount-related entries
+            'non_object': True,
+            'ipapermlocation': DN(container_dn, api.env.basedn),
+            'replaces_global_anonymous_aci': True,
+            'ipapermbindruletype': 'anonymous',
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'cn', 'objectclass',
+                'automountinformation', 'automountkey', 'description',
+                'automountmapname', 'description',
+            },
+        },
+    }
 
     takes_params = (
         Str('cn',