[Freeipa-devel] [PATCH] 697 Add new schema to store information about permissions.
Martin Kosek
mkosek at redhat.com
Tue Feb 1 13:11:44 UTC 2011
On Mon, 2011-01-31 at 22:18 -0500, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > There are some permissions we can't display because they are stored
> > outside of the basedn (such as the replication permissions). We are
> > adding a new attribute to store extra information to make this clear, in
> > this case READONLY.
> >
> > ticket 853
> >
> > rob
>
> I goofed on the schema, updated patch attached.
>
> rob
NACK (but a small one)
The patch is fine, I have found only 2 minor issues and a question:
1) Permission tests got broken. You may want to apply my "[PATCH] 021
Permission rename test failing" before fixing that - so that Permission
test suite is clean.
2) In delegation.ldif: ipapermission object class is missing for
removeentitlements and modifyentitlements (it has been added for
addentitlements though)
QUESTION:
In this patch you add READONLY flag to Replica permissions. However it
is not actually used and stays as just an informative flag. It won't
prevent user from modifying/removing READONLY permissions.
I guess enhancing permission-mod and permission-del of READONLY check
will be a subject of another ticket?
Martin
More information about the Freeipa-devel
mailing list