| [vhffs-dev] [961] Finished ACL improvements |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 961
Author: gradator
Date: 2007-10-05 15:47:45 +0000 (Fri, 05 Oct 2007)
Log Message:
-----------
Finished ACL improvements
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Acl.pm
trunk/vhffs-api/src/examples/show_acl_per_object.pl
trunk/vhffs-panel/acl/view.pl
trunk/vhffs-panel/templates/acl/view.tmpl
Modified: trunk/vhffs-api/src/Vhffs/Acl.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Acl.pm 2007-10-04 22:52:25 UTC (rev 960)
+++ trunk/vhffs-api/src/Vhffs/Acl.pm 2007-10-05 15:47:45 UTC (rev 961)
@@ -76,8 +76,8 @@
{
my $user = shift;
my $object = shift;
- my $main = shift;
- return get_perm( $main , $object , $user );
+ my $vhffs = shift;
+ return get_perm( $vhffs , $object , $user );
}
@@ -95,39 +95,62 @@
sub add_acl
{
- my ( $granted_oid , $target_oid , $perm , $main ) = @_;
+ my ( $granted_oid , $target_oid , $perm , $vhffs ) = @_;
return -1 unless(defined $granted_oid && defined $target_oid );
- return -2 unless( $granted_oid->get_type == Vhffs::Constants::TYPE_USER || $granted_oid->get_type == Vhffs::Constants::TYPE_GROUP );
- my $sql = 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)';
- my $dbh = $main->get_db_object;
- return -3 unless( $dbh->do($sql, undef, $granted_oid->get_oid, $perm, $target_oid->get_oid) );
- return 1;
+ return -2 unless( $granted_oid->get_type == Vhffs::Constants::TYPE_USER || $granted_oid->get_type == Vhffs::Constants::TYPE_GROUP );
+ my $sql = 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)';
+ my $dbh = $vhffs->get_db_object;
+ return -3 unless( $dbh->do($sql, undef, $granted_oid->get_oid, $perm, $target_oid->get_oid) );
+ return 1;
}
+
+sub add_acl_oid
+{
+ my ( $vhffs, $target_oid , $granted_oid , $perm ) = @_;
+ return -1 unless(defined $vhffs && defined $target_oid && defined $granted_oid && defined $perm );
+ return -3 unless $vhffs->get_db_object->do( 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)' , undef, $granted_oid, $perm, $target_oid);
+ return 1;
+}
+
+
sub update_acl
{
- my ($main, $target_oid, $granted_oid, $perm) = @_;
+ my ($vhffs, $target_oid, $granted_oid, $perm) = @_;
- return -1 unless(defined $target_oid && defined $granted_oid && defined $perm);
+ return -1 unless(defined $vhffs && defined $target_oid && defined $granted_oid && defined $perm);
- return del_acl( $main , $target_oid, $granted_oid ) if( $perm < 0 );
-
- my $sql = 'UPDATE vhffs_acl SET perm = ? WHERE target_oid=? AND granted_oid=?';
- my $dbh = $main->get_db_object;
# If no line was updated, ACL doesn't exists => error
- return -2 unless ($dbh->do($sql, undef, $perm, $target_oid, $granted_oid) > 0);
+ return -2 unless( $vhffs->get_db_object->do( 'UPDATE vhffs_acl SET perm = ? WHERE target_oid=? AND granted_oid=?', undef, $perm, $target_oid, $granted_oid) > 0 );
return 1;
}
+# return 1 if acl has been added, 2 if acl has been updated, 3 if acl has been deleted, -1 is something went wrong
+sub add_update_or_del_acl
+{
+ my ($vhffs, $target_oid, $granted_oid, $perm) = @_;
+ return -1 unless(defined $vhffs && defined $target_oid && defined $granted_oid && defined $perm);
+
+ if( $perm == Vhffs::Constants::ACL_UNDEFINED ) {
+ return 3 if( del_acl( $vhffs, $target_oid, $granted_oid ) > 0 );
+ return -1;
+ }
+
+ return 2 if( update_acl( $vhffs, $target_oid, $granted_oid, $perm ) > 0 );
+ return 1 if( add_acl_oid( $vhffs, $target_oid, $granted_oid, $perm ) > 0 );
+ return -1;
+}
+
+
sub del_acl
{
- my ( $main, $target_oid , $granted_oid ) = @_;
+ my ( $vhffs, $target_oid , $granted_oid ) = @_;
- return -1 unless(defined $main && defined $target_oid && defined $granted_oid);
+ return -1 unless(defined $vhffs && defined $target_oid && defined $granted_oid);
- my $dbh = $main->get_db_object();
+ my $dbh = $vhffs->get_db_object();
$dbh->begin_work();
my $sql = 'DELETE FROM vhffs_acl WHERE granted_oid=? AND target_oid=?';
@@ -149,52 +172,52 @@
return 1;
}
+
=pod
-=head2 get_object_users_acl
+=head2 get_object_acl
- my $rights = Vhffs::Acl::get_object_users_acl($object, $vhffs);
+ my $rights = Vhffs::Acl::get_object_acl($object, $vhffs);
-Get all users acl for a given object.
-Returns an array of hashref with keys 'oid_src, name, perm'.
+Returns an array of hashref with keys 'granted_oid, name, perm'.
+A NULL perm is a non existing ACL.
+A NULL name is the default ACL.
-=cut
+Example:
+ granted_oid | name | perm
+-------------+----------+------
+ 3 | | 0 <== default ACL
+ 1 | user1 | 10
+ 25 | user2 | 10
+ 72 | user3 | <== user without ACL
+(4 rows)
-sub get_object_users_acl
-{
- my ( $obj , $main ) = @_;
- return -1 unless( defined $obj );
-
- my $sql = 'SELECT acl.granted_oid, u.username AS name, acl.perm FROM vhffs_acl acl INNER JOIN vhffs_users u ON u.object_id = acl.granted_oid WHERE target_oid=? ORDER BY u.username';
- my $dbh = $main->get_db_object;
- my $sth = $dbh->prepare($sql);
- return undef unless($sth->execute($obj->get_oid));
- return $sth->fetchall_arrayref({});
-}
-
-=pod
-
-=head2 get_object_default_acl
-
- my $rights = Vhffs::Acl::get_object_default_acl($object, $vhffs);
-
-Get the default acl of a given object.
-Returns an array of one hashref with keys 'oid_src, perm'.
-
=cut
-sub get_object_default_acl
+sub get_object_acl
{
- my ( $obj , $main ) = @_;
- return -1 unless( defined $obj );
+ my ( $vhffs , $object ) = @_;
+ return undef unless( defined $vhffs && defined $object );
- my $sql = 'SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl INNER JOIN vhffs_groups g ON acl.granted_oid=g.object_id WHERE acl.target_oid=? ORDER BY g.groupname';
- my $dbh = $main->get_db_object;
- my $sth = $dbh->prepare( $sql );
- return undef unless( $sth->execute($obj->get_oid) );
+ my $sth = $vhffs->get_db_object->prepare( '
+ (
+ ( SELECT allusers.object_id AS granted_oid, allusers.name, aclusers.perm
+ FROM
+ ( SELECT u.object_id, u.username AS name FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid=u.uid INNER JOIN vhffs_groups g ON ug.gid=g.gid INNER JOIN vhffs_acl acl ON acl.granted_oid=g.object_id WHERE acl.target_oid=? )
+ AS allusers
+ LEFT OUTER JOIN
+ ( SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl INNER JOIN vhffs_users u ON u.object_id=acl.granted_oid WHERE target_oid=? )
+ AS aclusers
+ ON allusers.object_id=aclusers.granted_oid
+ )
+ UNION
+ ( SELECT acl.granted_oid, NULL AS name, acl.perm FROM vhffs_acl acl INNER JOIN vhffs_groups g ON acl.granted_oid=g.object_id WHERE acl.target_oid=? )
+ )
+ ORDER BY name ASC
+ ' );
+ return undef unless $sth->execute( $object->get_oid, $object->get_oid, $object->get_oid );
return $sth->fetchall_arrayref({});
}
-
1;
Modified: trunk/vhffs-api/src/examples/show_acl_per_object.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_acl_per_object.pl 2007-10-04 22:52:25 UTC (rev 960)
+++ trunk/vhffs-api/src/examples/show_acl_per_object.pl 2007-10-05 15:47:45 UTC (rev 961)
@@ -19,10 +19,5 @@
die("MySQL service $dbname not found\n") unless(defined $sql);
-my $acl = Vhffs::Acl::get_object_users_acl( $sql , $princ );
-
+my $acl = Vhffs::Acl::get_object_acl( $princ, $sql );
print Dumper $acl;
-
-$acl = Vhffs::Acl::get_object_default_acl( $sql , $princ );
-
-print Dumper $acl;
Modified: trunk/vhffs-panel/acl/view.pl
===================================================================
--- trunk/vhffs-panel/acl/view.pl 2007-10-04 22:52:25 UTC (rev 960)
+++ trunk/vhffs-panel/acl/view.pl 2007-10-05 15:47:45 UTC (rev 961)
@@ -67,7 +67,7 @@
my $access_level = Vhffs::Acl::get_perm( $vhffs , $object , $user );
# Object does not exists
-if( ! defined $object ) {
+unless( defined $object ) {
$template = new HTML::Template( filename => $templatedir.'/panel/misc/simplemsg.tmpl' );
$template->param( MESSAGE => sprintf( gettext('Cannot get informations on object #%d'), $oid) );
} else {
@@ -81,6 +81,7 @@
my $perm = $cgi->param('perm');
my $username = $cgi->param('username');
my $acl_user;
+ my $ret;
if(! (defined $perm && defined $username) ) {
$panel->add_error( gettext('CGI Error') );
} elsif( ! defined($acl_user = Vhffs::User::get_by_username( $vhffs, $username ) ) ) {
@@ -96,26 +97,29 @@
my $granted_oid = $cgi->param('granted_oid');
my $perm = $cgi->param('perm'.$granted_oid);
my $granted;
+ my $ret;
if(! (defined $granted_oid && defined $perm) ) {
$panel->add_error( gettext('CGI Error') );
} elsif( ! defined( $granted = Vhffs::Object::get_by_oid( $vhffs, $granted_oid ) ) ) {
$panel->add_error( gettext('Group or user not found') );
} elsif( ( $access_level < Vhffs::Constants::ACL_MANAGEACL ) && ( $user->is_admin != 1 ) ) {
$panel->add_error( gettext('You\'re not allowed to manage this object\'s ACL') );
- } elsif( Vhffs::Acl::update_acl( $vhffs, $object->get_oid, $granted_oid, $perm ) < 0 ) {
- $panel->add_error( gettext('Sorry, can\'t update ACL') );
} else {
- $panel->add_info( gettext('ACL updated') );
+ $ret = Vhffs::Acl::add_update_or_del_acl( $vhffs, $object->get_oid, $granted_oid, $perm );
+ $panel->add_error( gettext('Sorry, can\'t add or update ACL') ) if( $ret < 0 );
+ $panel->add_info( gettext('ACL added') ) if( $ret == 1);
+ $panel->add_info( gettext('ACL updated') ) if( $ret == 2);
+ $panel->add_info( gettext('ACL deleted') ) if( $ret == 3);
}
}
- $template = new HTML::Template::Expr( filename => $templatedir.'/panel/acl/view.tmpl' , global_vars => 1 );
- $panel->set_title( gettext('ACL Administration') );
+ $panel->set_title( gettext('ACL Administration') );
- # Disable ACL managment facilities if user doesn't have enough rights
- $template->param( MANAGE_ACL => ($access_level >= Vhffs::Constants::ACL_MANAGEACL));
+ $template = new HTML::Template::Expr( filename => $templatedir.'/panel/acl/view.tmpl' , global_vars => 1 );
$template->param( TEXT_USER => gettext('User') );
+ $template->param( TARGET_OID => $object->get_oid );
+ $template->param( TEXT_MODIFY => gettext('Modify') );
$template->param( TEXT_DEFAULT => gettext('Default') );
$template->param( TEXT_ACL_UNDEF => gettext('Default') );
@@ -132,17 +136,21 @@
$template->param( VALUE_ACL_MANAGEACL => Vhffs::Constants::ACL_MANAGEACL );
$template->param( VALUE_ACL_DELETE => Vhffs::Constants::ACL_DELETE );
- $template->param( TEXT_MODIFY => gettext('Modify') );
+ my $acls = Vhffs::Acl::get_object_acl( $vhffs, $object );
+ my @acldefault;
+ my @aclusers;
+ foreach my $acl ( @{$acls} ) {
+ if( defined $acl->{name} ) {
+ $acl->{perm} = Vhffs::Constants::ACL_UNDEFINED unless defined $acl->{perm};
+ push( @aclusers, { %$acl } );
+ }
+ else {
+ push( @acldefault, { 'granted_oid' => $acl->{granted_oid} , 'perm' => $acl->{perm} } );
+ }
+ }
- $template->param( TEXT_USERNAME => gettext('User:' ) );
- $template->param( TEXT_ACL_LEVEL => gettext('ACL level') );
- $template->param( TEXT_ACL_USER_ADD => gettext('Add an ACL for a User') );
- $template->param( SEND => gettext('Add') );
-
- $template->param( TARGET_OID => $object->get_oid );
-
- $template->param( ACL_DEFAULT => Vhffs::Acl::get_object_default_acl( $object , $vhffs ) );
- $template->param( ACL_USERS => Vhffs::Acl::get_object_users_acl( $object , $vhffs ) );
+ $template->param( ACL_DEFAULT => \@acldefault );
+ $template->param( ACL_USERS => \@aclusers );
}
}
Modified: trunk/vhffs-panel/templates/acl/view.tmpl
===================================================================
--- trunk/vhffs-panel/templates/acl/view.tmpl 2007-10-04 22:52:25 UTC (rev 960)
+++ trunk/vhffs-panel/templates/acl/view.tmpl 2007-10-05 15:47:45 UTC (rev 961)
@@ -1,4 +1,3 @@
-<tmpl_if name="ACL_USERS">
<div class="acltable">
<div class="tableheader">
<p>
@@ -52,33 +51,3 @@
<span class="clear"> </span>
</div>
</div>
-</tmpl_if>
-
-<tmpl_if name="MANAGE_ACL">
-<h2><TMPL_VAR NAME="TEXT_ACL_USER_ADD"></h2>
-
-<form method="post" action="/acl/view.pl">
- <p>
- <label for="acl_username">
- <TMPL_VAR NAME="TEXT_USERNAME">
- </label>
- <input type="text" name="username" id="acl_username"/>
- </p>
- <p>
- <label for="acl_user_perm">
- <TMPL_VAR NAME="TEXT_ACL_LEVEL">
- </label>
- <select name="perm" id="acl_user_perm">
- <option value="<TMPL_VAR NAME="VALUE_ACL_DENIED">" <TMPL_VAR NAME="DENIED_SELECTED">><TMPL_VAR NAME="TEXT_ACL_DENIED"></option>
- <option value="<TMPL_VAR NAME="VALUE_ACL_VIEW">" <TMPL_VAR NAME="VIEW_SELECTED">><TMPL_VAR NAME="TEXT_ACL_VIEW"></option>
- <option value="<TMPL_VAR NAME="VALUE_ACL_MODIFY">" <TMPL_VAR NAME="MODIFY_SELECTED">><TMPL_VAR NAME="TEXT_ACL_MODIFY"></option>
- <option value="<TMPL_VAR NAME="VALUE_ACL_MANAGEACL">" <TMPL_VAR NAME="MANAGEACL_SELECTED">><TMPL_VAR NAME="TEXT_ACL_MANAGEACL"></option>
- <option value="<TMPL_VAR NAME="VALUE_ACL_DELETE">" <TMPL_VAR NAME="DELETE_SELECTED">><TMPL_VAR NAME="TEXT_ACL_DELETE"></option>
- </select>
- </p>
- <p class="button">
- <input type="HIDDEN" name="target_oid" value="<TMPL_VAR NAME="TARGET_OID">" />
- <input type="submit" value="<TMPL_VAR NAME="SEND">" name="add_acl_user_submit"/>
- </p>
-</form>
-</tmpl_if>