Add managed read permissions to realmdomains

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-03-26 17:11:23 +01:00 · 2014-03-26 17:11:23 +01:00 · c97e1d96e3
commit c97e1d96e3
parent a185d45d87
1 changed files with 11 additions and 0 deletions
--- a/ipalib/plugins/realmdomains.py
+++ b/ipalib/plugins/realmdomains.py
@ -58,9 +58,20 @@ class realmdomains(LDAPObject):
    List of domains associated with IPA realm.
    """
    container_dn = api.env.container_realm_domains
+    permission_filter_objectclasses = ['domainrelatedobject']
    object_name = _('Realm domains')
    search_attributes = ['associateddomain']
    default_attributes = ['associateddomain']
+    managed_permissions = {
+        'System: Read Realm Domains': {
+            'replaces_global_anonymous_aci': True,
+            'ipapermbindruletype': 'all',
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass', 'cn', 'associateddomain',
+            },
+        },
+    }

    label = _('Realm Domains')
    label_singular = _('Realm Domains')