Changeset 479
- Timestamp:
- 10/04/09 05:01:12 (15 years ago)
- Location:
- LATMOS-Accounts
- Files:
-
- 1 added
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
LATMOS-Accounts/MANIFEST
r446 r479 7 7 annexes/sql.schema.sql 8 8 bin/la-acls 9 bin/la-attributes 9 10 bin/la-config 10 11 bin/la-create -
LATMOS-Accounts/lib/LATMOS/Accounts/Acls.pm
r478 r479 33 33 enclose into bracket, either a '*' to match any attribute. 34 34 35 Special keyword C< CREATE> and C<DELETE> can be used to allow or deny object35 Special keyword C<@CREATE> and C<@DELETE> can be used to allow or deny object 36 36 creation and deletion. In this case USER in form C<$...> and read permission 37 have no effect (see below). C<*> do not include C< CREATE> and C<DELETE> action.37 have no effect (see below). C<*> do not include C<@CREATE> and C<@DELETE> action. 38 38 39 39 =item USER can be … … 127 127 sub check { 128 128 my ($self, $obj, $attr, $perm, $who, $groups) = @_; 129 # Asking 'r' perm over create or delete has no sense: 130 $attr =~ /^@(CREATE|DELETE)$/ && $perm eq 'r' and return; 131 129 132 foreach my $acl (@{$self->{_acls}}) { 130 133 my $res = $acl->match($obj, $attr, $perm, $who, $groups); … … 188 191 my $objtype = ref $obj ? lc($obj->type) : $obj; 189 192 $attr = lc($attr); 193 194 # Does this ACL series concern this object: 190 195 if (!($self->{obj} eq '*' || $self->{obj} eq $objtype)) { 191 196 return 192 197 } 193 grep { ($_ !~ /^(CREATE|DELETE)$/ && $_ eq '*') || $_ eq $attr } @{$self->{attr}} or return; 194 198 # Does this ACL series concern this attribute: 199 grep { ($_ !~ /^@(CREATE|DELETE)$/ && $_ eq '*') || $_ eq $attr } @{$self->{attr}} or return; 200 201 # Foreach user, testing if this permission match: 195 202 foreach my $u (@{ $self->{users} }) { 203 # Obj have attr eq login user 196 204 if (substr($u->{user}, 0, 1) eq '$') { # check attr content 197 205 if (ref $obj) { … … 201 209 return ($u->{$perm} || 0) if (grep { $_ eq $who } @vals); 202 210 } 211 # user is in group 203 212 } elsif (substr($u->{user}, 0, 1) eq '%') { # group 204 213 my $group = substr($u->{user}, 1); 205 214 return ($u->{$perm} || 0) if (grep { $group eq $_ } @{$groups ||[]}); 215 # any user 206 216 } elsif ($u->{user} eq '*' || $u->{user} eq $who) { 207 217 return $u->{$perm} || 0; 218 # any authenticated user 208 219 } elsif (lc($u->{user}) eq '@authenticated' && $who) { 209 220 return $u->{$perm} || 0; 221 # not login 210 222 } elsif (lc($u->{user}) eq '@anonymous' && $who eq "") { 211 223 return $u->{$perm} || 0;
Note: See TracChangeset
for help on using the changeset viewer.