[Freeipa-devel] [PATCH] 336 Added policies into user details page.
Petr Vobornik
pvoborni at redhat.com
Tue Jan 10 17:58:42 UTC 2012
On 01/10/2012 08:35 AM, Endi Sukma Dewata wrote:
> On 1/6/2012 7:50 AM, Petr Vobornik wrote:
>> 1) you are calling krbtpolicy-show without any user specific information
>> so it always get the global policy. It should be call with an user
>> argument.
>
> Fixed. Right now it's read only. I think we should provide an interface
> to edit the Kerberos ticket policy for each user, but I don't think it's
> as simple as making the fields editable because there are 2 operations
> that we need to support: Update (krbtpolicy-mod) and Reset
> (krbtpolicy-reset). The krbtpolicy-mod probably can be called together
> with user-mod when we click Update, but we need a new button for the
> Reset operation because it's completely different than the details
> facet's Reset button.
I wouldn't modify it there too. Maybe the original ticket (new facet)
wasn't a bad idea. But for reading this implementation is really fine.
>
>> Minor:
>> 2) Why not call pwpolicy-show --user=user_login instead of getting the
>> policy's name from dn?
>
> Fixed. The password policy is intentionally made read only because the
> policy belongs to the group, not the user. If we make it editable it
> might confuse the admin into thinking that he's changing the policy for
> the user only whereas he's actually changing the policy for the whole
> group.
Agree
>We might be able to show the password policy in group details
> page too, but I'm not sure if it's necessary.
We will see if some user will want it.
>
>> Combining 1), 2) and user-show will allow to get all necessary
>> information for the facet in a single batch at refresh.
>
> This will be done in the next patch.
>
ACK and pushed to master
--
Petr Vobornik
More information about the Freeipa-devel
mailing list