Description of problem: The get effective rights control returns access control status for attributes existing in an entry. However this means that access control status cannot be determined for attribute types that are allowed but not present on an entry, so for example, a gui interface cannot predetermine if a user is allowed to add the first value for an attribute and therefore should display the field for modification. This would be a nice thing for freeIPA. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. use effective rights control 2. 3. Actual results: no mention of allowed but not existing attributes Expected results: The ability to get ionformation on these attribute types - possibly by way of a flag for the control. Additional info:
This has been fixed, correct?
(In reply to comment #4) > This has been fixed, correct? Yes, one of these cases on the wiki page should cover the RFE, I think. 2-2. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of the user given attribute list, which do not exist in the entries. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search. 2-3. requester: tuser0, subject user: tuser0: tuser0 shows tuser0's effective rights of all the available attributes associated with the entry's objectclasses, which values may or may not exist. tuser0 is allowed to see the effective rights of the entries that tuser0 can read/search. http://directory.fedoraproject.org/wiki/Get_Effective_Rights_for_non-present_attributes#2._Cases_newly_supported This is the bug I used to work on GER enhancement. Bug 437525 - GER: allow GER for non-existing entries Can we mark this bug as Duplicate of 437525?
*** This bug has been marked as a duplicate of bug 437525 ***