IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
8a415ff985
freeipa/ipaserver/plugins
History
Rob Crittenden dc73813b8a Warn for permissions with read/write/search/compare and no attrs 
An ACI with rights of read, write, search and/or compare without
attributes to apply the rights to is effectively a no-op. Allow
the ACI to be created but include a warning. Ignore the add
and delete rights. While they make no sense in the context of
the other rights we should still warn that they are a no-op
with no attributes.

Use the existing make_aci() object method to create the
message and update the add/mod callers to capture and add the
message to the result if one is provided.

When updating an existing ACI the effective attributes will
not be included so fall back to the attributes in the resulting
permission.

Prior to checking for rights and attributes convert any deprecated
names for older clients into the newer values needed by make_aci

This is exercised by existing xmlrpc permission tests that
create such permissions without attributes.

https://pagure.io/freeipa/issue/9188

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2022-07-15 16:59:15 +02:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py pylint: Fix unused-variable 2022-03-11 13:37:08 -05:00
automember.py pylint: Fix consider-using-in 2022-03-11 13:37:08 -05:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py Convert values using _SYNTAX_MAPPING with --delattr 2022-03-16 12:18:35 +02:00
baseuser.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
batch.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
ca.py Add support for Random Serial Numbers v3 2022-06-09 08:35:15 +02:00
caacl.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
cert.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
certmap.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
certprofile.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
config.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
delegation.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
dns.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py pylint: Fix consider-using-dict-items 2022-03-11 13:37:08 -05:00
domainlevel.py Use api.env.container_masters 2019-03-28 00:21:00 +01:00
group.py Enhance error message when adding non-posix group with a GID 2021-03-29 10:09:22 +03:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
host.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
hostgroup.py Allow rename of a host group 2020-03-31 09:21:37 +03:00
idp.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
idrange.py Add basic support for subordinate user/group ids 2021-07-09 09:47:30 -04:00
idviews.py idviews: use cached ipaOriginalUid value when resolving ID override anchor 2022-06-14 15:58:55 +03:00
internal.py External IdP: add Web UI to manage IdP references 2022-05-10 15:52:41 +03:00
join.py Delay import of psutil to avoid AVC 2020-09-23 14:49:15 +02:00
krbtpolicy.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
ldap2.py Add switch for LDAP cache debug output 2022-06-14 15:56:21 +03:00
location.py Fix div-by-zero when svc weight is 0 for all masters in location 2020-02-26 13:42:10 -05:00
migration.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
passwd.py ipa passwd: make help for --otp option clearer 2021-03-29 10:07:38 +03:00
permission.py Warn for permissions with read/write/search/compare and no attrs 2022-07-15 16:59:15 +02:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py Don't fail if config-show does not return servers 2019-03-28 17:57:58 +01:00
privilege.py pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
pwpolicy.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
rabase.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
radiusproxy.py radiusproxy: add permission for reading radius proxy servers 2018-11-13 12:40:44 +01:00
realmdomains.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
role.py Support adding user ID overrides as group and role members 2020-06-08 12:39:34 -04:00
schema.py pylint: Fix arguments-renamed 2022-03-11 13:37:08 -05:00
selfservice.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
selinuxusermap.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
server.py Remove duplicate _() in the error path 2021-11-23 10:27:45 +01:00
serverrole.py servrole: takes_params must be a tuple 2020-04-27 10:15:58 +02:00
serverroles.py Improve config-show to show hidden servers 2019-03-28 17:57:58 +01:00
service.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
servicedelegation.py service delegation: allow to add and remove host principals 2020-05-14 21:47:17 +03:00
session.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
stageuser.py external-idp: add support to manage external IdP objects 2022-05-10 15:52:41 +03:00
subid.py subid: subid-match: display the owner's ID not DN 2021-09-02 20:51:56 +02:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: ensure command doesn't contain trailing dot before adding it 2021-02-15 09:59:41 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py ipaldap: fix conversion from boolean OID to Python 2022-06-10 09:25:27 +02:00
topology.py domainlevel-get: fix various issues when running as non-admin 2019-03-25 09:48:31 +01:00
trust.py pylint: Skip raising-bad-type 2022-03-11 13:37:08 -05:00
user.py Preserve user: fix the confusing summary 2022-06-22 20:53:29 +02:00
vault.py Support AES for KRA archival wrapping 2022-03-16 12:07:01 +02:00
virtual.py extract virtual operation access check subroutine 2020-06-30 11:47:29 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Add endpoint for serving i18n requests 2018-07-17 15:32:28 -04:00