mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
dc73813b8a
An ACI with rights of read, write, search and/or compare without attributes to apply the rights to is effectively a no-op. Allow the ACI to be created but include a warning. Ignore the add and delete rights. While they make no sense in the context of the other rights we should still warn that they are a no-op with no attributes. Use the existing make_aci() object method to create the message and update the add/mod callers to capture and add the message to the result if one is provided. When updating an existing ACI the effective attributes will not be included so fall back to the attributes in the resulting permission. Prior to checking for rights and attributes convert any deprecated names for older clients into the newer values needed by make_aci This is exercised by existing xmlrpc permission tests that create such permissions without attributes. https://pagure.io/freeipa/issue/9188 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> |
||
---|---|---|
.. | ||
install | ||
__init__.py | ||
aci.py | ||
backend.py | ||
base.py | ||
capabilities.py | ||
cli.py | ||
config.py | ||
constants.py | ||
crud.py | ||
dns.py | ||
errors.py | ||
facts.py | ||
frontend.py | ||
krb_utils.py | ||
Makefile.am | ||
messages.py | ||
misc.py | ||
output.py | ||
parameters.py | ||
pkcs10.py | ||
plugable.py | ||
request.py | ||
rpc.py | ||
setup.cfg | ||
setup.py | ||
sysrestore.py | ||
text.py | ||
util.py | ||
x509.py |