[Freeipa-devel] [PATCH] freeipa-admiyo-freeipa-0072-rights-check.patch
Adam Young
ayoung at redhat.com
Mon Nov 1 14:28:38 UTC 2010
On 10/29/2010 09:31 PM, Endi Sukma Dewata wrote:
> On 10/29/2010 2:50 PM, Adam Young wrote:
>> Check effective rights. If the right is not explicitly allowed, show the
>> field as read only.
>
> It seems to be working, but I think it has to wait until the
> attributelevelrights is returned in the JSON response because without
> it the UI would become unusable because all fields would be disabled.
>
That is part of the patch. attributelevelrights has been added as a
flag to the JSON request. The change to baseldap.py will only apply on
to of the change made to return the rights.
I suspect that what you are seeing is that there is some holes in the
coverage of the attribute level rights, and I made the decision to
default to "don't allow changes". Thus, this code needs to go in
before we can identify places where the rights are not being properly
reported, otherwise, we just won't know.
More information about the Freeipa-devel
mailing list