[Freeipa-devel] [PATCH] 199 Permissions: select only applicable options on type change
Petr Vobornik
pvoborni at redhat.com
Mon Sep 3 10:59:33 UTC 2012
On 08/28/2012 04:46 PM, Endi Sukma Dewata wrote:
> Found a couple of issues with Undo:
Updated patch attached.
>
> 1. Using the scenario described in the ticket, if I undo the Type back
> to User Group the Attributes aren't updated, it still shows the Service
> attributes.
Fixed. Now after undo it performs the same change as when changing the
type. The fix is not very clean because it is dependent on the order of
registration of undo_clicked event handlers, it should suffice.
>
> 2. After that, if I undo the Attributes it will show the originally
> selected attribute (description) but the attribute will appear at the
> end of Service attributes (not User Group attributes) and the attributes
> are not sorted.
Fixed by #1. When not performing #1 before, it still behaves this way. I
think it is correct behavior otherwise it would still show the undo button.
>
> I also have some comments below.
>
> On 8/22/2012 7:17 AM, Petr Vobornik wrote:
>> Problem:
>> When a permission is edited, and Type switched, the attributes
>> selected for previous Type are still selected, and update fails, if they
>> are invalid for the new Type. But it should get deselected or not even
>> listed if Type changes.
>>
>> Fix:
>> When Type is changed, attribute list is refreshed and still applicable
>> attributes are chosen. If Type is reverted back, previously chosen
>> attributes are back as chosen.
>>
>> If attributes are extended outside Web UI by not listed attr, this
>> attr is listed at the list end.
>
> To my understanding the list of ACI attributes are obtained from the
> LDAP schema, so if a new attribute is added to the object class the UI
> will know about it and show it in the attribute list. However, if the
> attribute is added using the extensibleObject the UI may not know about
> it because there's no schema change, is this what you meant? In that
> case the UI won't show a checkbox for the attribute, so we'd probably
> have to use the Filter or Subtree permission target that accepts
> arbitrary attributes.
On mod or create, validation of attrs is checking presence of attr in
schema but not in object type's object classes. So in CLI admin can
define attrs which are not offered in UI. It might be wrong, but Web UI
should be able to work with it to avoid possible problems with dirty
status right after load.
>
> Ideally the server should support a generic LDAP ACI target which would
> accept any combination of LDAP filter, subtree, and attributes, but that
> probably depends on the actual needs.
>
>> Note:
>> If user makes change in attribute list before type change, this change
>> is forgotten.
>>
>> https://fedorahosted.org/freeipa/ticket/2617
>
--
Petr Vobornik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pvoborni-0199-1-Permissions-select-only-applicable-options-on-type-c.patch
Type: text/x-patch
Size: 6184 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120903/a65ef4ae/attachment.bin>
More information about the Freeipa-devel
mailing list