[Freeipa-devel] [PATCH] freeipa-admiyo-freeipa-0072-rights-check.patch

Adam Young ayoung at redhat.com
Wed Nov 3 19:50:01 UTC 2010 

On 11/03/2010 12:55 PM, Endi Sukma Dewata wrote:
> On 11/3/2010 8:53 AM, Adam Young wrote:
>>> Still NACK. I have tested this again. It looks like the UI does not
>>> send the --rights parameter which is required to get the
>>> attributelevelrights. With this patch even the admin can't edit 
>>> anything.
>>
>> Ah...that was because I did it as two commits, and only made a patch out
>> of one.
>
> Still too many disabled inputs. If you login as admin and open admin's 
> details page, the only editable fields are last name and full name. 
> (State is also editable but I suspect it's because this field doesn't 
> support rights yet.) According to attributelevelrights I should be able
> to edit a number of attributes including uidNumber, gidNumber, 
> telephoneNumber, but that's not the case. Do you see a different 
> behavior when you test it? Am I missing some other patches? Btw, in 
> your patch I think rights should be set to 'true' instead of 1.
>
> "attributelevelrights": {
>     "aci": "rscwo",
>     "cn": "rscwo",
>     "description": "rscwo",
>     "gecos": "rscwo",
>     "gidNumber": "rscwo",
>     "homeDirectory": "rscwo",
>     "inetUserHttpURL": "rscwo",
>     "inetUserStatus": "rscwo",
>     "ipaUniqueID": "rsc",
>     "krbCanonicalName": "rscwo",
>     "krbExtraData": "rscwo",
>     "krbLastFailedAuth": "rscwo",
>     "krbLastPwdChange": "rscwo",
>     "krbLastSuccessfulAuth": "rscwo",
>     "krbLoginFailedCount": "rscwo",
>     "krbMaxRenewableAge": "rscwo",
>     "krbMaxTicketLife": "rscwo",
>     "krbPasswordExpiration": "rscwo",
>     "krbPrincipalAliases": "rscwo",
>     "krbPrincipalExpiration": "rscwo",
>     "krbPrincipalKey": "wo",
>     "krbPrincipalName": "rscwo",
>     "krbPrincipalType": "rscwo",
>     "krbPwdHistory": "rscwo",
>     "krbPwdPolicyReference": "rscwo",
>     "krbTicketFlags": "rscwo",
>     "krbTicketPolicyReference": "rscwo",
>     "krbUPEnabled": "rscwo",
>     "loginShell": "rscwo",
>     "memberOf": "rsc",
>     "mepManagedEntry": "rscwo",
>     "nsAccountLock": "rscwo",
>     "objectClass": "rscwo",
>     "seeAlso": "rscwo",
>     "sn": "rscwo",
>     "telephoneNumber": "rscwo",
>     "uid": "rscwo",
>     "uidNumber": "rscwo",
>     "userPassword": "wo"
> },
>
Now defaulting to rscwo, which means that some fields will show up 
editable even if the user can't change them, due to  effectiverights not 
being returned on all fields.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-admiyo-freeipa-0072-2-rights-check.patch
Type: text/x-patch
Size: 7840 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20101103/9f81f7c3/attachment.bin>

More information about the Freeipa-devel mailing list