mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 17:01:14 -06:00
2cf7c7b4ac
Bundle remote plugin interface definitions for servers which lack API schema support. These server API versions are included: * 2.49: IPA 3.1.0 on RHEL/CentOS 6.5+, * 2.114: IPA 4.1.4 on Fedora 22, * 2.156: IPA 4.2.0 on RHEL/CentOS 7.2 and IPA 4.2.4 on Fedora 23, * 2.164: IPA 4.3.1 on Fedora 23. For servers with other API versions, the closest lower API version is used. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
339 lines
9.1 KiB
Python
339 lines
9.1 KiB
Python
#
|
|
# Copyright (C) 2016 FreeIPA Contributors see COPYING for license
|
|
#
|
|
|
|
# pylint: disable=unused-import
|
|
import six
|
|
|
|
from . import Command, Method, Object
|
|
from ipalib import api, parameters, output
|
|
from ipalib.parameters import DefaultFrom
|
|
from ipalib.plugable import Registry
|
|
from ipalib.text import _
|
|
from ipapython.dn import DN
|
|
from ipapython.dnsutil import DNSName
|
|
|
|
if six.PY3:
|
|
unicode = str
|
|
|
|
__doc__ = _("""
|
|
Self-service Permissions
|
|
|
|
A permission enables fine-grained delegation of permissions. Access Control
|
|
Rules, or instructions (ACIs), grant permission to permissions to perform
|
|
given tasks such as adding a user, modifying a group, etc.
|
|
|
|
A Self-service permission defines what an object can change in its own entry.
|
|
|
|
|
|
EXAMPLES:
|
|
|
|
Add a self-service rule to allow users to manage their address (using Bash
|
|
brace expansion):
|
|
ipa selfservice-add --permissions=write --attrs={street,postalCode,l,c,st} "Users manage their own address"
|
|
|
|
When managing the list of attributes you need to include all attributes
|
|
in the list, including existing ones.
|
|
Add telephoneNumber to the list (using Bash brace expansion):
|
|
ipa selfservice-mod --attrs={street,postalCode,l,c,st,telephoneNumber} "Users manage their own address"
|
|
|
|
Display our updated rule:
|
|
ipa selfservice-show "Users manage their own address"
|
|
|
|
Delete a rule:
|
|
ipa selfservice-del "Users manage their own address"
|
|
""")
|
|
|
|
register = Registry()
|
|
|
|
|
|
@register()
|
|
class selfservice(Object):
|
|
takes_params = (
|
|
parameters.Str(
|
|
'aciname',
|
|
primary_key=True,
|
|
label=_(u'Self-service name'),
|
|
),
|
|
parameters.Str(
|
|
'permissions',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'Permissions'),
|
|
doc=_(u'Permissions to grant (read, write). Default is write.'),
|
|
),
|
|
parameters.Str(
|
|
'attrs',
|
|
multivalue=True,
|
|
label=_(u'Attributes'),
|
|
doc=_(u'Attributes to which the permission applies.'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class selfservice_add(Method):
|
|
__doc__ = _("Add a new self-service permission.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'aciname',
|
|
cli_name='name',
|
|
label=_(u'Self-service name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'permissions',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'Permissions'),
|
|
doc=_(u'Permissions to grant (read, write). Default is write.'),
|
|
),
|
|
parameters.Str(
|
|
'attrs',
|
|
multivalue=True,
|
|
label=_(u'Attributes'),
|
|
doc=_(u'Attributes to which the permission applies.'),
|
|
no_convert=True,
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class selfservice_del(Method):
|
|
__doc__ = _("Delete a self-service permission.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'aciname',
|
|
cli_name='name',
|
|
label=_(u'Self-service name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Output(
|
|
'result',
|
|
bool,
|
|
doc=_(u'True means the operation was successful'),
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class selfservice_find(Method):
|
|
__doc__ = _("Search for a self-service permission.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'criteria',
|
|
required=False,
|
|
doc=_(u'A string searched in all relevant object attributes'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'aciname',
|
|
required=False,
|
|
cli_name='name',
|
|
label=_(u'Self-service name'),
|
|
),
|
|
parameters.Str(
|
|
'permissions',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'Permissions'),
|
|
doc=_(u'Permissions to grant (read, write). Default is write.'),
|
|
),
|
|
parameters.Str(
|
|
'attrs',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'Attributes'),
|
|
doc=_(u'Attributes to which the permission applies.'),
|
|
no_convert=True,
|
|
),
|
|
parameters.Flag(
|
|
'pkey_only',
|
|
required=False,
|
|
label=_(u'Primary key only'),
|
|
doc=_(u'Results should contain primary key attribute only ("name")'),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.ListOfEntries(
|
|
'result',
|
|
),
|
|
output.Output(
|
|
'count',
|
|
int,
|
|
doc=_(u'Number of entries returned'),
|
|
),
|
|
output.Output(
|
|
'truncated',
|
|
bool,
|
|
doc=_(u'True if not all results were returned'),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class selfservice_mod(Method):
|
|
__doc__ = _("Modify a self-service permission.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'aciname',
|
|
cli_name='name',
|
|
label=_(u'Self-service name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Str(
|
|
'permissions',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'Permissions'),
|
|
doc=_(u'Permissions to grant (read, write). Default is write.'),
|
|
),
|
|
parameters.Str(
|
|
'attrs',
|
|
required=False,
|
|
multivalue=True,
|
|
label=_(u'Attributes'),
|
|
doc=_(u'Attributes to which the permission applies.'),
|
|
no_convert=True,
|
|
),
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|
|
|
|
|
|
@register()
|
|
class selfservice_show(Method):
|
|
__doc__ = _("Display information about a self-service permission.")
|
|
|
|
takes_args = (
|
|
parameters.Str(
|
|
'aciname',
|
|
cli_name='name',
|
|
label=_(u'Self-service name'),
|
|
),
|
|
)
|
|
takes_options = (
|
|
parameters.Flag(
|
|
'all',
|
|
doc=_(u'Retrieve and print all attributes from the server. Affects command output.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
parameters.Flag(
|
|
'raw',
|
|
doc=_(u'Print entries as stored on the server. Only affects output format.'),
|
|
exclude=('webui',),
|
|
default=False,
|
|
autofill=True,
|
|
),
|
|
)
|
|
has_output = (
|
|
output.Output(
|
|
'summary',
|
|
(unicode, type(None)),
|
|
doc=_(u'User-friendly description of action performed'),
|
|
),
|
|
output.Entry(
|
|
'result',
|
|
),
|
|
output.PrimaryKey(
|
|
'value',
|
|
doc=_(u"The primary_key value of the entry, e.g. 'jdoe' for a user"),
|
|
),
|
|
)
|