On Wed, 2011-01-26 at 10:20 -0500, Dmitri Pal wrote: > I took a quick look. > > Rob, I thought that there are different APIs for self and delegation. Is > this is the case? > ipa permission-... functions should never deal with self service or > delegation acis > They are just for the permission ACIs connected to the target groups. > I do not think this is the right approach. > The prefix is need but it should be automatically added if you use this > interface.
Well, this patch ensures that permission-* functions will not deal with selfservice od delegation ACIs. Each of these plugins has its own prefix (e.g. "permission:" or "delegation:") which is added to the underlying ACI name. Because of this, the Permission, Selfservice and Delegation plugins work only with ACIs with "their" prefix. Prefix is not visible for user, it is passed to ACI functions automatically by Permission, Delegation and Selfservice plugins. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
