Tree - rpms/ipa - CentOS Git server

pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago

Source
Stats

Blame SOURCES/0055-adjust-search-so-that-it-works-for-non-admin-users.patch

Blob History Raw

		590d18	`From 6c1ae29831a5fdea5a81412042ea73cc5df9f397 Mon Sep 17 00:00:00 2001`
		590d18	`From: Petr Vobornik <pvoborni@redhat.com>`
		590d18	`Date: Wed, 12 Aug 2015 10:35:38 +0200`
		590d18	`Subject: [PATCH] adjust search so that it works for non-admin users`
		590d18
		590d18	`Non-admin user can now search for:`
		590d18	`- hosts`
		590d18	`- hostgroups`
		590d18	`- netgroups`
		590d18	`- servers`
		590d18	`- services`
		590d18
		590d18	`(Fixes ACI issue where search returns nothing when user does't have`
		590d18	`read rights for an attribute in search_attributes.`
		590d18
		590d18	`https://fedorahosted.org/freeipa/ticket/5167`
		590d18
		590d18	`Reviewed-By: Tomas Babej <tbabej@redhat.com>`
		590d18	`---`
		590d18	`ipalib/plugins/host.py \| 2 +-`
		590d18	`ipalib/plugins/hostgroup.py \| 1 +`
		590d18	`ipalib/plugins/netgroup.py \| 4 ++++`
		590d18	`ipalib/plugins/server.py \| 1 +`
		590d18	`ipalib/plugins/service.py \| 3 +--`
		590d18	`5 files changed, 8 insertions(+), 3 deletions(-)`
		590d18
		590d18	`diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py`
		590d18	`index 410b4bd120743a6ad5787fbd2a55534b4f108601..3e882aefd210df73b7ffd15b5a4c1d2fc4173536 100644`
		590d18	`--- a/ipalib/plugins/host.py`
		590d18	`+++ b/ipalib/plugins/host.py`
		590d18	`@@ -292,7 +292,7 @@ class host(LDAPObject):`
		590d18	`# object_class_config = 'ipahostobjectclasses'`
		590d18	`search_attributes = [`
		590d18	`'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',`
		590d18	`- 'nshardwareplatform', 'nsosversion', 'managedby', 'ipaallowedtoperform'`
		590d18	`+ 'nshardwareplatform', 'nsosversion', 'managedby',`
		590d18	`]`
		590d18	`default_attributes = [`
		590d18	`'fqdn', 'description', 'l', 'nshostlocation', 'krbprincipalname',`
		590d18	`diff --git a/ipalib/plugins/hostgroup.py b/ipalib/plugins/hostgroup.py`
		590d18	`index fafe40ad9a8d1693505b7d90e5d8fd12202a894b..30d474d80905f02c4f88742a2677220c150b3c7f 100644`
		590d18	`--- a/ipalib/plugins/hostgroup.py`
		590d18	`+++ b/ipalib/plugins/hostgroup.py`
		590d18	`@@ -78,6 +78,7 @@ class hostgroup(LDAPObject):`
		590d18	`object_name_plural = _('host groups')`
		590d18	`object_class = ['ipaobject', 'ipahostgroup']`
		590d18	`permission_filter_objectclasses = ['ipahostgroup']`
		590d18	`+ search_attributes = ['cn', 'description', 'member', 'memberof']`
		590d18	`default_attributes = ['cn', 'description', 'member', 'memberof',`
		590d18	`'memberindirect', 'memberofindirect',`
		590d18	`]`
		590d18	`diff --git a/ipalib/plugins/netgroup.py b/ipalib/plugins/netgroup.py`
		590d18	`index d535b383e048fd12d08bde9247f158d183a5bcad..e69aaf94a035d0c4af28585f84b4b1f8105b3fc3 100644`
		590d18	`--- a/ipalib/plugins/netgroup.py`
		590d18	`+++ b/ipalib/plugins/netgroup.py`
		590d18	`@@ -86,6 +86,10 @@ class netgroup(LDAPObject):`
		590d18	`object_name_plural = _('netgroups')`
		590d18	`object_class = ['ipaobject', 'ipaassociation', 'ipanisnetgroup']`
		590d18	`permission_filter_objectclasses = ['ipanisnetgroup']`
		590d18	`+ search_attributes = [`
		590d18	`+ 'cn', 'description', 'memberof', 'externalhost', 'nisdomainname',`
		590d18	`+ 'memberuser', 'memberhost', 'member', 'usercategory', 'hostcategory',`
		590d18	`+ ]`
		590d18	`default_attributes = [`
		590d18	`'cn', 'description', 'memberof', 'externalhost', 'nisdomainname',`
		590d18	`'memberuser', 'memberhost', 'member', 'memberindirect',`
		590d18	`diff --git a/ipalib/plugins/server.py b/ipalib/plugins/server.py`
		590d18	`index 7fc44197343dbb651782fbf79993cbbe8818efed..5808c9c5ea78fce4a15cd2e49740fbe20bca8358 100644`
		590d18	`--- a/ipalib/plugins/server.py`
		590d18	`+++ b/ipalib/plugins/server.py`
		590d18	`@@ -38,6 +38,7 @@ class server(LDAPObject):`
		590d18	`object_name = _('server')`
		590d18	`object_name_plural = _('servers')`
		590d18	`object_class = ['top']`
		590d18	`+ search_attributes = ['cn']`
		590d18	`default_attributes = [`
		590d18	`'cn', 'iparepltopomanagedsuffix', 'ipamindomainlevel',`
		590d18	`'ipamaxdomainlevel'`
		590d18	`diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py`
		590d18	`index a5e10921beac8b232f6b74640ef17713f7297a3d..a21d004c8a70d50385c94b12447d5fd5bc0851b4 100644`
		590d18	`--- a/ipalib/plugins/service.py`
		590d18	`+++ b/ipalib/plugins/service.py`
		590d18	`@@ -391,8 +391,7 @@ class service(LDAPObject):`
		590d18	`]`
		590d18	`possible_objectclasses = ['ipakrbprincipal', 'ipaallowedoperations']`
		590d18	`permission_filter_objectclasses = ['ipaservice']`
		590d18	`- search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata',`
		590d18	`- 'ipaallowedtoperform']`
		590d18	`+ search_attributes = ['krbprincipalname', 'managedby', 'ipakrbauthzdata']`
		590d18	`default_attributes = ['krbprincipalname', 'usercertificate', 'managedby',`
		590d18	`'ipakrbauthzdata', 'memberof', 'ipaallowedtoperform']`
		590d18	`uuid_attribute = 'ipauniqueid'`
		590d18	`--`
		590d18	`2.4.3`
		590d18

pgreco / rpms / ipa

Source Code

Blame SOURCES/0055-adjust-search-so-that-it-works-for-non-admin-users.patch