#4034 New permissions system
Closed: Fixed None Opened 8 years ago by pviktori.

Split out from https://fedorahosted.org/freeipa/ticket/3566

  • Permission ACIs can be in the specific subtree they apply to
  • All ACI data is stored in the Permission entry (easier searching, manipulation, audit)
  • Allow read/search/compare permissions (small change lumped in here)
  • Ensure backward compatibility with old servers

This will enable/simplify other ACI changes: https://fedorahosted.org/freeipa/ticket/4032 https://fedorahosted.org/freeipa/ticket/4033


master:

423bb38 Test adding noaci/system permissions to privileges[[BR]]
d38748d Make sure SYSTEM permissions can be retreived with --all --raw[[BR]]
7fc35ce permission plugin: Ensure ipapermlocation (subtree) always exists[[BR]]
53caa7a Roll back ACI changes on failed permission updates[[BR]]
f47669a Verify ACIs are added correctly in tests[[BR]]
d7ee87c Rewrite the Permission plugin[[BR]]
445634d Add new permission schema[[BR]]
8ddb5da Add tests for permission plugin with older clients[[BR]]
a1236b6 Allow Declarative test classes to specify the API version[[BR]]
a8ba5e0 Allow sets for initialization of frozenset-typed Param keywords[[BR]]

Metadata Update from @pviktori:
- Issue assigned to pviktori
- Issue set to the milestone: FreeIPA 4.0 - 2013/12

4 years ago

Login to comment on this ticket.

Metadata