[Freeipa-devel] [PATCH] freeipa-admiyo-freeipa-0072-rights-check.patch
Adam Young
ayoung at redhat.com
Wed Nov 3 19:50:01 UTC 2010
On 11/03/2010 12:55 PM, Endi Sukma Dewata wrote:
> On 11/3/2010 8:53 AM, Adam Young wrote:
>>> Still NACK. I have tested this again. It looks like the UI does not
>>> send the --rights parameter which is required to get the
>>> attributelevelrights. With this patch even the admin can't edit
>>> anything.
>>
>> Ah...that was because I did it as two commits, and only made a patch out
>> of one.
>
> Still too many disabled inputs. If you login as admin and open admin's
> details page, the only editable fields are last name and full name.
> (State is also editable but I suspect it's because this field doesn't
> support rights yet.) According to attributelevelrights I should be able
> to edit a number of attributes including uidNumber, gidNumber,
> telephoneNumber, but that's not the case. Do you see a different
> behavior when you test it? Am I missing some other patches? Btw, in
> your patch I think rights should be set to 'true' instead of 1.
>
> "attributelevelrights": {
> "aci": "rscwo",
> "cn": "rscwo",
> "description": "rscwo",
> "gecos": "rscwo",
> "gidNumber": "rscwo",
> "homeDirectory": "rscwo",
> "inetUserHttpURL": "rscwo",
> "inetUserStatus": "rscwo",
> "ipaUniqueID": "rsc",
> "krbCanonicalName": "rscwo",
> "krbExtraData": "rscwo",
> "krbLastFailedAuth": "rscwo",
> "krbLastPwdChange": "rscwo",
> "krbLastSuccessfulAuth": "rscwo",
> "krbLoginFailedCount": "rscwo",
> "krbMaxRenewableAge": "rscwo",
> "krbMaxTicketLife": "rscwo",
> "krbPasswordExpiration": "rscwo",
> "krbPrincipalAliases": "rscwo",
> "krbPrincipalExpiration": "rscwo",
> "krbPrincipalKey": "wo",
> "krbPrincipalName": "rscwo",
> "krbPrincipalType": "rscwo",
> "krbPwdHistory": "rscwo",
> "krbPwdPolicyReference": "rscwo",
> "krbTicketFlags": "rscwo",
> "krbTicketPolicyReference": "rscwo",
> "krbUPEnabled": "rscwo",
> "loginShell": "rscwo",
> "memberOf": "rsc",
> "mepManagedEntry": "rscwo",
> "nsAccountLock": "rscwo",
> "objectClass": "rscwo",
> "seeAlso": "rscwo",
> "sn": "rscwo",
> "telephoneNumber": "rscwo",
> "uid": "rscwo",
> "uidNumber": "rscwo",
> "userPassword": "wo"
> },
>
Now defaulting to rscwo, which means that some fields will show up
editable even if the user can't change them, due to effectiverights not
being returned on all fields.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-admiyo-freeipa-0072-2-rights-check.patch
Type: text/x-patch
Size: 7840 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101103/9f81f7c3/attachment.bin>
More information about the Freeipa-devel
mailing list