[Freeipa-devel] [PATCH] 0053 Disallow setattr on no_update/no_create params
Martin Kosek
mkosek at redhat.com
Tue May 29 07:26:01 UTC 2012
On Mon, 2012-05-21 at 13:58 +0200, Petr Viktorin wrote:
> Only use no_create/no_update for things we really don't want the user to
> change (even through setattr). This is stuff like ipacertificatesubjectbase.
> Make --{set,add,del}attr refuse to modify these params.
>
> For things we just don't advertise in the because there's a different
> way to do change them, there is the "no_option" flag (undocumented
> before this patch). This only causes the option to be hidden from the
> CLI; XML-RPC will still happily take it (and it will appear in API.txt).
> Use this for ipaenabledflag, nsacconuntlock, and externalhost.
>
>
> https://fedorahosted.org/freeipa/ticket/2580
Yeah, I think this approach is OK, everything worked fine for me.
ACK. Pushed to master.
Martin
More information about the Freeipa-devel
mailing list