freeipa

Clone
Source Code
GIT

4ad8055 Re-implement access control using an updated model.

31 files Authored by rcritten 13 years ago, Committed by simo 13 years ago,
raw patch tree parent
31 files changed. 2740 lines added. 2192 lines removed.
install/share/default-aci.ldif
file modified
+5 -0
install/share/delegation.ldif
file modified
+515 -106
install/share/dns.ldif
file modified
+26 -1
install/updates/30-rolegroup.update
file removed
-6
install/updates/30-taskgroup.update
file removed
-5
install/updates/40-delegation.update
file removed
-732
install/updates/Makefile.am
file modified
+0 -3
ipalib/constants.py
file modified
+3 -2
ipalib/errors.py
file modified
+4 -4
ipalib/plugins/aci.py
file modified
+143 -36
ipalib/plugins/baseldap.py
file modified
+253 -11
ipalib/plugins/group.py
file modified
+2 -2
ipalib/plugins/host.py
file modified
+3 -3
ipalib/plugins/permission.py
file added
+363
ipalib/plugins/privilege.py
file added
+191
ipalib/plugins/role.py
file added
+212
ipalib/plugins/rolegroup.py
file removed
-165
ipalib/plugins/service.py
file modified
+1 -1
ipalib/plugins/taskgroup.py
file removed
-136
ipalib/plugins/user.py
file modified
+1 -1
ipaserver/install/bindinstance.py
file modified
+1 -1
tests/test_xmlrpc/objectclasses.py
file modified
+8 -2
tests/test_xmlrpc/test_aci_plugin.py
file removed
-321
tests/test_xmlrpc/test_group_plugin.py
file modified
+1 -10
tests/test_xmlrpc/test_netgroup_plugin.py
file modified
+9 -9
tests/test_xmlrpc/test_permission_plugin.py
file added
+400
tests/test_xmlrpc/test_privilege_plugin.py
file added
+365
tests/test_xmlrpc/test_role_plugin.pytests/test_xmlrpc/test_rolegroup_plugin.py
file renamed
+233 -134
tests/test_xmlrpc/test_sudocmdgroup_plugin.py
file modified
+1 -1
tests/test_xmlrpc/test_taskgroup_plugin.py
file removed
-496
tests/test_xmlrpc/test_user_plugin.py
file modified
+0 -4 
    Re-implement access control using an updated model.
    
    The new model is based on permssions, privileges and roles.
    Most importantly it corrects the reverse membership that caused problems
    in the previous implementation. You add permission to privileges and
    privileges to roles, not the other way around (even though it works that
    way behind the scenes).
    
    A permission object is a combination of a simple group and an aci.
    The linkage between the aci and the permission is the description of
    the permission. This shows as the name/description of the aci.
    
    ldap:///self and groups granting groups (v1-style) are not supported by
    this model (it will be provided separately).
    
    This makes the aci plugin internal only.
    
    ticket 445
file modified
+5 -0
file modified
+515 -106
file modified
+26 -1
file removed
-6
file removed
-5
file removed
-732
file modified
+0 -3
file modified
+3 -2
file modified
+4 -4
file modified
+143 -36
file modified
+253 -11
file modified
+2 -2
file modified
+3 -3
file added
+363
file added
+191
file added
+212
file removed
-165
file modified
+1 -1
file removed
-136
file modified
+1 -1
file modified
+1 -1
file modified
+8 -2
file removed
-321
file modified
+1 -10
file modified
+9 -9
file added
+400
file added
+365
tests/test_xmlrpc/test_role_plugin.py tests/test_xmlrpc/test_rolegroup_plugin.py
file renamed
+233 -134
file modified
+1 -1
file removed
-496
file modified
+0 -4
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.