[Freeipa-devel] [freeipa PR#415][opened] ca-del: require CA to already be disabled
frasertweedale
freeipa-github-notification at redhat.com
Mon Jan 30 05:43:53 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/415
Author: frasertweedale
Title: #415: ca-del: require CA to already be disabled
Action: opened
PR body:
"""
Currently ca-del disables the target CA before deleting it.
Conceptually, this involves two separate permissions: modify and
delete. A user with delete permission does not necessarily have
modify permission.
As we move toward enforcing IPA permissions in Dogtag, it is
necessary to decouple disablement from deletion, otherwise the
disable operation would fail if the user does not have modify
permission. Although it introduces an additional step for
administrators, the process is consistent, required permissions are
clear, and errors are human-friendly.
Part of: https://fedorahosted.org/freeipa/ticket/5011
freeipa-devel discussion: https://www.redhat.com/archives/freeipa-devel/2017-January/msg00435.html
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/415/head:pr415
git checkout pr415
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-415.patch
Type: text/x-diff
Size: 2398 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20170130/54c450f6/attachment.bin>
More information about the Freeipa-devel
mailing list