User rights to only edit domain aliases in WAP

Tobias Brunner tobias at tobru.ch
Wed Oct 5 09:24:35 CEST 2016


>> I'd like to allow a user to only edit domain aliases in WAP but not add
>> or remove (deactivate) a domain. Experiments with LDAP ACLs didn't help
>> here, it looks like WAP doesn't support this use case. How do others see
>> this?
>>
>> Searching the code reveals that the API only supports "entryLevelRights"
>> and not "attributeLevelRights":
>> https://git.kolab.org/diffusion/WAP/browse/master/lib/api/kolab_api_service_domains.php.
>> Do I interpret this correctly?
> 
> Yes, the only way is to remove "Add" permission from entryLevelRights.
> The code is in kolab_api_service_domain.php. Note that capabilities are
> cached in session, so to see a change you have to re-login or enable
> devel_mode.

Does that mean I would have to change that directly in the code? Or can
I do that using some configuration options?

Cheers,
Tobias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kolab.org/pipermail/users/attachments/20161005/5c5e4b2d/attachment.sig>


More information about the users mailing list