[Freeipa-devel] [PATCHES] 0489-0495 Add the extratargetfilter virtual attribute to permissions

Petr Viktorin pviktori at redhat.com
Mon Mar 10 16:40:18 UTC 2014 

On 03/07/2014 07:57 PM, Petr Viktorin wrote:
> Hello,
> This implements https://fedorahosted.org/freeipa/ticket/4216
>
> It feels like permissions have gone full circle, from being managed by
> virtual attributes, to storing all data in LDAP and exposing that, to
> exposing mainly virtual attributes after all. The good part is that the
> virtual attributes are now just a layer on top of well-structured LDAP
> entries.
>
>
> To the point: extratargetfilter lists all target filters that are not
> implied by --memberof or --user. The list is writable; changing it will
> preserve the implied filters. By default the full underlying list is not
> shown, you can use --all or --raw for that.
> In CLI, extratargetfilter is now named simply --filter, and the
> underlying ipapermtargetfilter is named --rawfilter.
>
> There are still some cases where the illusion is not complete:
>
> - When searching, extratargetfilter and ipapermtargetfilter behave the
> same, they search the full list.
>
> - When adding a filter that matches the requirements for --memberof or
> --type, the filter will be "used" for that option instead:
>
> $ ipa permission-add testperm --type user --perm write
> --filter='(memberOf=cn=admins,cn=groups,cn=accounts,$SUFFIX)'
> ---------------------------
> Added permission "testperm"
> ---------------------------
>    Permission name: testperm
>    Permissions: write
>    Bind rule type: permission
>    Subtree: cn=users,cn=accounts,$SUFFIX
>    Member of group: admins
>    Type: user
>
>
>
> Patches:
>
> 0489 - Outputting extratargetfilter
> 0490 - Writing extratargetfilter
> 0491 - CLI names for the options
> 0492 - Tests for the above
> 0493 - Searching by extratargetfilter
> 0494 - Fix an existing bug in --memberof
> 0495 - This uses the information made available in the previous patches
> to polish a rough edge of the --memberof/--user options.
>

Attaching rebased patches.


-- 
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0489.2-permission-plugin-Output-the-extratargetfilter-virtu.patch
Type: text/x-patch
Size: 46427 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0490.2-permission-plugin-Write-support-for-extratargetfilte.patch
Type: text/x-patch
Size: 9258 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0491.2-permission-CLI-Rename-filter-to-rawfilter-extratarge.patch
Type: text/x-patch
Size: 8504 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0492.2-permission-plugin-Add-tests-for-extratargetfilter.patch
Type: text/x-patch
Size: 13571 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0493.2-permission-plugin-Support-searching-by-extratargetfi.patch
Type: text/x-patch
Size: 3552 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0494.2-permission-plugin-Do-not-fail-on-non-DN-memberof-fil.patch
Type: text/x-patch
Size: 1424 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0495.2-permission-plugin-Do-not-change-extra-target-filters.patch
Type: text/x-patch
Size: 9656 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140310/bc88ceee/attachment-0006.bin>

More information about the Freeipa-devel mailing list