User rights to only edit domain aliases in WAP
Tobias Brunner
tobias at tobru.ch
Wed Oct 5 09:24:35 CEST 2016
>> I'd like to allow a user to only edit domain aliases in WAP but not add
>> or remove (deactivate) a domain. Experiments with LDAP ACLs didn't help
>> here, it looks like WAP doesn't support this use case. How do others see
>> this?
>>
>> Searching the code reveals that the API only supports "entryLevelRights"
>> and not "attributeLevelRights":
>> https://git.kolab.org/diffusion/WAP/browse/master/lib/api/kolab_api_service_domains.php.
>> Do I interpret this correctly?
>
> Yes, the only way is to remove "Add" permission from entryLevelRights.
> The code is in kolab_api_service_domain.php. Note that capabilities are
> cached in session, so to see a change you have to re-login or enable
> devel_mode.
Does that mean I would have to change that directly in the code? Or can
I do that using some configuration options?
Cheers,
Tobias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20161005/5c5e4b2d/attachment.sig>
More information about the users
mailing list