Changeset 480
- Timestamp:
- 10/04/09 05:01:59 (15 years ago)
- Location:
- LATMOS-Accounts
- Files:
-
- 1 deleted
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
LATMOS-Accounts/MANIFEST
r479 r480 7 7 annexes/sql.schema.sql 8 8 bin/la-acls 9 bin/la-attributes10 9 bin/la-config 11 10 bin/la-create -
LATMOS-Accounts/lib/LATMOS/Accounts/Acls.pm
r479 r480 33 33 enclose into bracket, either a '*' to match any attribute. 34 34 35 Special keyword C< @CREATE> and C<@DELETE> can be used to allow or deny object35 Special keyword C<CREATE> and C<DELETE> can be used to allow or deny object 36 36 creation and deletion. In this case USER in form C<$...> and read permission 37 have no effect (see below). C<*> do not include C< @CREATE> and C<@DELETE> action.37 have no effect (see below). C<*> do not include C<CREATE> and C<DELETE> action. 38 38 39 39 =item USER can be … … 127 127 sub check { 128 128 my ($self, $obj, $attr, $perm, $who, $groups) = @_; 129 # Asking 'r' perm over create or delete has no sense:130 $attr =~ /^@(CREATE|DELETE)$/ && $perm eq 'r' and return;131 132 129 foreach my $acl (@{$self->{_acls}}) { 133 130 my $res = $acl->match($obj, $attr, $perm, $who, $groups); … … 191 188 my $objtype = ref $obj ? lc($obj->type) : $obj; 192 189 $attr = lc($attr); 193 194 # Does this ACL series concern this object:195 190 if (!($self->{obj} eq '*' || $self->{obj} eq $objtype)) { 196 191 return 197 192 } 198 # Does this ACL series concern this attribute: 199 grep { ($_ !~ /^@(CREATE|DELETE)$/ && $_ eq '*') || $_ eq $attr } @{$self->{attr}} or return; 200 201 # Foreach user, testing if this permission match: 193 grep { ($_ !~ /^(CREATE|DELETE)$/ && $_ eq '*') || $_ eq $attr } @{$self->{attr}} or return; 194 202 195 foreach my $u (@{ $self->{users} }) { 203 # Obj have attr eq login user204 196 if (substr($u->{user}, 0, 1) eq '$') { # check attr content 205 197 if (ref $obj) { … … 209 201 return ($u->{$perm} || 0) if (grep { $_ eq $who } @vals); 210 202 } 211 # user is in group212 203 } elsif (substr($u->{user}, 0, 1) eq '%') { # group 213 204 my $group = substr($u->{user}, 1); 214 205 return ($u->{$perm} || 0) if (grep { $group eq $_ } @{$groups ||[]}); 215 # any user216 206 } elsif ($u->{user} eq '*' || $u->{user} eq $who) { 217 207 return $u->{$perm} || 0; 218 # any authenticated user219 208 } elsif (lc($u->{user}) eq '@authenticated' && $who) { 220 209 return $u->{$perm} || 0; 221 # not login222 210 } elsif (lc($u->{user}) eq '@anonymous' && $who eq "") { 223 211 return $u->{$perm} || 0;
Note: See TracChangeset
for help on using the changeset viewer.