| [vhffs-dev] [2036] reworked Vhffs::Acl |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 2036
Author: gradator
Date: 2012-02-22 01:32:40 +0100 (Wed, 22 Feb 2012)
Log Message:
-----------
reworked Vhffs::Acl
Vhffs::Acl merged with Vhffs::Object
default ACL removed, now enforced
Modified Paths:
--------------
trunk/vhffs-api/src/Vhffs/Acl.pm
trunk/vhffs-api/src/Vhffs/Object.pm
trunk/vhffs-api/src/Vhffs/Panel/Acl.pm
trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm
trunk/vhffs-api/src/Vhffs/Panel/Cron.pm
trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm
trunk/vhffs-api/src/Vhffs/Panel/DNS.pm
trunk/vhffs-api/src/Vhffs/Panel/Git.pm
trunk/vhffs-api/src/Vhffs/Panel/Group.pm
trunk/vhffs-api/src/Vhffs/Panel/Mail.pm
trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm
trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm
trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm
trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm
trunk/vhffs-api/src/Vhffs/Panel/Repository.pm
trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm
trunk/vhffs-api/src/Vhffs/Panel/Svn.pm
trunk/vhffs-api/src/Vhffs/Panel/Web.pm
trunk/vhffs-api/src/Vhffs/User.pm
trunk/vhffs-api/src/examples/add_acl.pl
trunk/vhffs-api/src/examples/add_acl_dns.pl
trunk/vhffs-api/src/examples/delete_acl.pl
trunk/vhffs-api/src/examples/mailuser.pl
trunk/vhffs-api/src/examples/mailuser_add_box.pl
trunk/vhffs-api/src/examples/modify_acl.pl
trunk/vhffs-api/src/examples/perm_for_user.pl
trunk/vhffs-api/src/examples/show_acl_per_object.pl
trunk/vhffs-api/src/examples/show_dumper_cvs.pl
trunk/vhffs-api/src/examples/show_dumper_object.pl
trunk/vhffs-compat/from-4.3-to-4.4.sql
trunk/vhffs-panel/templates/acl/view.tt
trunk/vhffs-panel/templates/user/prefs.tt
trunk/vhffs-tools/src/vhffs-useradd
Modified: trunk/vhffs-api/src/Vhffs/Acl.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Acl.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Acl.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,8 @@
use utf8;
use diagnostics;
-package Vhffs::Acl;
+# Since perl allows us to do such things, let's have an unobstrusive approach
+package Vhffs::Object;
=pod
@@ -52,185 +53,254 @@
=pod
-=head2 get_perm
+=head2 add_acl
- my $perm = Vhffs::Acl::get_perm( $vhffs, $object, $user );
+ die("Unable to add ACL\n") unless $object->add_acl( $grantedo, $perm );
-Returns the permission of C<$user> for C<$object>.
+Grant permission C<$perm> to user or group C<$grantedd> on service C<$object>.
+An ACL where C<$object> is a group object is the default access for users of the group.
+
+Returns 1 if success, undef otherwise.
+
=cut
-sub get_perm {
- my $vhffs = shift;
- my $object = shift;
- my $user = shift;
- return Vhffs::Constants::ACL_DENIED unless defined $vhffs and defined $object and defined $user;
- return Vhffs::Constants::ACL_DELETE if $user->is_admin;
+sub add_acl {
+ my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+ my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
+ my $perm = shift;
- my $perm;
- $perm = $vhffs->{'db'}->selectrow_array('SELECT perm FROM vhffs_acl WHERE granted_oid=? AND target_oid=?', undef, $user->get_oid, $object->get_oid);
+ return undef unless defined $object and defined $perm;
+ return undef unless( $object->get_type == Vhffs::Constants::TYPE_USER or $object->get_type == Vhffs::Constants::TYPE_GROUP );
- # Fetch default ACL (on group) if user specific ACL is not defined
- $perm = $vhffs->{'db'}->selectrow_array('SELECT perm FROM vhffs_acl WHERE granted_oid=? AND target_oid=? AND EXISTS ( SELECT * FROM vhffs_user_group ug INNER JOIN vhffs_users u ON ug.uid=u.uid INNER JOIN vhffs_groups g ON ug.gid=g.gid AND u.object_id=? AND g.object_id=? )', undef, $object->get_group->get_oid, $object->get_oid, $user->get_oid, $object->get_group->get_oid ) unless defined $perm;
+ # Refuse to create an ACL if the granted user is the owner of the target
+ return undef if $object->get_type == Vhffs::Constants::TYPE_USER and $object->get_owner_uid == $self->get_owner_uid;
- $perm = Vhffs::Constants::ACL_DENIED unless defined $perm;
- $perm = Vhffs::Constants::ACL_VIEW if $user->is_moderator and (not defined $perm or $perm < Vhffs::Constants::ACL_VIEW);
+ my $dbh = $self->get_main->get_db_object;
- return $perm;
+ my $sql = 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)';
+ return undef unless( $dbh->do($sql, undef, $object->get_oid, $perm, $self->get_oid) );
+ return 1;
}
=pod
-=head2 add_acl
+=head2 update_acl
- die("Unable to add ACL\n") if Vhffs::Acl::add_acl($vhffs, $granted_object, $target_object, $perm) < 0;
+ my $ret = $object->update_acl( $grantedo, $perm );
-Grant permission C<$perm> to user or group C<$granted_object> on service C<$target_object>.
+Update the ACL between $object and $grantedo.
-Should be modified soon to use OIDs instead of heavy objects.
+Returns 1 if success, undef otherwise.
-An ACL where granted_object is a group object is the default access for users of the group.
-
=cut
-sub add_acl {
- my ( $vhffs, $granted_object , $target_object , $perm ) = @_;
- return -1 unless defined $vhffs and defined $granted_object and defined $target_object and defined $perm;
- return -2 unless( $granted_object->get_type == Vhffs::Constants::TYPE_USER || $granted_object->get_type == Vhffs::Constants::TYPE_GROUP );
+sub update_acl {
+ my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+ my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
+ my $perm = shift;
- my $sql = 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)';
- my $dbh = $vhffs->get_db_object;
- return -3 unless( $dbh->do($sql, undef, $granted_object->get_oid, $perm, $target_object->get_oid) );
+ return undef unless defined $object and defined $perm;
+
+ my $dbh = $self->get_main->get_db_object;
+
+ # If no line was updated, ACL doesn't exists => error
+ return undef unless $dbh->do( 'UPDATE vhffs_acl SET perm = ? WHERE target_oid=? AND granted_oid=?', undef, $perm, $self->get_oid, $object->get_oid) > 0;
return 1;
}
=pod
-=head2 add_acl_oid
+=head2 del_acl
- die("Unable to add ACL\n") if Vhffs::Acl::add_acl($vhffs, $granted_oid, $target_oid, $perm) < 0;
+ my $ret = $object->del_acl( $grantedo );
-Grant permission $perm to user or group OID $granted_oid on service OID $target_oid.
+Delete the ACL between $objectand $grantedo.
-An ACL where granted_oid is a group object OID is the default access for users of the group.
+Returns 1 if success, undef otherwise.
=cut
-sub add_acl_oid {
- my ( $vhffs, $target_oid , $granted_oid , $perm ) = @_;
- return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid and defined $perm;
+sub del_acl {
+ my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+ my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
- return -3 unless $vhffs->get_db_object->do( 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)' , undef, $granted_oid, $perm, $target_oid);
+ return undef unless defined $object;
+
+ my $dbh = $self->get_main->get_db_object();
+
+ return undef unless $dbh->do( 'DELETE FROM vhffs_acl WHERE granted_oid=? AND target_oid=?', undef, $object->get_oid, $self->get_oid) > 0;
return 1;
}
=pod
-=head2 update_acl
+=head2 add_update_or_del_acl
- my $ret = Vhffs::Acl::update_acl($vhffs, $target_oid , $granted_oid, $perm);
+ my $ret = $object->add_update_or_del_acl( $grantedo, $perm );
-Update the ACL between $target_oid and $granted_oid.
+This is the magic function. It deletes the ACL entry if $perm equals Vhffs::Constants::ACL_UNDEFINED or
+creates the ACL entry if necessary or update the ACL entry if the ACL entry already exists.
-Returns >0 if success, <0 otherwise;
+Returns 1 if acl has been added, 2 if acl has been updated, 3 if acl has been deleted, undef is something went wrong.
=cut
-sub update_acl {
- my ( $vhffs, $target_oid, $granted_oid, $perm ) = @_;
- return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid and defined $perm;
+sub add_update_or_del_acl {
+ my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+ my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
+ my $perm = shift;
- # If no line was updated, ACL doesn't exists => error
- return -2 unless $vhffs->get_db_object->do( 'UPDATE vhffs_acl SET perm = ? WHERE target_oid=? AND granted_oid=?', undef, $perm, $target_oid, $granted_oid) > 0;
- return 1;
+ return undef unless defined $object and defined $perm;
+
+ if( $perm == Vhffs::Constants::ACL_UNDEFINED ) {
+ return 3 if $self->del_acl( $object );
+ return undef;
+ }
+
+ return 2 if $self->update_acl( $object, $perm );
+ return 1 if $self->add_acl( $object, $perm );
+ return undef;
}
=pod
-=head2 del_acl
+=head2 get_acl
- my $ret = Vhffs::Acl::del_acl($vhffs, $target_oid , $granted_oid);
+ my $rights = $object->get_acl();
-Delete the ACL between $target_oid and $granted_oid.
+Returns an array of hashref with keys 'granted_oid, name, perm'.
+A NULL perm is a non existing ACL.
+A NULL name is the default ACL.
-Returns >0 if success, <0 otherwise;
+Also add implicit ACL in case of undefined ACL (owner, default access for users of the group);
+Example:
+ granted_oid | name | uid | perm
+ -------------+----------+----------+-----
+ 3 | (nul) | (nul) | 0 <== default ACL
+ 1 | user1 | 10000 | 2
+ 25 | user2 | 10010 | 10
+ 72 | user3 | 10020 | -1 <== user without ACL
+ (4 rows)
+
=cut
-sub del_acl {
- my ( $vhffs, $target_oid , $granted_oid ) = @_;
- return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid;
+sub get_acl {
+ my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
- my $dbh = $vhffs->get_db_object();
+ my $dbh = $self->get_main->get_db_object;
- $dbh->begin_work();
- my $sql = 'DELETE FROM vhffs_acl WHERE granted_oid=? AND target_oid=?';
- my $sth = $dbh->prepare( $sql );
- $sth->execute( $granted_oid, $target_oid ) or return -1;
+ my $sth = $dbh->prepare('SELECT u.object_id AS granted_oid, u.username AS name, u.uid AS uid, aclu.perm FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid=u.uid INNER JOIN vhffs_object o ON o.owner_gid=ug.gid LEFT OUTER JOIN (SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl WHERE acl.target_oid=?) AS aclu ON aclu.granted_oid=u.object_id WHERE o.object_id=? UNION SELECT g.object_id AS granted_oid, NULL AS name, NULL AS uid, aclu.perm FROM vhffs_groups g INNER JOIN vhffs_object o ON o.owner_gid=g.gid LEFT OUTER JOIN (SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl WHERE acl.target_oid=?) AS aclu ON aclu.granted_oid=g.object_id WHERE o.object_id=? ORDER BY name ASC');
+ return undef unless $sth->execute( $self->get_oid, $self->get_oid, $self->get_oid, $self->get_oid );
+ my $acls = $sth->fetchall_arrayref({});
- $sql = 'SELECT COUNT(*) FROM vhffs_acl WHERE perm>=? AND target_oid=?';
- $sth = $dbh->prepare( $sql );
- $sth->execute(Vhffs::Constants::ACL_MANAGEACL, $target_oid) or return -1;
- my ($count) = $sth->fetchrow();
-
- # We want to have at least one person who can handle ACLs
- if( $count == 0 ) {
- $dbh->rollback();
- return -2;
+ # If someone find a way to do that using SQL, please do ;-)
+ foreach my $acl ( @{$acls} ) {
+ # Default ACL (group ACL)
+ $acl->{perm} = Vhffs::Constants::ACL_VIEW if not defined $acl->{name} and not defined $acl->{perm};
+ # Owner
+ $acl->{perm} = Vhffs::Constants::ACL_DELETE if defined $acl->{uid} and $acl->{uid} == $self->get_owner_uid and not defined $acl->{perm};
+ # Undef to ACL_UNDEFINED
+ $acl->{perm} = Vhffs::Constants::ACL_UNDEFINED unless defined $acl->{perm};
}
- $dbh->commit();
- return 1;
+ return $acls;
}
=pod
-=head2 add_update_or_del_acl
+=head2 get_perm
- my $ret = Vhffs::Acl::add_update_or_del_acl($vhffs, $target_oid , $granted_oid, $perm);
+ my $perm = $object->get_perm( $targetobject );
-This is the magic function. It deletes the ACL entry if $perm equals Vhffs::Constants::ACL_UNDEFINED or
-creates the ACL entry if necessary or update the ACL entry if the ACL entry already exists.
+Returns the permission of C<$object> (actually always a C<Vhffs::User>)
+for C<$targetobject> (actually always a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>)
-Returns 1 if acl has been added, 2 if acl has been updated, 3 if acl has been deleted, -1 is something went wrong.
-
=cut
-sub add_update_or_del_acl {
- my ($vhffs, $target_oid, $granted_oid, $perm) = @_;
- return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid and defined $perm;
+sub get_perm {
+ my $self = shift; # -granted- a C<Vhffs::User>
+ my $object = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
- if( $perm == Vhffs::Constants::ACL_UNDEFINED ) {
- return 3 if del_acl( $vhffs, $target_oid, $granted_oid ) > 0;
- return -1;
+ # Returns ACL_DENIED if $self is not a C<Vhffs::User>, managing other cases are complicated and totally useless
+ # Also, access to objects in states other than ACTIVATED are denied, unless user is an administrator
+ return Vhffs::Constants::ACL_DENIED unless defined $object and $self->get_type == Vhffs::Constants::TYPE_USER and ($object->get_status == Vhffs::Constants::ACTIVATED or $self->is_admin);
+
+ # Administrators have full access to objects, whatever the current object state
+ # Users have full access to their objets (where object owner_uid equals user uid)
+ return Vhffs::Constants::ACL_DELETE if ($self->is_admin or $object->get_owner_uid == $self->get_owner_uid);
+
+ my $dbh = $self->get_main->get_db_object;
+
+ # Fetch user ACL (if any)
+ my $perm = $dbh->selectrow_array('SELECT acl.perm FROM vhffs_acl acl WHERE acl.granted_oid=? AND acl.target_oid=?', undef, $self->get_oid, $object->get_oid);
+
+ # User specific ACL is not defined, try to find group ACL, but first, check if user is in the group
+ unless( defined $perm ) {
+ # Else, which should be the default case, check if user is a member of the object group, otherwise set ACL_DENIED
+ my $isusergroup = $dbh->selectrow_array('SELECT COUNT(*) FROM vhffs_user_group ug WHERE ug.uid=? and ug.gid=?', undef, $self->get_owner_uid, $object->get_owner_gid);
+ $perm = Vhffs::Constants::ACL_DENIED unless $isusergroup;
}
- return 2 if update_acl( $vhffs, $target_oid, $granted_oid, $perm ) > 0;
- return 1 if add_acl_oid( $vhffs, $target_oid, $granted_oid, $perm ) > 0;
- return -1;
+ # User is in the group (if user is not, $perm is set to ACL_DENIED)
+ unless( defined $perm ) {
+ # Fetch default ACL (on group)
+ $perm = $dbh->selectrow_array('SELECT acl.perm FROM vhffs_acl acl INNER JOIN vhffs_groups g ON g.object_id=acl.granted_oid WHERE g.gid=? AND acl.target_oid=?', undef, $object->get_owner_gid, $object->get_oid);
+
+ # Default access to group object if user is in the group
+ $perm = Vhffs::Constants::ACL_VIEW unless defined $perm;
+ }
+
+ # Default perm if perm is undefined
+ $perm = Vhffs::Constants::ACL_DENIED unless defined $perm;
+
+ # But moderators have view access to all objects
+ $perm = Vhffs::Constants::ACL_VIEW if $self->is_moderator and $perm < Vhffs::Constants::ACL_VIEW;
+
+ return $perm;
}
-=pod
+=head2 can_view
-=head2 get_object_acl
+ die("You are not allowed to view this object\n") unless($object->can_view($object));
- my $rights = Vhffs::Acl::get_object_acl($vhffs, $object);
+Returns true if the object on which the method is called can view the given object.
-Returns an array of hashref with keys 'granted_oid, name, perm'.
-A NULL perm is a non existing ACL.
-A NULL name is the default ACL.
+=cut
+sub can_view {
+ my ($self, $object) = @_;
+ return ( $self->get_perm($object) >= Vhffs::Constants::ACL_VIEW );
+}
-Example:
- granted_oid | name | perm
- -------------+----------+------
- 3 | | 0 <== default ACL
- 1 | user1 | 10
- 25 | user2 | 10
- 72 | user3 | <== user without ACL
- (4 rows)
+=head2 can_modify
+ die("You are not allowed to modify this object\n") unless($object->can_modify($object));
+
+Returns true if the object on which the method is called can modify the given object.
+
=cut
-sub get_object_acl {
- my ( $vhffs , $object ) = @_;
- return undef unless defined $vhffs and defined $object;
+sub can_modify {
+ my ($self, $object) = @_;
+ return ( $self->get_perm($object) >= Vhffs::Constants::ACL_MODIFY );
+}
- my $sth = $vhffs->get_db_object->prepare( 'SELECT u.object_id AS granted_oid, u.username AS name, aclu.perm FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid=u.uid INNER JOIN vhffs_object o ON o.owner_gid=ug.gid LEFT OUTER JOIN (SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl WHERE acl.target_oid=?) AS aclu ON aclu.granted_oid=u.object_id WHERE o.object_id=? UNION SELECT g.object_id, NULL, aclg.perm FROM vhffs_groups g INNER JOIN vhffs_object o ON g.gid=o.owner_gid INNER JOIN vhffs_acl aclg ON aclg.granted_oid=g.object_id WHERE aclg.target_oid=? ORDER BY name ASC' );
- return undef unless $sth->execute( $object->get_oid, $object->get_oid, $object->get_oid );
- return $sth->fetchall_arrayref({});
+=head2 can_manageacl
+
+ die("You are not allowed to manage acl on this object\n") unless($object->can_manageacl($object));
+
+Returns true if the object on which the method is called can modify ACLs on the given object.
+
+=cut
+sub can_manageacl {
+ my ($self, $object) = @_;
+ return ( $self->get_perm($object) >= Vhffs::Constants::ACL_MANAGEACL );
}
+=head2 can_delete
+
+ die("You are not allowed to delete this object\n") unless($object->can_delete($object));
+
+Returns true if the object on which the method is called can delete the given object.
+
+=cut
+sub can_delete {
+ my ($self, $object) = @_;
+ return ( $self->get_perm($object) >= Vhffs::Constants::ACL_DELETE );
+}
+
1;
Modified: trunk/vhffs-api/src/Vhffs/Object.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Object.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Object.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -34,6 +34,8 @@
package Vhffs::Object;
use Vhffs::Constants;
+use Vhffs::Acl;
+
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
@@ -123,10 +125,9 @@
$sth->execute($owner_uid, $owner_gid, time(), $state, $description, $type) or return undef;
my $oid = $vhffs->get_db_object->last_insert_id(undef, undef, 'vhffs_object', undef);
- my $res = get_by_oid($vhffs, $oid);
-
- $res->add_history('Object created');
- return $res;
+ my $object = get_by_oid($vhffs, $oid);
+ $object->add_history('Object created');
+ return $object;
}
=pod
Modified: trunk/vhffs-api/src/Vhffs/Panel/Acl.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Acl.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Acl.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -41,8 +41,8 @@
use Vhffs::Constants;
use Vhffs::Functions;
+use Vhffs::Object;
use Vhffs::User;
-use Vhffs::Acl;
sub acl {
my $panel = shift;
@@ -77,7 +77,6 @@
my $granted_oid = $cgi->param('granted_oid');
my $perm = $cgi->param('perm'.$granted_oid);
my $granted;
- my $ret;
unless( defined $granted_oid and defined $perm ) {
$panel->add_error( gettext('CGI Error !') );
} elsif( not defined( $granted = Vhffs::Object::get_by_oid( $vhffs, $granted_oid ) ) ) {
@@ -85,31 +84,37 @@
} elsif( not $user->can_manageacl( $object ) ) {
$panel->add_error( gettext('You\'re not allowed to manage this object\'s ACL') );
} else {
- $ret = Vhffs::Acl::add_update_or_del_acl( $vhffs, $object->get_oid, $granted_oid, $perm );
- $panel->add_error( gettext('Sorry, can\'t add or update ACL') ) if $ret < 0;
- $panel->add_info( gettext('ACL added') ) if $ret == 1;
- $panel->add_info( gettext('ACL updated') ) if $ret == 2;
- $panel->add_info( gettext('ACL deleted') ) if $ret == 3;
+ my $ret = $object->add_update_or_del_acl( $granted, $perm );
+ unless( defined $ret ) {
+ $panel->add_error( gettext('Sorry, can\'t add or update ACL') );
+ } else {
+ $panel->add_info( gettext('ACL added') ) if $ret == 1;
+ $panel->add_info( gettext('ACL updated') ) if $ret == 2;
+ $panel->add_info( gettext('ACL deleted') ) if $ret == 3;
+ }
}
}
$panel->set_title( gettext('ACL Administration') );
my $vars = { target => $object };
- my $acls = Vhffs::Acl::get_object_acl( $vhffs, $object );
+ my $acls = $object->get_acl;
my $default_acl;
+ my $owner_acl;
my $users_acl = [];
foreach my $acl ( @{$acls} ) {
- if( defined $acl->{name} ) {
- $acl->{perm} = Vhffs::Constants::ACL_UNDEFINED unless defined $acl->{perm};
+ # Owner
+ if( defined $acl->{uid} and $acl->{uid} == $object->get_owner_uid ) {
+ $owner_acl = $acl;
+ # The real ACL
+ } elsif( defined $acl->{name} ) {
push( @$users_acl, $acl );
- } else {
- $default_acl = {
- granted_oid => $acl->{granted_oid},
- 'perm' => $acl->{perm}
- };
+ # Group ACL
+ } else {
+ $default_acl = $acl;
}
}
$vars->{default_acl} = $default_acl;
+ $vars->{owner_acl} = $owner_acl;
$vars->{users_acl} = $users_acl;
$panel->render('acl/view.tt', $vars);
Modified: trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Bazaar;
use Vhffs::Constants;
use Vhffs::Functions;
@@ -111,8 +110,6 @@
my $bazaar = Vhffs::Services::Bazaar::create( $main, $repo, $description, $user, $group );
return -1 unless defined $bazaar;
- return -3 if Vhffs::Acl::add_acl( $main, $user, $bazaar, Vhffs::Constants::ACL_DELETE ) < 0;
- return -3 if Vhffs::Acl::add_acl( $main, $group, $bazaar, Vhffs::Constants::ACL_VIEW ) < 0;
return $bazaar;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Cron.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Cron.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Cron.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Cron;
use Vhffs::Constants;
@@ -96,8 +95,6 @@
my $cron = Vhffs::Services::Cron::create( $main , $cronpath , $interval , $reportmail , $description, $user , $group );
return undef unless defined $cron;
- return undef if Vhffs::Acl::add_acl( $main, $user, $cron, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $cron, Vhffs::Constants::ACL_VIEW ) < 0;
return $cron;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Cvs;
use Vhffs::Constants;
@@ -71,8 +70,6 @@
my $cvs = Vhffs::Services::Cvs::create($main, $cvsroot, $description, $user, $group);
return undef unless defined $cvs;
- return undef if Vhffs::Acl::add_acl( $main, $user, $cvs, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $cvs, Vhffs::Constants::ACL_VIEW ) < 0;
return $cvs;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/DNS.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/DNS.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/DNS.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
use locale;
use Locale::gettext;
use Vhffs::Constants;
-use Vhffs::Acl;
use Vhffs::Services::DNS;
@@ -70,8 +69,6 @@
my $dns = Vhffs::Services::DNS::create( $main , $dns_name, $description, $user , $group );
return undef unless defined $dns;
- return undef if Vhffs::Acl::add_acl( $main, $user, $dns, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $dns, Vhffs::Constants::ACL_VIEW ) < 0;
return $dns;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Git.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Git.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Git.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Git;
use Vhffs::Constants;
use Vhffs::Functions;
@@ -112,8 +111,6 @@
my $git = Vhffs::Services::Git::create( $main, $repo, $description, $user, $group );
return -1 unless defined $git;
- return -3 if Vhffs::Acl::add_acl( $main, $user, $git, Vhffs::Constants::ACL_DELETE ) < 0;
- return -3 if Vhffs::Acl::add_acl( $main, $group, $git, Vhffs::Constants::ACL_VIEW ) < 0;
return $git;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Group.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Group.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -204,8 +204,6 @@
return undef if ($group->add_user( $user->get_uid ) < 0 );
- return undef if ( Vhffs::Acl::add_acl( $main, $user, $group, Vhffs::Constants::ACL_DELETE ) < 0 );
- return undef if ( Vhffs::Acl::add_acl( $main, $group, $group, Vhffs::Constants::ACL_VIEW ) < 0 );
return $group;
}
@@ -356,6 +354,12 @@
$panel->render('misc/message.tt', { message => gettext( 'You must specify a project name' ) });
return;
}
+
+ unless( $user->can_view( $group ) ) {
+ $panel->render('misc/message.tt', { message => gettext( 'You\'re not allowed to do this, object is not in active state or you don\'t have enough ACL rights' ) } );
+ return;
+ }
+
$panel->set_group( $group );
my $vars = { group => $group };
Modified: trunk/vhffs-api/src/Vhffs/Panel/Mail.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Mail.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Mail.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -117,8 +117,6 @@
my $mail = Vhffs::Services::Mail::create($main, $domain, $description, $user, $group);
return undef unless defined $mail;
- return undef if Vhffs::Acl::add_acl( $main, $user, $mail, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $mail, Vhffs::Constants::ACL_VIEW ) < 0;
return $mail;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -124,8 +124,6 @@
my $list = Vhffs::Services::MailingList::create( $main , $lpart , $domain, $description, $user, $group );
return undef unless defined $list;
- return undef if Vhffs::Acl::add_acl( $main, $user, $list, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $list, Vhffs::Constants::ACL_VIEW ) < 0;
return $list;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Mercurial;
use Vhffs::Constants;
use Vhffs::Functions;
@@ -113,8 +112,6 @@
my $mercurial = Vhffs::Services::Mercurial::create( $main, $repo, $description, $user, $group );
return -1 unless defined $mercurial;
- return -3 if Vhffs::Acl::add_acl( $main, $user, $mercurial, Vhffs::Constants::ACL_DELETE ) < 0;
- return -3 if Vhffs::Acl::add_acl( $main, $group, $mercurial, Vhffs::Constants::ACL_VIEW ) < 0;
return $mercurial;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -39,7 +39,6 @@
use Locale::gettext;
use Vhffs::Services::Mysql;
use Vhffs::Constants;
-use Vhffs::Acl;
=pod
@@ -80,8 +79,6 @@
my $mysql = Vhffs::Services::Mysql::create($main, $dbname, $dbuser, $dbpass, $description, $user, $group);
return undef unless defined $mysql;
- return undef if Vhffs::Acl::add_acl( $main, $user, $mysql, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $mysql, Vhffs::Constants::ACL_VIEW ) < 0;
return $mysql;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
use locale;
use Locale::gettext;
use Vhffs::Constants;
-use Vhffs::Acl;
use Vhffs::Services::Pgsql;
@@ -101,8 +100,6 @@
my $pgsql = Vhffs::Services::Pgsql::create($main, $dbname, $dbuser, $dbpass, $description, $user, $group);
return undef unless defined $pgsql;
- return undef if Vhffs::Acl::add_acl( $main, $user, $pgsql, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $pgsql, Vhffs::Constants::ACL_VIEW ) < 0;
return $pgsql;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Repository.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Repository.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Repository.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Repository;
use Vhffs::Constants;
@@ -100,8 +99,6 @@
my $repo = Vhffs::Services::Repository::create( $main , $name , $description, $user , $group );
return undef unless defined $repo;
- return undef if Vhffs::Acl::add_acl( $main, $user, $repo, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $repo, Vhffs::Constants::ACL_VIEW ) < 0;
return $repo;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -121,7 +121,6 @@
$panel->add_error( gettext('Cannot apply changes to the user') );
}
else {
- Vhffs::Acl::add_acl( $vhffs, $user, $user, Vhffs::Constants::ACL_DELETE );
# Newsletter
if( $vhffs->get_config->get_service_availability('newsletter') ) {
Modified: trunk/vhffs-api/src/Vhffs/Panel/Svn.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Svn.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Svn.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
use POSIX qw(locale_h);
use locale;
use Locale::gettext;
-use Vhffs::Acl;
use Vhffs::Services::Svn;
use Vhffs::Constants;
use Vhffs::Functions;
@@ -112,8 +111,6 @@
my $svn = Vhffs::Services::Svn::create( $main, $repo, $description, $user, $group );
return -1 unless defined $svn;
- return -3 if Vhffs::Acl::add_acl( $main, $user, $svn, Vhffs::Constants::ACL_DELETE ) < 0;
- return -3 if Vhffs::Acl::add_acl( $main, $group, $svn, Vhffs::Constants::ACL_VIEW ) < 0;
return $svn;
}
Modified: trunk/vhffs-api/src/Vhffs/Panel/Web.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Web.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Web.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -41,7 +41,6 @@
use Vhffs::Services::Web;
use Vhffs::Constants;
use Vhffs::Functions;
-use Vhffs::Acl;
=pod
@@ -144,8 +143,6 @@
my $web = Vhffs::Services::Web::create($main, $servername, $description, $user, $group);
return undef unless defined $web;
- return undef if Vhffs::Acl::add_acl( $main, $user, $web, Vhffs::Constants::ACL_DELETE ) < 0;
- return undef if Vhffs::Acl::add_acl( $main, $group, $web, Vhffs::Constants::ACL_VIEW ) < 0;
return $web;
}
Modified: trunk/vhffs-api/src/Vhffs/User.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/User.pm 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/User.pm 2012-02-22 00:32:40 UTC (rev 2036)
@@ -39,7 +39,6 @@
use Locale::gettext;
use Vhffs::Group;
use Vhffs::Functions;
-use Vhffs::Acl;
=pod
@@ -1018,88 +1017,18 @@
=pod
-=head2 get_permissions
+=head2 get_admin
- my $perm = $user->get_permissions;
+ my $perm = $user->get_admin;
Returns user access level.
=cut
-sub get_permissions {
+sub get_admin {
my $self = shift;
return $self->{admin};
}
-=head2 can_view
-
- die("You are not allowed to view this object\n")
- unless($user->can_view($object));
-
-Returns true if the user on which the method is called can view the given
-object.
-
-=cut
-sub can_view {
- my ($self, $o) = @_;
- return 0 unless( $o->get_status == Vhffs::Constants::ACTIVATED || $self->is_admin || $self->is_moderator );
- return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self ) >= Vhffs::Constants::ACL_VIEW );
-}
-
-=head2 can_modify
-
- die("You are not allowed to modify this object\n")
- unless($user->can_modify($object));
-
-Returns true if the user on which the method is called can modify the given
-object.
-
-=cut
-sub can_modify {
- my ($self, $o) = @_;
- return 0 unless( $o->get_status == Vhffs::Constants::ACTIVATED || $self->is_admin || $self->is_moderator );
- return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self ) >= Vhffs::Constants::ACL_MODIFY );
-}
-
-=head2 can_manageacl
-
- die("You are not allowed to manage acl on this object\n")
- unless($user->can_manageacl($object));
-
-Returns true if the user on which the method is called can modify ACLs on the given object.
-
-=cut
-sub can_manageacl {
- my ($self, $o) = @_;
- return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self ) >= Vhffs::Constants::ACL_MANAGEACL );
-}
-
-=head2 can_delete
-
- die("You are not allowed to delete this object\n")
- unless($user->can_delete($object));
-
-Returns true if the user on which the method is called can delete the given
-object.
-
-=cut
-sub can_delete {
- my ($self, $o) = @_;
- return 0 unless( $o->get_status == Vhffs::Constants::ACTIVATED || $self->is_admin || $self->is_moderator );
- return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self ) >= Vhffs::Constants::ACL_DELETE );
-}
-
-=head2 get_perm
-
- my $perm = $user->get_perm( $object );
-
-Returns the permission level of the user on the given object.
-
-=cut
-sub get_perm {
- my ($self, $o) = @_;
- return Vhffs::Acl::get_perm( $self->get_main, $o, $self );
-}
-
=head2 have_activegroups
my $havegroups = $user->have_activegroups;
Modified: trunk/vhffs-api/src/examples/add_acl.pl
===================================================================
--- trunk/vhffs-api/src/examples/add_acl.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/add_acl.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -7,7 +7,6 @@
use Vhffs::User;
use Vhffs::Main;
use Vhffs::Services::Web;
-use Vhffs::Acl;
my $princ = init Vhffs::Main;
@@ -21,5 +20,4 @@
my $httpd = Vhffs::Services::Web::get_by_servername($princ, $servername);
die("Webarea $servername not found\n") unless(defined $httpd);
-Vhffs::Acl::add_acl( $princ, $user, $httpd, $level );
-
+$httpd->add_acl( $user, $level );
Modified: trunk/vhffs-api/src/examples/add_acl_dns.pl
===================================================================
--- trunk/vhffs-api/src/examples/add_acl_dns.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/add_acl_dns.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -8,7 +8,6 @@
use Vhffs::User;
use Vhffs::Main;
use Vhffs::Services::DNS;
-use Vhffs::Acl;
my $princ = init Vhffs::Main;
@@ -22,6 +21,6 @@
my $user = Vhffs::User::get_by_username($princ, $username);
die("User $username not found\n") unless(defined $user);
-Vhffs::Acl::add_acl($princ, $user, $dns, $level);
+$dns->add_acl( $user, $level );
print "User $username has now access level $level domain $domain\n";
Modified: trunk/vhffs-api/src/examples/delete_acl.pl
===================================================================
--- trunk/vhffs-api/src/examples/delete_acl.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/delete_acl.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -10,7 +10,6 @@
use Vhffs::Main;
use Vhffs::Object;
use Vhffs::Services::Web;
-use Vhffs::Acl;
my $princ = init Vhffs::Main;
@@ -24,6 +23,6 @@
my $httpd = Vhffs::Services::Web::get_by_servername($princ, $servername);
die("Webarea $servername not found\n") unless(defined $httpd);
-die("Unable to delete ACL\n") unless(Vhffs::Acl::del_acl( $user , $httpd , $princ) > 0);
+die("Unable to delete ACL\n") unless $httpd->del_acl( $user );
print "User $username has no longer access to webarea $servername\n";
Modified: trunk/vhffs-api/src/examples/mailuser.pl
===================================================================
--- trunk/vhffs-api/src/examples/mailuser.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/mailuser.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
use Vhffs::Group;
use Vhffs::Main;
use Vhffs::Object;
-use Vhffs::Acl;
use Vhffs::Services::MailUser;
use Vhffs::Panel::Mail;
Modified: trunk/vhffs-api/src/examples/mailuser_add_box.pl
===================================================================
--- trunk/vhffs-api/src/examples/mailuser_add_box.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/mailuser_add_box.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
use Vhffs::Group;
use Vhffs::Main;
use Vhffs::Object;
-use Vhffs::Acl;
use Vhffs::Services::MailUser;
use Vhffs::Panel::Mail;
Modified: trunk/vhffs-api/src/examples/modify_acl.pl
===================================================================
--- trunk/vhffs-api/src/examples/modify_acl.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/modify_acl.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -7,7 +7,6 @@
use Vhffs::User;
use Vhffs::Main;
use Vhffs::Services::Web;
-use Vhffs::Acl;
my $princ = init Vhffs::Main;
@@ -21,5 +20,4 @@
my $httpd = Vhffs::Services::Web::get_by_servername($princ, $servername);
die("Webarea $servername not found\n") unless(defined $httpd);
-Vhffs::Acl::add_acl($princ, $user, $httpd, $level);
-
+$httpd->add_acl( $user, $level );
Modified: trunk/vhffs-api/src/examples/perm_for_user.pl
===================================================================
--- trunk/vhffs-api/src/examples/perm_for_user.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/perm_for_user.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -10,7 +10,6 @@
use Vhffs::Object;
use Vhffs::Services::Mysql;
use Vhffs::Services::Web;
-use Vhffs::Acl;
my $princ = init Vhffs::Main;
@@ -25,5 +24,5 @@
die("Webarea $servername not found\n") unless(defined $httpd);
print "Permission: ";
-print Vhffs::Acl::get_perm( $princ, $httpd , $user );
+print $user->get_perm( $httpd );
print "\n";
Modified: trunk/vhffs-api/src/examples/show_acl_per_object.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_acl_per_object.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/show_acl_per_object.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -6,7 +6,6 @@
use Data::Dumper;
use lib '%VHFFS_LIB_DIR%';
use Vhffs::Main;
-use Vhffs::Acl;
use Vhffs::Services::Mysql;
my $princ = init Vhffs::Main;
@@ -19,5 +18,5 @@
die("MySQL service $dbname not found\n") unless(defined $sql);
-my $acl = Vhffs::Acl::get_object_acl( $princ, $sql );
+my $acl = $sql->get_acl();
print Dumper $acl;
Modified: trunk/vhffs-api/src/examples/show_dumper_cvs.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_dumper_cvs.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/show_dumper_cvs.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
use Vhffs::Group;
use Vhffs::Main;
use Vhffs::Object;
-use Vhffs::Acl;
use Vhffs::Services::Web;
use Vhffs::Panel::Group;
use Vhffs::Services::Cvs;
Modified: trunk/vhffs-api/src/examples/show_dumper_object.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_dumper_object.pl 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/show_dumper_object.pl 2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
use Vhffs::Group;
use Vhffs::Main;
use Vhffs::Object;
-use Vhffs::Acl;
use Vhffs::Services::Web;
use Vhffs::Panel::Group;
Modified: trunk/vhffs-compat/from-4.3-to-4.4.sql
===================================================================
--- trunk/vhffs-compat/from-4.3-to-4.4.sql 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-compat/from-4.3-to-4.4.sql 2012-02-22 00:32:40 UTC (rev 2036)
@@ -8,3 +8,12 @@
-- Although, default ACL is ACL_DENIED, which is what we want for users on their primary group.
DELETE FROM vhffs_acl acl WHERE acl.target_oid IN (SELECT object_id FROM vhffs_object WHERE type=10) AND acl.granted_oid IN (SELECT object_id FROM vhffs_object WHERE type=11);
+-- Removed useless ACL on users where user is currently the owner_uid of the object, thus already having ACL_DELETE privilege
+DELETE FROM vhffs_acl acl
+ WHERE acl.granted_oid IN (SELECT acl.granted_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=10 AND og.owner_uid=ot.owner_uid)
+ AND acl.target_oid IN (SELECT acl.target_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=10 AND og.owner_uid=ot.owner_uid);
+
+-- Removed useless ACL on groups where group is currently the owner_gid of the object and where the perm is set to ACL_VIEW, which is the default privilege
+DELETE FROM vhffs_acl acl
+ WHERE acl.granted_oid IN (SELECT acl.granted_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=11 AND og.owner_gid=ot.owner_gid AND acl.perm=2)
+ AND acl.target_oid IN (SELECT acl.target_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=11 AND og.owner_gid=ot.owner_gid AND acl.perm=2);
Modified: trunk/vhffs-panel/templates/acl/view.tt
===================================================================
--- trunk/vhffs-panel/templates/acl/view.tt 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-panel/templates/acl/view.tt 2012-02-22 00:32:40 UTC (rev 2036)
@@ -18,7 +18,7 @@
<span><b>[% 'Default' | i18n | html %]</b></span>
<span> </span>
<span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.DENIED %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.DENIED %]/></span>
- <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.item('VIEW') %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.item('VIEW') %]/></span>
+ <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.UNDEFINED %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.item('VIEW') %]/></span>
<span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.MODIFY %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.MODIFY %]/></span>
<span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.MANAGEACL %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.MANAGEACL %]/></span>
<span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.DELETE %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.DELETE %]/></span>
@@ -29,6 +29,18 @@
</span>
</p>
</form>
+ <form method="post" action="#" accept-charset="utf-8">
+ <p>
+ <span><b>[% owner_acl.name %]</b></span>
+ <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.UNDEFINED %]" disabled="disabled"/></span>
+ <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.DENIED %]" disabled="disabled"/></span>
+ <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.item('VIEW') %]" disabled="disabled"/></span>
+ <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.MODIFY %]" disabled="disabled"/></span>
+ <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.MANAGEACL %]" disabled="disabled"/></span>
+ <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.DELETE %]" checked="checked" disabled="disabled"/></span>
+ <span> </span>
+ </p>
+ </form>
[% FOREACH acl IN users_acl %]
<form method="post" action="#" accept-charset="utf-8">
<p>
Modified: trunk/vhffs-panel/templates/user/prefs.tt
===================================================================
--- trunk/vhffs-panel/templates/user/prefs.tt 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-panel/templates/user/prefs.tt 2012-02-22 00:32:40 UTC (rev 2036)
@@ -195,11 +195,11 @@
<input type="hidden" name="name" value="[% user.get_username %]"/>
<p><label for="user_permissions">[% 'User\'s permissions:' | i18n | html %]</label>
<select name="permissions" id="user_permissions">
- <option value="[% constants.user_permissions.NORMAL %]"[% ' selected="selected"' IF user.get_permissions == constants.user_permissions.NORMAL %]>
+ <option value="[% constants.user_permissions.NORMAL %]"[% ' selected="selected"' IF user.get_admin == constants.user_permissions.NORMAL %]>
[% 'Normal' | i18n | html %]</option>
- <option value="[% constants.user_permissions.MODERATOR %]"[% ' selected="selected"' IF user.get_permissions == constants.user_permissions.MODERATOR %]>
+ <option value="[% constants.user_permissions.MODERATOR %]"[% ' selected="selected"' IF user.get_admin == constants.user_permissions.MODERATOR %]>
[% 'Moderator' | i18n | html %]</option>
- <option value="[% constants.user_permissions.ADMIN %]"[% ' selected="selected"' IF user.get_permissions == constants.user_permissions.ADMIN %]>
+ <option value="[% constants.user_permissions.ADMIN %]"[% ' selected="selected"' IF user.get_admin == constants.user_permissions.ADMIN %]>
[% 'Administrator' | i18n | html %]</option>
</select>
</p>
Modified: trunk/vhffs-tools/src/vhffs-useradd
===================================================================
--- trunk/vhffs-tools/src/vhffs-useradd 2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-tools/src/vhffs-useradd 2012-02-22 00:32:40 UTC (rev 2036)
@@ -57,8 +57,6 @@
if(defined $user) {
print "User successfully created, setting default ACL\n";
- Vhffs::Acl::add_acl( $vhffs, $user, $user, Vhffs::Constants::ACL_DELETE );
- Vhffs::Acl::add_acl( $vhffs, $user->get_group, $user, Vhffs::Constants::ACL_DENIED );
} else {
print "Unable to create user (duplicate ?)\n";
}