Changeset 1048
- Timestamp:
- 06/01/12 08:25:19 (12 years ago)
- Location:
- trunk/LATMOS-Accounts
- Files:
-
- 2 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LATMOS-Accounts/MANIFEST
r1045 r1048 44 44 latmos-accounts.spec.in 45 45 lib/LATMOS/Accounts/Acls.pm 46 lib/LATMOS/Accounts/Acls/Acl.pm 46 47 lib/LATMOS/Accounts/Bases/Ad/Group.pm 47 48 lib/LATMOS/Accounts/Bases/Ad/User.pm -
trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Acls.pm
r1023 r1048 4 4 use warnings; 5 5 use LATMOS::Accounts::Log; 6 use LATMOS::Accounts::Acls::Acl; 6 7 7 8 our $VERSION = (q$Rev: 330 $ =~ /^Rev: (\d+) /)[0]; … … 15 16 =cut 16 17 17 =head 1 new($file)18 =head2 new ($file) 18 19 19 20 Instanciate Acls from C<$file> … … 107 108 push(@{$self->{_acls}}, $acl); 108 109 } 109 $acl = LATMOS::Accounts::Acls:: acl->new($1) or do {110 $acl = LATMOS::Accounts::Acls::Acl->new($1) or do { 110 111 la_log(LA_ERR, "Error in %s at line %d", $file, 111 112 $line_nb); … … 147 148 sub add { 148 149 my ($self, $obj, $list) = @_; 149 my $acl = LATMOS::Accounts::Acls:: acl->new(150 my $acl = LATMOS::Accounts::Acls::Acl->new( 150 151 $obj, $list) or return; 151 152 push(@{$self->{_acls}}, $acl); … … 172 173 } 173 174 175 =head2 dump 176 177 Return currently load acl as text 178 179 =cut 180 174 181 sub dump { 175 182 my ($self) = @_; … … 179 186 } 180 187 181 package LATMOS::Accounts::Acls::acl;182 use strict;183 use warnings;184 185 =head1 LATMOS::Accounts::Acls::acl186 187 =head2 new($objdotatt, $list)188 189 Create new sub acl where C<$objdotatt> is object in form C<Object.Attribute> and190 C<$list> the list of permission.191 192 =cut193 194 sub new {195 my ($class, $objdotatt, $list) = @_;196 my ($obj, $attr) = $objdotatt =~ /^([^.]+)\.(.*)/ or return;197 my @attrs = ($attr =~ /^\{(.*)\}$/)198 ? (split(/\s*,\s*/, $1))199 : ($attr);200 @attrs or return;201 my $acl = {202 obj => lc($obj),203 attr => [ map { lc } @attrs ],204 users => [], # user->{r} = 1205 };206 bless($acl, $class);207 foreach my $k (@{ $list || [] }) {208 $acl->add_perm($k) or return;209 }210 $acl211 }212 213 =head2 add_perm($perm)214 215 Add a permission to this sub acl216 217 =cut218 219 sub add_perm {220 my ($self, $perm) = @_;221 my ($username, $perms) = $perm =~ /^\s*(\S*):\s*(.*)$/;222 $username && $perms or return;223 my $user = { user => $username };224 foreach (split(/\s*,\s*/, $perms)) {225 /^read$/i and do { $user->{r} = 1; next; };226 /^write$/i and do { $user->{w} = 1; next; };227 /^deny$/i and do {228 # reseting...229 $user->{r} = 0;230 $user->{w} = 0;231 last; # we end here, life is hard232 };233 return;234 }235 push(@{$self->{users}}, $user);236 1237 }238 239 =head2 match($obj, $attr, $perm, $who, $groups)240 241 Return true is this sub acl apply to C<$obj>/C<$attr> for C<$perm> by user242 C<$who> in groups C<$groups>.243 244 =cut245 246 sub match {247 my ($self, $obj, $attr, $perm, $who, $groups) = @_;248 my $objtype = ref $obj ? lc($obj->type) : $obj;249 $attr = lc($attr);250 251 # Does this ACL series concern this object:252 if (!($self->{obj} eq '*' || $self->{obj} eq $objtype)) {253 return254 }255 # Does this ACL series concern this attribute:256 grep { $_ eq '*' || $_ eq $attr } @{$self->{attr}} or return;257 258 # Foreach user, testing if this permission match:259 foreach my $u (@{ $self->{users} }) {260 # Obj have attr eq login user261 if (substr($u->{user}, 0, 1) eq '$') { # check attr content262 if (ref $obj) {263 my $attribute = substr($u->{user}, 1);264 my $val = $obj->_get_c_field($attribute) or return;265 my @vals = ref $val ? (@{ $val }) : ($val);266 return $u->{$perm} if (defined($u->{$perm}) && grep { $_ eq $who } @vals);267 }268 # user is in group269 } elsif (substr($u->{user}, 0, 1) eq '%') { # group270 my $group = substr($u->{user}, 1);271 return $u->{$perm} if (defined($u->{$perm}) && grep { $group eq $_ } grep { $_ } @{$groups ||[]});272 # any user273 } elsif ($u->{user} eq '*' || $u->{user} eq $who) {274 return $u->{$perm} if (defined($u->{$perm}));275 # any authenticated user276 } elsif (lc($u->{user}) eq '@authenticated' && $who) {277 return $u->{$perm} if (defined($u->{$perm}));278 # not login279 } elsif (lc($u->{user}) eq '@anonymous' && $who eq "") {280 return $u->{$perm} if (defined($u->{$perm}));281 }282 }283 return;284 }285 286 =head2 dump287 288 Return a textual dump of the sub acl289 290 =cut291 292 sub dump {293 my ($self) = @_;294 my $dump = sprintf("%s.{%s}\n", $self->{obj}, join(', ', @{$self->{attr}}));295 foreach my $u (@{ $self->{users} }) {296 $dump .= sprintf("\t%s: %s\n",297 $u->{user},298 join(', ', ($u->{r} ? 'read' : ()), ($u->{w} ? 'write' : ())) ||299 'deny');300 }301 $dump302 }303 304 188 1; 305 189 … … 307 191 308 192 =head1 SEE ALSO 193 194 L<LATMOS::Accounts::Acls::Acl> 309 195 310 196 =head1 AUTHOR -
trunk/LATMOS-Accounts/t/21_acls.t
r490 r1048 1 1 use strict; 2 2 use warnings; 3 use Test::More tests => 1 4;3 use Test::More tests => 15; 4 4 5 5 use_ok('LATMOS::Accounts::Acls'); 6 use_ok('LATMOS::Accounts::Acls::Acl'); 6 7 7 8 { 8 ok(my $acl = LATMOS::Accounts::Acls:: acl->new('user.uid', [ 'user1: read' ]),9 ok(my $acl = LATMOS::Accounts::Acls::Acl->new('user.uid', [ 'user1: read' ]), 9 10 "can create single acl"); 10 11 is($acl->match(fakeobject->new('user', 'user1'), 'uid', 'r', 'user1'), 1, "acl match");
Note: See TracChangeset
for help on using the changeset viewer.