freeipa/ipaserver/plugins
Christian Heimes 9dda004f27 Allow permissions with 'self' bindruletype
Make it possible to create a managed permission with
ipapermbindruletype="self". The ACI will have bind rule
'(userdn = "ldap:///self")'.

Example
-------

Allow users to modify their own fasTimezone and fasIRCNick attributes:

```
managed_permissions = {
    "System: Self-Modify FAS user attributes": {
        "ipapermright": {"write"},
        "ipapermtargetfilter": ["(objectclass=fasuser)"],
        "ipapermbindruletype": "self",
        "ipapermdefaultattr": ["fasTimezone", "fasIRCNick"],
    }
}
```

See: https://github.com/fedora-infra/freeipa-fas/pull/107
Fixes: https://pagure.io/freeipa/issue/8348
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2020-06-07 10:18:03 +03:00
..
__init__.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
aci.py Fix E713 test for membership should be 'not in' 2020-05-05 10:42:46 +02:00
automember.py Fixes pylint errors introduced by version 2.4.0. 2019-09-27 09:38:32 +02:00
automount.py Reworked the renaming mechanism 2017-03-27 19:08:26 +02:00
baseldap.py baseldap: de-duplicate passed attributes when checking for limits 2020-05-19 11:58:56 -04:00
baseuser.py Fix E713 test for membership should be 'not in' 2020-05-05 10:42:46 +02:00
batch.py CVE-2019-10195: Don't log passwords embedded in commands in calls using batch 2019-11-26 15:24:20 +02:00
ca.py Handle missing LWCA certificate or chain 2019-06-18 10:36:24 +10:00
caacl.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
cert.py cert-request: allow ipa-ca.$DOMAIN dNSName for IPA servers 2020-03-25 11:13:03 +11:00
certmap.py certmap rules: altSecurityIdentities should only be used for trusted domains 2019-07-17 17:50:07 +03:00
certprofile.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
config.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
delegation.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
dns.py Specify min and max values for TTL of a DNS record 2020-06-07 10:14:05 +03:00
dnsserver.py dnsserver.py: dnsserver-find no longer returns internal server error 2017-06-15 13:51:06 +02:00
dogtag.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
domainlevel.py Use api.env.container_masters 2019-03-28 00:21:00 +01:00
group.py Show group-add/remove-member-manager failures 2019-11-20 17:08:40 +01:00
hbac.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
hbacrule.py ipaserver/plugins/hbacrule: Add HBAC to memberservice_hbacsvc* labels 2020-02-24 15:02:24 +01:00
hbacsvc.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbacsvcgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
hbactest.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
host.py Removes several pylint warnings. 2019-09-27 09:38:32 +02:00
hostgroup.py Allow rename of a host group 2020-03-31 09:21:37 +03:00
idrange.py Fix E713 test for membership should be 'not in' 2020-05-05 10:42:46 +02:00
idviews.py idviews: prevent applying to a master 2020-03-19 10:55:11 +01:00
internal.py WebUI: Expose TTL of DNS records 2020-06-07 10:09:35 +03:00
join.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
krbtpolicy.py Reset per-indicator Kerberos policy 2019-12-18 14:16:33 +01:00
ldap2.py Optimize user-add by caching ldap2.has_upg() 2019-12-05 15:07:57 +01:00
location.py Fix div-by-zero when svc weight is 0 for all masters in location 2020-02-26 13:42:10 -05:00
migration.py Address issues found by new pylint 2.5.0 2020-04-30 09:41:41 +02:00
misc.py Make env and plugins commands local again 2016-12-02 13:00:06 +01:00
netgroup.py LGTM: raise handle_not_found() 2018-01-09 07:53:28 +01:00
otp.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otpconfig.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
otptoken.py Py3: Replace six.moves imports 2018-10-05 12:06:19 +02:00
passwd.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
permission.py Allow permissions with 'self' bindruletype 2020-06-07 10:18:03 +03:00
ping.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
pkinit.py Don't fail if config-show does not return servers 2019-03-28 17:57:58 +01:00
privilege.py Privilege: add a helper checking if a principal has a given privilege 2020-03-05 14:40:58 +01:00
pwpolicy.py Fix translation of commands description in API Browser 2018-06-12 08:38:56 +02:00
rabase.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
radiusproxy.py radiusproxy: add permission for reading radius proxy servers 2018-11-13 12:40:44 +01:00
realmdomains.py Fix pylint 2.0 return-related violations 2018-07-11 10:11:38 +02:00
role.py Fix Pylint 2.0 violations 2018-07-14 12:04:19 +02:00
schema.py Fix E713 test for membership should be 'not in' 2020-05-05 10:42:46 +02:00
selfservice.py Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
selinuxusermap.py Fix E711 comparison to None 2020-05-05 10:42:46 +02:00
server.py Privilege: add a helper checking if a principal has a given privilege 2020-03-05 14:40:58 +01:00
serverrole.py servrole: takes_params must be a tuple 2020-04-27 10:15:58 +02:00
serverroles.py Improve config-show to show hidden servers 2019-03-28 17:57:58 +01:00
service.py Display principal name while del required principal 2020-05-05 15:56:03 +02:00
servicedelegation.py service delegation: allow to add and remove host principals 2020-05-14 21:47:17 +03:00
session.py Fix some untranslatable commands in Web UI API Browser 2018-06-21 18:42:05 +02:00
stageuser.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
sudo.py ipalib: move server-side plugins to ipaserver 2016-06-03 09:00:34 +02:00
sudocmd.py sudocmd: fix unsupported assignment 2017-09-08 15:42:07 +02:00
sudocmdgroup.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
sudorule.py Convert members into types in sudorule-*-option 2018-08-15 12:52:52 +02:00
topology.py domainlevel-get: fix various issues when running as non-admin 2019-03-25 09:48:31 +01:00
trust.py Fix E712 comparison to True / False 2020-05-05 10:42:46 +02:00
user.py ipa user_add: do not check group if UPG is disabled 2019-09-27 15:33:15 +02:00
vault.py Consolidate container_masters queries 2019-03-28 00:21:00 +01:00
virtual.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
whoami.py whoami.py: Type error when running tests 2017-07-07 14:44:42 +02:00
xmlserver.py Add endpoint for serving i18n requests 2018-07-17 15:32:28 -04:00