[Freeipa-devel] [PATCH] 892 webui: add mangedby tab to otptoken
Martin Babinsky
mbabinsk at redhat.com
Fri Jul 3 12:49:41 UTC 2015
On 07/01/2015 06:59 PM, Petr Vobornik wrote:
> Added managedby_user tab to manage users who can manage the token.
>
> https://fedorahosted.org/freeipa/ticket/5003
>
> Nathaniel, I could not reproduce the following part of the ticket:
> """
> Careful interaction is required here. In the current code, this also
> creates a bug since all UI created tokens are owned but not managed.
> When users of these tokens are deleted, their self-created tokens are
> orphaned rather than deleted.
>
> Self-created tokens MUST be both self-owned AND self-managed.
> """
>
> The self-created tokens which I created in Web UI as admin or normal
> user were in both cases managed by the same user who created them.
>
>
(Once again, this time also reply to the list)
The patch itself does what it is supposed to.
So ACK from me.
However, I have found out that the token's manager is correctly set
*only* when it is directly created by the user that should own it. In
this case when the manager is not specified, the code works as expected
and fill in the logged-in user as manager.
However, if e.g. admin creates a token for another user and does not set
him as the manager explicitly, the 'managedBy' attribute is not set.
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list