Description of problem:
The get effective rights control returns access control status for attributes
existing in an entry. However this means that access control status cannot be
determined for attribute types that are allowed but not present on an entry, so
for example, a gui interface cannot predetermine if a user is allowed to add the
first value for an attribute and therefore should display the field for
modification. This would be a nice thing for freeIPA.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. use effective rights control
no mention of allowed but not existing attributes
The ability to get ionformation on these attribute types - possibly by way of a
flag for the control.
This has been fixed, correct?
(In reply to comment #4)
> This has been fixed, correct?
Yes, one of these cases on the wiki page should cover the RFE, I think.
2-2. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of the user given attribute list, which do not exist in the entries. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search.
2-3. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of all the available attributes associated with the entry's objectclasses, which values may or may not exist. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search.
This is the bug I used to work on GER enhancement.
Bug 437525 - GER: allow GER for non-existing entries
Can we mark this bug as Duplicate of 437525?
*** This bug has been marked as a duplicate of bug 437525 ***