Jan Zelený <jzel...@redhat.com> wrote: > Jan Zelený <jzel...@redhat.com> wrote: > > Rob Crittenden <rcrit...@redhat.com> wrote: > > > Jan Zelený wrote: > > > > Rob Crittenden<rcrit...@redhat.com> wrote: > > > >> Jan Zelený wrote: > > > >>> Recent change of DNS module to version caused that dns object type > > > >>> was replaced by dnszone and dnsrecord. This patch corrects dns > > > >>> types in permissions class. > > > >>> > > > >>> https://fedorahosted.org/freeipa/ticket/646 > > > >> > > > >> Nack. These values need to be added as valid types to the aci plugin > > > >> and the _type_map needs to be updated. > > > >> > > > >> rob > > > > > > > > I'm sending an updated patch. > > > > > > > > Jan > > > > > > Since dnszone and dnsrecord point to the same kind of entry what is the > > > point of having two separate names for them? When we read the entry we > > > aren't going to be able to differentiate between the two. > > > > I didn't take a look how the type thing works, so I'm kinda guessing here > > (please ignore the comment if it is wrong): > > Sure, object with idnszone class is always also in dnsrecord class, but > > that's not the case backwards (idnsrecord object isn't always idnszone) - > > so I think it is possible to set different ACIs for these two types. > > > > > Can the type be made more specific? > > > > If the mapping doesn't distinguish object classes and it can, maybe > > that's the answer. Will investagate further. But if not, I still think > > this is the way to go considering the underline issue which we tried to > > solve by this change. > > From what I found I think that making changes necessary to distinguish > dnsrecord and dnszone are not worth it, especially that user can use > "filter" for that purpose. Since having both of them doesn't have any > additional value, I'm sending new version of the patch, which is only > adding dnsrecord type. > > Jan
Just a small reminder that this patch is ready to be re-reviewed. Thanks Jan _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
