IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-25 16:31:08 -06:00
Code Issues Packages Projects Releases Wiki Activity
14,775 Commits 11 Branches 59 Tags 60 MiB
6c2db326f8
Commit Graph

104 Commits

Author SHA1 Message Date
Petr Viktorin
ca465e8ae7 Convert COSTemplate default permissions to managed 
Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-18 14:56:42 +02:00
Petr Viktorin
853b6ef4ce Convert DNS default permissions to managed 
Convert the existing default permissions.

The Read permission is split between Read DNS Entries and Read
DNS Configuration.

Part of the work for: https://fedorahosted.org/freeipa/ticket/4346

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-18 14:45:50 +02:00
Petr Viktorin
b6258d08d6 Make sure member* attrs are always granted together in read permissions 
Memberofindirect processing of an entry doesn't work if the user doesn't
have rights to any one of these attributes:
- member
- memberuser
- memberhost

Add all of these to any read permission that specifies any of them.

Add a check to makeaci that will enforce this for any future permissions.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-11 13:21:30 +02:00
Petr Viktorin
6acaf73b0c Add ACI.txt 
The ACI.txt file is a list all managed permissions in ACI form.
Similarly to API.txt, it ensures that changes are not made lightly,
since modifications must be reflected in ACI.txt and committed to Git.

Add a script, makeaci, which parallels makeapi: it recreates or
validates ACI.txt.

Call makeaci --validate before the build, just after API.txt is validated.

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-06-11 13:21:29 +02:00