Changeset 683

Timestamp:

01/21/10 01:06:46 (14 years ago)

Author:

nanardon

Message:

• implement a basic attribute value check, at time allow just to limit to a set of value

Location:

LATMOS-Accounts

Files:

• lib/LATMOS/Accounts.pm (modified) (2 diffs)
• lib/LATMOS/Accounts/Bases.pm (modified) (3 diffs)
• lib/LATMOS/Accounts/Bases/Objects.pm (modified) (2 diffs)
• sample/allowed_values.ini (added)
• sample/latmos-account.ini (modified) (1 diff)

LATMOS-Accounts/lib/LATMOS/Accounts.pm

@@ -48 +48 @@
         };
         $self->{_acls} = $acls;
+    }
+
+    if ($self->val('_default_', 'allowed_values')) {
+        $self->{_allowed_values} = Config::IniFiles->new(
+            -file => $self->val('_default_', 'allowed_values'),
+            -allowempty => 1,
+        ) or do {
+            return;
+        };
+    } else {
+        $self->{_allowed_values} = Config::IniFiles->new();
     }
 
@@ -143 +154 @@
         label => $section,
         acls => $self->{_acls},
+        allowed_values => $self->{_allowed_values},
     ) or do {
         la_log(LA_WARN, "Cannot instanciate base $section ($type)");

LATMOS-Accounts/lib/LATMOS/Accounts/Bases.pm

@@ -48 +48 @@
     $base->{defattr} = $options{defattr};
     $base->{_acls} = $options{acls};
+    $base->{_allowed_values} = $options{allowed_values};
     la_log(LA_DEBUG, 'Instanciate base %s (%s)', ($options{label} || 'N/A'), $pclass);
     $base
@@ -75 +76 @@
 sub type {
     $_[0]->{_type};
+}
+
+sub allowed_values {
+    $_[0]->{_allowed_values}
+}
+
+sub check_allowed_values {
+    my ($self, $otype, $attr, $attrvalues) = @_;
+    my @values = ref $attrvalues ? @{ $attrvalues } : $attrvalues;
+    foreach my $value (@values) {
+        $value or next;
+        if (my @allowed = $self->allowed_values->val("$otype.$attr", 'allowed')) {
+            grep { $value eq $_ } @allowed or do {
+                $self->log(LA_ERR,
+                    "value `%s' is not allow for %s.%s per configuration (allowed_values)",
+                    $value, $otype, $attr
+                );
+                return;
+            };
+        }
+    }
+    return 1;
 }
 
@@ -237 +260 @@
         return;
     }
+    foreach my $cfield (keys %cdata) {
+        $self->check_allowed_values($otype, $cfield, $cdata{$cfield}) or do {
+            $self->log(LA_ERR, "Cannot create $otype, wrong value");
+            return;
+        };
+    }
+
     $self->_create_c_object($otype, $id, %cdata);
 }

LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Objects.pm

@@ -253 +253 @@
 =cut
 
+sub check_allowed_values {
+    my ($self, $attr, $values) = @_;
+    $self->base->check_allowed_values($self->type, $attr, $values);
+}
+
 =head2 set_c_fields(%data)
 
@@ -262 +267 @@
 sub set_c_fields {
     my ($self, %cdata) = @_;
-    my %data;
     eval {
         foreach my $cfield (keys %cdata) {
             $self->base->check_acl($self, $cfield, 'w') or 
-                die "permission denied";
+                die "permission denied\n";
+        }
+
+        foreach my $cfield (keys %cdata) {
+            $self->check_allowed_values($cfield, $cdata{$cfield}) or
+                die "incorrect attribute\n";
         }
     };
-    return if($@);
+    if($@) {
+        $self->base->log(LA_ERR, "Cannot modified %s/%s: %s",
+            $self->type, $self->id, $@
+        );
+        return;
+    }
     $self->_set_c_fields(%cdata);
 }

LATMOS-Accounts/sample/latmos-account.ini

@@ -9 +9 @@
 # The acls file to use to limit access
 #acls =
+# An inifile containing per attributes values restriction
+# allowed_values =
 # smtp: the server used to send mail
 smtp = localhost