[Freeipa-devel] [PATCH] freeipa-admiyo-freeipa-0072-rights-check.patch
Endi Sukma Dewata
edewata at redhat.com
Wed Nov 3 12:32:13 UTC 2010
On 11/1/2010 9:28 AM, Adam Young wrote:
>>> Check effective rights. If the right is not explicitly allowed, show the
>>> field as read only.
>> It seems to be working, but I think it has to wait until the
>> attributelevelrights is returned in the JSON response because without
>> it the UI would become unusable because all fields would be disabled.
> That is part of the patch. attributelevelrights has been added as a flag
> to the JSON request. The change to baseldap.py will only apply on to of
> the change made to return the rights.
>
> I suspect that what you are seeing is that there is some holes in the
> coverage of the attribute level rights, and I made the decision to
> default to "don't allow changes". Thus, this code needs to go in before
> we can identify places where the rights are not being properly reported,
> otherwise, we just won't know.
Still NACK. I have tested this again. It looks like the UI does not send
the --rights parameter which is required to get the
attributelevelrights. With this patch even the admin can't edit anything.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list