Ñò Ã#xPc @s¦ddklZlZlZddklZlZddklZddklZlZl Z ddkl Z ddkl Z l Z ddk lZedƒZd Zed d ed ƒƒfZd e fd„ƒYZeieƒdeifd„ƒYZeieƒdeifd„ƒYZeieƒdeifd„ƒYZeieƒdeifd„ƒYZeieƒdeifd„ƒYZeieƒdS(iÿÿÿÿ(tapit_tngettext(tFlagtStr(tcontext(Rtcrudterrors(toutput(tObjecttCommand(tgen_pkey_only_optionsÍ Group to Group Delegation A permission enables fine-grained delegation of permissions. Access Control Rules, or instructions (ACIs), grant permission to permissions to perform given tasks such as adding a user, modifying a group, etc. Group to Group Delegations grants the members of one group to update a set of attributes of members of another group. EXAMPLES: Add a delegation rule to allow managers to edit employee's addresses: ipa delegation-add --attrs=street --group=managers --membergroup=employees "managers edit employees' street" When managing the list of attributes you need to include all attributes in the list, including existing ones. Add postalCode to the list: ipa delegation-mod --attrs=street,postalCode --group=managers --membergroup=employees "managers edit employees' street" Display our updated rule: ipa delegation-show "managers edit employees' street" Delete a rule: ipa delegation-del "managers edit employees' street" u delegationtacitlabeltACIt delegationcBs:eZdZeZedƒZedƒZedƒZedƒZ e dddded ƒd ed ƒd e ƒe d dd dedƒd edƒde ƒe ddddedƒd edƒde dd„ƒe ddddedƒd edƒƒe ddddedƒd edƒƒfZ d„Z d„ZRS( s Delegation object. Rt delegationst Delegationst Delegationtacinametcli_nametnameR sDelegation nametdoct primary_keys permissions*t permissionst PermissionssMComma-separated list of permissions to grant (read, write). Default is write.tcsvsattrs+tattrst Attributess"Comma-separated list of attributest normalizercCs |iƒS((tlower(tvalue((s=/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.pyt]stmemberoft membergroupsMember user groups!User group to apply delegation totgroups User groupsUser group ACI grants access tocs^d }t‡fd†|Dƒƒ}ˆii|d qs Rtmethods(slabelslabel_singulars takes_paramssbindablesnames object_namesobject_name_plural(tdictRRR-(R,tjson_friendly_attributest json_dictt_[1]tm((R,s=/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.pyt__json__ks(cCs%y |d=Wntj onXdS(Nt aciprefix(tKeyError(R,tresult((s=/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.pytpostprocess_resultxs (t__name__t __module__t__doc__tFalseR&RR'R(R R$RtTrueR%R3R7(((s=/usr/lib/python2.6/site-packages/ipalib/plugins/delegation.pyR?s@                    tdelegation_addcBs/eZedƒZedƒZeZd„ZRS(sAdd a new delegation.sAdded delegation "%(value)s"cKsbd|jod|ds.  @