Bug 659030
| Summary: | --rights help for the affected CLI commands need to descibe what the output means | ||
|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Jenny Severance <jgalipea> |
| Component: | ipa-admintools | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 2.0 | CC: | benl, dpal, jgalipea, jzeleny |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | freeipa-2.1.0-1.fc15 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-28 09:39:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This isn't designed for a typical user to view (though we don't prevent it). It is meant specifically for things that want to manage behavior based on available rights, like a UI that disables fields that aren't writable. Since you have to specifically ask for it I don't see a problem leaving in in a more machine-readable format. Jenny, I agree with Rob here. I think that this is a pretty acceptable format if the help/man page describe what the line: u'rscwo' actually means. I deciphered it as permissions: r- read, s-search, c- create, w- write, o-delete (why o???) Am I right? Also why u'...' format? Anyways, if it is all explained, I am fine. If not then this should be used as a bug to explain what it is. Other comment, for readability it might make sense to leave checking of the --rights till later in the code so that the right attribute appeared last. Acceptable, if the man help describes the format and what it means. This affects quite a few help pages. Changing title to reflect the decision. This is the kind of thing that would go into the ipa.1 man page I think. Just for reference, the documentation of rights is here: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Viewing_the_ACIs_for_an_Entry-Get_Effective_Rights_Control.html master: 2d97f4b335ce2f2f1d62194ef614af3ace77a57e |
Description of problem: Example with group-show ########################################################################### [root@jennyv1 install]# ipa group-show --all --rights test dn: cn=test,cn=groups,cn=accounts,dc=testrelm Group name: test Description: test GID: 111111111 attributelevelrights: {'cn': u'rscwo', 'businesscategory': u'rscwo', 'objectclass': u'rscwo', 'memberof': u'rsc', 'aci': u'rscwo', 'o': u'rscwo', 'member': u'rscwo', 'gidnumber': u'rscwo', 'ipauniqueid': u'rsc', 'memberuid': u'rscwo', 'owner': u'rscwo', 'ou': u'rscwo', 'seealso': u'rscwo', 'userpassword': u'wo', 'nsaccountlock': u'rscwo', 'description': u'rscwo'} ipauniqueid: 8537dec0-fd83-11df-a1d3-000c29a992d9 objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup ############################################################################# How do you interpret "attributelevelrights"? Why are we displaying the attribute in raw when I didn't not specify raw? Version-Release number of selected component (if applicable): ipa-server-1.91-0.2010113023git20b1e0a.fc13.i686 ipa-admintools-1.91-0.2010113023git20b1e0a.fc13.i686 How reproducible: always Steps to Reproduce: 1. add a group # ipa group-add --desc=test test 2. show all with rights for the group # ipa group-show --all --rights test 3. Actual results: attributelevelrights: {'cn': u'rscwo', 'businesscategory': u'rscwo', 'objectclass': u'rscwo', 'memberof': u'rsc', 'aci': u'rscwo', 'o': u'rscwo', 'member': u'rscwo', 'gidnumber': u'rscwo', 'ipauniqueid': u'rsc', 'memberuid': u'rscwo', 'owner': u'rscwo', 'ou': u'rscwo', 'seealso': u'rscwo', 'userpassword': u'wo', 'nsaccountlock': u'rscwo', 'description': u'rscwo'} Expected results: Label to not be raw and the values to be human readable. Example: (mirror the labels for attributes - provided by the UI is probably the best ...) Effective Rights: Common Name: Business Category: etc ... Additional info: