freeipa/ipalib
Rob Crittenden dc73813b8a Warn for permissions with read/write/search/compare and no attrs
An ACI with rights of read, write, search and/or compare without
attributes to apply the rights to is effectively a no-op. Allow
the ACI to be created but include a warning. Ignore the add
and delete rights. While they make no sense in the context of
the other rights we should still warn that they are a no-op
with no attributes.

Use the existing make_aci() object method to create the
message and update the add/mod callers to capture and add the
message to the result if one is provided.

When updating an existing ACI the effective attributes will
not be included so fall back to the attributes in the resulting
permission.

Prior to checking for rights and attributes convert any deprecated
names for older clients into the newer values needed by make_aci

This is exercised by existing xmlrpc permission tests that
create such permissions without attributes.

https://pagure.io/freeipa/issue/9188

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-15 16:59:15 +02:00
..
install pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
__init__.py Add a new parameter type, SerialNumber, as a subclass of Str 2022-06-09 08:35:15 +02:00
aci.py De-duplicate ACI attributes and permissions 2020-09-14 09:15:59 +03:00
backend.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
base.py pylint: Skip false-positive invalid-sequence-index 2022-03-11 13:37:08 -05:00
capabilities.py Support AES for KRA archival wrapping 2022-03-16 12:07:01 +02:00
cli.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
config.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
constants.py Add switch for LDAP cache debug output 2022-06-14 15:56:21 +03:00
crud.py ipalib, ipaserver: fix incorrect API.register calls in docstrings 2016-05-25 16:06:26 +02:00
dns.py dnsrecord-mod: allow to modify ttl without passing the record 2019-07-01 09:16:21 +02:00
errors.py rpcserver: fix exception handling for FAST armor failure 2020-10-30 19:06:11 +02:00
facts.py Fall back to old server installation detection when needed 2020-08-18 11:11:26 +02:00
frontend.py pylint: Remove unused __convert_iter 2022-03-11 13:37:08 -05:00
krb_utils.py krb_utils: Simplify get_credentials 2021-06-12 11:19:25 +03:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
messages.py Warn for permissions with read/write/search/compare and no attrs 2022-07-15 16:59:15 +02:00
misc.py plugins: Don't treat keys of api as bytes 2021-06-28 14:16:56 +03:00
output.py Generate same API.txt under Python 2 and 3 2018-02-15 09:41:30 +01:00
parameters.py Add a new parameter type, SerialNumber, as a subclass of Str 2022-06-09 08:35:15 +02:00
pkcs10.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
plugable.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
request.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
rpc.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Add helpers for resolve1 and nameservers 2020-09-23 16:44:26 +02:00
sysrestore.py pylint: Fix consider-using-dict-items 2022-03-11 13:37:08 -05:00
text.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
util.py ipalib/util.py: switch to ssl.PROTOCOL_TLS_CLIENT by default 2022-03-17 11:49:57 -04:00
x509.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00