[vhffs-dev] [2036] reworked Vhffs::Acl

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]


Revision: 2036
Author:   gradator
Date:     2012-02-22 01:32:40 +0100 (Wed, 22 Feb 2012)
Log Message:
-----------
reworked Vhffs::Acl

Vhffs::Acl merged with Vhffs::Object
default ACL removed, now enforced

Modified Paths:
--------------
    trunk/vhffs-api/src/Vhffs/Acl.pm
    trunk/vhffs-api/src/Vhffs/Object.pm
    trunk/vhffs-api/src/Vhffs/Panel/Acl.pm
    trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm
    trunk/vhffs-api/src/Vhffs/Panel/Cron.pm
    trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm
    trunk/vhffs-api/src/Vhffs/Panel/DNS.pm
    trunk/vhffs-api/src/Vhffs/Panel/Git.pm
    trunk/vhffs-api/src/Vhffs/Panel/Group.pm
    trunk/vhffs-api/src/Vhffs/Panel/Mail.pm
    trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm
    trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm
    trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm
    trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm
    trunk/vhffs-api/src/Vhffs/Panel/Repository.pm
    trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm
    trunk/vhffs-api/src/Vhffs/Panel/Svn.pm
    trunk/vhffs-api/src/Vhffs/Panel/Web.pm
    trunk/vhffs-api/src/Vhffs/User.pm
    trunk/vhffs-api/src/examples/add_acl.pl
    trunk/vhffs-api/src/examples/add_acl_dns.pl
    trunk/vhffs-api/src/examples/delete_acl.pl
    trunk/vhffs-api/src/examples/mailuser.pl
    trunk/vhffs-api/src/examples/mailuser_add_box.pl
    trunk/vhffs-api/src/examples/modify_acl.pl
    trunk/vhffs-api/src/examples/perm_for_user.pl
    trunk/vhffs-api/src/examples/show_acl_per_object.pl
    trunk/vhffs-api/src/examples/show_dumper_cvs.pl
    trunk/vhffs-api/src/examples/show_dumper_object.pl
    trunk/vhffs-compat/from-4.3-to-4.4.sql
    trunk/vhffs-panel/templates/acl/view.tt
    trunk/vhffs-panel/templates/user/prefs.tt
    trunk/vhffs-tools/src/vhffs-useradd

Modified: trunk/vhffs-api/src/Vhffs/Acl.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Acl.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Acl.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,8 @@
 use utf8;
 use diagnostics;
 
-package Vhffs::Acl;
+# Since perl allows us to do such things, let's have an unobstrusive approach
+package Vhffs::Object;
 
 =pod
 
@@ -52,185 +53,254 @@
 
 =pod
 
-=head2 get_perm
+=head2 add_acl
 
-	my $perm = Vhffs::Acl::get_perm( $vhffs, $object, $user );
+	die("Unable to add ACL\n") unless $object->add_acl( $grantedo, $perm );
 
-Returns the permission of C<$user> for C<$object>.
+Grant permission C<$perm> to user or group C<$grantedd> on service C<$object>.
 
+An ACL where C<$object> is a group object is the default access for users of the group.
+
+Returns 1 if success, undef otherwise.
+
 =cut
-sub get_perm {
-	my $vhffs = shift;
-	my $object = shift;
-	my $user = shift;
-	return Vhffs::Constants::ACL_DENIED unless defined $vhffs and defined $object and defined $user;
-	return Vhffs::Constants::ACL_DELETE if $user->is_admin;
+sub add_acl {
+	my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+	my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
+	my $perm = shift;
 
-	my $perm;
-	$perm = $vhffs->{'db'}->selectrow_array('SELECT perm FROM vhffs_acl WHERE granted_oid=? AND target_oid=?', undef, $user->get_oid, $object->get_oid);
+	return undef unless defined $object and defined $perm;
+	return undef unless( $object->get_type == Vhffs::Constants::TYPE_USER or $object->get_type == Vhffs::Constants::TYPE_GROUP );
 
-	# Fetch default ACL (on group) if user specific ACL is not defined
-	$perm = $vhffs->{'db'}->selectrow_array('SELECT perm FROM vhffs_acl WHERE granted_oid=? AND target_oid=? AND EXISTS ( SELECT * FROM vhffs_user_group ug INNER JOIN vhffs_users u ON ug.uid=u.uid INNER JOIN vhffs_groups g ON ug.gid=g.gid AND u.object_id=? AND g.object_id=? )', undef, $object->get_group->get_oid, $object->get_oid, $user->get_oid, $object->get_group->get_oid ) unless defined $perm;
+	# Refuse to create an ACL if the granted user is the owner of the target
+	return undef if $object->get_type == Vhffs::Constants::TYPE_USER and $object->get_owner_uid == $self->get_owner_uid;
 
-	$perm = Vhffs::Constants::ACL_DENIED unless defined $perm;
-	$perm = Vhffs::Constants::ACL_VIEW if $user->is_moderator and (not defined $perm or $perm < Vhffs::Constants::ACL_VIEW);
+	my $dbh = $self->get_main->get_db_object;
 
-	return $perm;
+	my $sql = 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)';
+	return undef unless( $dbh->do($sql, undef, $object->get_oid, $perm, $self->get_oid) );
+	return 1;
 }
 
 =pod
 
-=head2 add_acl
+=head2 update_acl
 
-	die("Unable to add ACL\n") if Vhffs::Acl::add_acl($vhffs, $granted_object, $target_object, $perm) < 0;
+	my $ret = $object->update_acl( $grantedo, $perm );
 
-Grant permission C<$perm> to user or group C<$granted_object> on service C<$target_object>.
+Update the ACL between $object and $grantedo.
 
-Should be modified soon to use OIDs instead of heavy objects.
+Returns 1 if success, undef otherwise.
 
-An ACL where granted_object is a group object is the default access for users of the group.
-
 =cut
-sub add_acl {
-	my ( $vhffs, $granted_object , $target_object , $perm ) = @_;
-	return -1 unless defined $vhffs and defined $granted_object and defined $target_object and defined $perm;
-	return -2 unless( $granted_object->get_type == Vhffs::Constants::TYPE_USER || $granted_object->get_type == Vhffs::Constants::TYPE_GROUP );
+sub update_acl {
+	my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+	my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
+	my $perm = shift;
 
-	my $sql = 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)';
-	my $dbh = $vhffs->get_db_object;
-	return -3 unless( $dbh->do($sql, undef, $granted_object->get_oid, $perm, $target_object->get_oid) );
+	return undef unless defined $object and defined $perm;
+
+	my $dbh = $self->get_main->get_db_object;
+
+	# If no line was updated, ACL doesn't exists => error
+	return undef unless $dbh->do( 'UPDATE vhffs_acl SET perm = ? WHERE target_oid=? AND granted_oid=?', undef, $perm, $self->get_oid, $object->get_oid) > 0;
 	return 1;
 }
 
 =pod
 
-=head2 add_acl_oid
+=head2 del_acl
 
-	die("Unable to add ACL\n") if Vhffs::Acl::add_acl($vhffs, $granted_oid, $target_oid, $perm) < 0;
+	my $ret = $object->del_acl( $grantedo );
 
-Grant permission $perm to user or group OID $granted_oid on service OID $target_oid.
+Delete the ACL between $objectand $grantedo.
 
-An ACL where granted_oid is a group object OID is the default access for users of the group.
+Returns 1 if success, undef otherwise.
 
 =cut
-sub add_acl_oid {
-	my ( $vhffs, $target_oid , $granted_oid , $perm ) = @_;
-	return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid and defined $perm;
+sub del_acl {
+	my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+	my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
 
-	return -3 unless $vhffs->get_db_object->do( 'INSERT INTO vhffs_acl(granted_oid, perm, target_oid) VALUES(?, ?, ?)' , undef, $granted_oid, $perm, $target_oid);
+	return undef unless defined $object;
+	
+	my $dbh = $self->get_main->get_db_object();
+
+	return undef unless $dbh->do( 'DELETE FROM vhffs_acl WHERE granted_oid=? AND target_oid=?', undef, $object->get_oid, $self->get_oid) > 0;
 	return 1;
 }
 
 =pod
 
-=head2 update_acl
+=head2 add_update_or_del_acl
 
-	my $ret = Vhffs::Acl::update_acl($vhffs, $target_oid , $granted_oid, $perm);
+	my $ret = $object->add_update_or_del_acl( $grantedo, $perm );
 
-Update the ACL between $target_oid and $granted_oid.
+This is the magic function. It deletes the ACL entry if $perm equals Vhffs::Constants::ACL_UNDEFINED or
+creates the ACL entry if necessary or update the ACL entry if the ACL entry already exists.
 
-Returns >0 if success, <0 otherwise;
+Returns 1 if acl has been added, 2 if acl has been updated, 3 if acl has been deleted, undef is something went wrong.
 
 =cut
-sub update_acl {
-	my ( $vhffs, $target_oid, $granted_oid, $perm ) = @_;
-	return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid and defined $perm;
+sub add_update_or_del_acl {
+	my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
+	my $object = shift; # -granted- a C<Vhffs::User> or a C<Vhffs::Group>
+	my $perm = shift;
 
-	# If no line was updated, ACL doesn't exists => error
-	return -2 unless $vhffs->get_db_object->do( 'UPDATE vhffs_acl SET perm = ? WHERE target_oid=? AND granted_oid=?', undef, $perm, $target_oid, $granted_oid) > 0;
-	return 1;
+	return undef unless defined $object and defined $perm;
+
+	if( $perm == Vhffs::Constants::ACL_UNDEFINED ) {
+		return 3 if $self->del_acl( $object );
+		return undef;
+	}
+
+	return 2 if $self->update_acl( $object, $perm );
+	return 1 if $self->add_acl( $object, $perm );
+	return undef;
 }
 
 =pod
 
-=head2 del_acl
+=head2 get_acl
 
-	my $ret = Vhffs::Acl::del_acl($vhffs, $target_oid , $granted_oid);
+	my $rights = $object->get_acl();
 
-Delete the ACL between $target_oid and $granted_oid.
+Returns an array of hashref with keys 'granted_oid, name, perm'.
+A NULL perm is a non existing ACL.
+A NULL name is the default ACL.
 
-Returns >0 if success, <0 otherwise;
+Also add implicit ACL in case of undefined ACL (owner, default access for users of the group);
 
+Example:
+	 granted_oid |   name   |   uid    | perm
+	-------------+----------+----------+-----
+	           3 | (nul)    | (nul)    |    0   <== default ACL
+	           1 | user1    | 10000    |    2
+	          25 | user2    | 10010    |   10
+	          72 | user3    | 10020    |   -1   <== user without ACL
+	(4 rows)
+
 =cut
-sub del_acl {
-	my ( $vhffs, $target_oid , $granted_oid ) = @_;
-	return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid;
+sub get_acl {
+	my $self = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
 
-	my $dbh = $vhffs->get_db_object();
+	my $dbh = $self->get_main->get_db_object;
 
-	$dbh->begin_work();
-	my $sql = 'DELETE FROM vhffs_acl WHERE granted_oid=? AND target_oid=?';
-	my $sth = $dbh->prepare( $sql );
-	$sth->execute( $granted_oid, $target_oid ) or return -1;
+	my $sth = $dbh->prepare('SELECT u.object_id AS granted_oid, u.username AS name, u.uid AS uid, aclu.perm FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid=u.uid INNER JOIN vhffs_object o ON o.owner_gid=ug.gid LEFT OUTER JOIN (SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl WHERE acl.target_oid=?) AS aclu ON aclu.granted_oid=u.object_id WHERE o.object_id=? UNION SELECT g.object_id AS granted_oid, NULL AS name, NULL AS uid, aclu.perm FROM vhffs_groups g INNER JOIN vhffs_object o ON o.owner_gid=g.gid LEFT OUTER JOIN (SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl WHERE acl.target_oid=?) AS aclu ON aclu.granted_oid=g.object_id WHERE o.object_id=? ORDER BY name ASC');
+	return undef unless $sth->execute( $self->get_oid, $self->get_oid, $self->get_oid, $self->get_oid );
+	my $acls = $sth->fetchall_arrayref({});
 
-	$sql = 'SELECT COUNT(*) FROM vhffs_acl WHERE perm>=? AND target_oid=?';
-	$sth = $dbh->prepare( $sql );
-	$sth->execute(Vhffs::Constants::ACL_MANAGEACL, $target_oid) or return -1;
-	my ($count) = $sth->fetchrow();
-
-	# We want to have at least one person who can handle ACLs
-	if( $count == 0 ) {
-		$dbh->rollback();
-		return -2;
+	# If someone find a way to do that using SQL, please do ;-)
+	foreach my $acl ( @{$acls} )  {
+		# Default ACL (group ACL)
+		$acl->{perm} = Vhffs::Constants::ACL_VIEW if not defined $acl->{name} and not defined $acl->{perm};
+		# Owner
+		$acl->{perm} = Vhffs::Constants::ACL_DELETE if defined $acl->{uid} and $acl->{uid} == $self->get_owner_uid and not defined $acl->{perm};
+		# Undef to ACL_UNDEFINED
+		$acl->{perm} = Vhffs::Constants::ACL_UNDEFINED unless defined $acl->{perm};
 	}
 
-	$dbh->commit();
-	return 1;
+	return $acls;
 }
 
 =pod
 
-=head2 add_update_or_del_acl
+=head2 get_perm
 
-	my $ret = Vhffs::Acl::add_update_or_del_acl($vhffs, $target_oid , $granted_oid, $perm);
+	my $perm = $object->get_perm( $targetobject );
 
-This is the magic function. It deletes the ACL entry if $perm equals Vhffs::Constants::ACL_UNDEFINED or
-creates the ACL entry if necessary or update the ACL entry if the ACL entry already exists.
+Returns the permission of C<$object> (actually always a C<Vhffs::User>)
+for C<$targetobject> (actually always a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>)
 
-Returns 1 if acl has been added, 2 if acl has been updated, 3 if acl has been deleted, -1 is something went wrong.
-
 =cut
-sub add_update_or_del_acl {
-	my ($vhffs, $target_oid, $granted_oid, $perm) = @_;
-	return -1 unless defined $vhffs and defined $target_oid and defined $granted_oid and defined $perm;
+sub get_perm {
+	my $self = shift; # -granted- a C<Vhffs::User>
+	my $object = shift; # -target- a C<Vhffs::User>, C<Vhffs::Group>, or a C<Vhffs::Services>
 
-	if( $perm == Vhffs::Constants::ACL_UNDEFINED )  {
-		return 3 if del_acl( $vhffs, $target_oid, $granted_oid ) > 0;
-		return -1;
+	# Returns ACL_DENIED if $self is not a C<Vhffs::User>, managing other cases are complicated and totally useless
+	# Also, access to objects in states other than ACTIVATED are denied, unless user is an administrator
+	return Vhffs::Constants::ACL_DENIED unless defined $object and $self->get_type == Vhffs::Constants::TYPE_USER and ($object->get_status == Vhffs::Constants::ACTIVATED or $self->is_admin);
+
+	# Administrators have full access to objects, whatever the current object state
+	# Users have full access to their objets (where object owner_uid equals user uid)
+	return Vhffs::Constants::ACL_DELETE if ($self->is_admin or $object->get_owner_uid == $self->get_owner_uid);
+
+	my $dbh = $self->get_main->get_db_object;
+
+	# Fetch user ACL (if any)
+	my $perm = $dbh->selectrow_array('SELECT acl.perm FROM vhffs_acl acl WHERE acl.granted_oid=? AND acl.target_oid=?', undef, $self->get_oid, $object->get_oid);
+
+	# User specific ACL is not defined, try to find group ACL, but first, check if user is in the group
+	unless( defined $perm ) {
+		# Else, which should be the default case, check if user is a member of the object group, otherwise set ACL_DENIED
+		my $isusergroup = $dbh->selectrow_array('SELECT COUNT(*) FROM vhffs_user_group ug WHERE ug.uid=? and ug.gid=?', undef, $self->get_owner_uid, $object->get_owner_gid);
+		$perm = Vhffs::Constants::ACL_DENIED unless $isusergroup;
 	}
 
-	return 2 if update_acl( $vhffs, $target_oid, $granted_oid, $perm ) > 0;
-	return 1 if add_acl_oid( $vhffs, $target_oid, $granted_oid, $perm ) > 0;
-	return -1;
+	# User is in the group (if user is not, $perm is set to ACL_DENIED)
+	unless( defined $perm ) {
+		# Fetch default ACL (on group)
+		$perm = $dbh->selectrow_array('SELECT acl.perm FROM vhffs_acl acl INNER JOIN vhffs_groups g ON g.object_id=acl.granted_oid WHERE g.gid=? AND acl.target_oid=?', undef, $object->get_owner_gid, $object->get_oid);
+
+		# Default access to group object if user is in the group
+		$perm = Vhffs::Constants::ACL_VIEW unless defined $perm;
+	}
+
+	# Default perm if perm is undefined
+	$perm = Vhffs::Constants::ACL_DENIED unless defined $perm;
+
+	# But moderators have view access to all objects
+	$perm = Vhffs::Constants::ACL_VIEW if $self->is_moderator and $perm < Vhffs::Constants::ACL_VIEW;
+
+	return $perm;
 }
 
-=pod
+=head2 can_view
 
-=head2 get_object_acl
+	die("You are not allowed to view this object\n") unless($object->can_view($object));
 
-	my $rights = Vhffs::Acl::get_object_acl($vhffs, $object);
+Returns true if the object on which the method is called can view the given object.
 
-Returns an array of hashref with keys 'granted_oid, name, perm'.
-A NULL perm is a non existing ACL.
-A NULL name is the default ACL.
+=cut
+sub can_view {
+	my ($self, $object) = @_;
+	return ( $self->get_perm($object) >= Vhffs::Constants::ACL_VIEW );
+}
 
-Example:
-	 granted_oid |   name   | perm
-	-------------+----------+------
-	           3 |          |    0   <== default ACL
-	           1 | user1    |   10
-	          25 | user2    |   10
-	          72 | user3    |        <== user without ACL
-	(4 rows)
+=head2 can_modify
 
+	die("You are not allowed to modify this object\n") unless($object->can_modify($object));
+
+Returns true if the object on which the method is called can modify the given object.
+
 =cut
-sub get_object_acl {
-	my ( $vhffs , $object ) = @_;
-	return undef unless defined $vhffs and defined $object;
+sub can_modify {
+	my ($self, $object) = @_;
+	return ( $self->get_perm($object) >= Vhffs::Constants::ACL_MODIFY );
+}
 
-	my $sth = $vhffs->get_db_object->prepare( 'SELECT u.object_id AS granted_oid, u.username AS name, aclu.perm FROM vhffs_users u INNER JOIN vhffs_user_group ug ON ug.uid=u.uid INNER JOIN vhffs_object o ON o.owner_gid=ug.gid LEFT OUTER JOIN (SELECT acl.granted_oid, acl.perm FROM vhffs_acl acl WHERE acl.target_oid=?) AS aclu ON aclu.granted_oid=u.object_id WHERE o.object_id=? UNION SELECT g.object_id, NULL, aclg.perm FROM vhffs_groups g INNER JOIN vhffs_object o ON g.gid=o.owner_gid INNER JOIN vhffs_acl aclg ON aclg.granted_oid=g.object_id WHERE aclg.target_oid=? ORDER BY name ASC' );
-	return undef unless $sth->execute( $object->get_oid, $object->get_oid, $object->get_oid );
-	return $sth->fetchall_arrayref({});
+=head2 can_manageacl
+
+	die("You are not allowed to manage acl on this object\n") unless($object->can_manageacl($object));
+
+Returns true if the object on which the method is called can modify ACLs on the given object.
+
+=cut
+sub can_manageacl {
+	my ($self, $object) = @_;
+	return ( $self->get_perm($object) >= Vhffs::Constants::ACL_MANAGEACL );
 }
 
+=head2 can_delete
+
+	die("You are not allowed to delete this object\n") unless($object->can_delete($object));
+
+Returns true if the object on which the method is called can delete the given object.
+
+=cut
+sub can_delete {
+	my ($self, $object) = @_;
+	return ( $self->get_perm($object) >= Vhffs::Constants::ACL_DELETE );
+}
+
 1;

Modified: trunk/vhffs-api/src/Vhffs/Object.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Object.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Object.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -34,6 +34,8 @@
 package Vhffs::Object;
 
 use Vhffs::Constants;
+use Vhffs::Acl;
+
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
@@ -123,10 +125,9 @@
 	$sth->execute($owner_uid, $owner_gid, time(), $state, $description, $type) or return undef;
 	my $oid = $vhffs->get_db_object->last_insert_id(undef, undef, 'vhffs_object', undef);
 
-	my $res = get_by_oid($vhffs, $oid);
-
-	$res->add_history('Object created');
-	return $res;
+	my $object = get_by_oid($vhffs, $oid);
+	$object->add_history('Object created');
+	return $object;
 }
 
 =pod

Modified: trunk/vhffs-api/src/Vhffs/Panel/Acl.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Acl.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Acl.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -41,8 +41,8 @@
 
 use Vhffs::Constants;
 use Vhffs::Functions;
+use Vhffs::Object;
 use Vhffs::User;
-use Vhffs::Acl;
 
 sub acl {
 	my $panel = shift;
@@ -77,7 +77,6 @@
 		my $granted_oid = $cgi->param('granted_oid');
 		my $perm = $cgi->param('perm'.$granted_oid);
 		my $granted;
-		my $ret;
 		unless( defined $granted_oid and defined $perm ) {
 			$panel->add_error( gettext('CGI Error !') );
 		} elsif( not defined( $granted = Vhffs::Object::get_by_oid( $vhffs, $granted_oid ) ) ) {
@@ -85,31 +84,37 @@
 		} elsif( not $user->can_manageacl( $object ) ) {
 			$panel->add_error( gettext('You\'re not allowed to manage this object\'s ACL') );
 		} else {
-			$ret = Vhffs::Acl::add_update_or_del_acl( $vhffs, $object->get_oid, $granted_oid, $perm );
-			$panel->add_error( gettext('Sorry, can\'t add or update ACL') ) if $ret < 0;
-			$panel->add_info( gettext('ACL added') ) if $ret == 1;
-			$panel->add_info( gettext('ACL updated') ) if $ret == 2;
-			$panel->add_info( gettext('ACL deleted') ) if $ret == 3;
+			my $ret = $object->add_update_or_del_acl( $granted, $perm );
+			unless( defined $ret ) { 
+				$panel->add_error( gettext('Sorry, can\'t add or update ACL') );
+			} else {
+				$panel->add_info( gettext('ACL added') ) if $ret == 1;
+				$panel->add_info( gettext('ACL updated') ) if $ret == 2;
+				$panel->add_info( gettext('ACL deleted') ) if $ret == 3;
+			}
 		}
 	}
 
 	$panel->set_title( gettext('ACL Administration') );
 	my $vars = { target => $object };
-	my $acls = Vhffs::Acl::get_object_acl( $vhffs, $object );
+	my $acls = $object->get_acl;
 	my $default_acl;
+	my $owner_acl;
 	my $users_acl = [];
 	foreach my $acl ( @{$acls} )  {
-		if( defined $acl->{name} ) {
-			$acl->{perm} = Vhffs::Constants::ACL_UNDEFINED unless defined $acl->{perm};
+		# Owner
+		if( defined $acl->{uid} and $acl->{uid} == $object->get_owner_uid ) {
+			$owner_acl = $acl;
+		# The real ACL
+		} elsif( defined $acl->{name} ) {
 			push( @$users_acl, $acl );
-		} else  {
-			$default_acl = {
-			  granted_oid => $acl->{granted_oid},
-			  'perm' => $acl->{perm}
-			  };
+		# Group ACL
+		} else {
+			$default_acl = $acl;
 		}
 	}
 	$vars->{default_acl} = $default_acl;
+	$vars->{owner_acl} = $owner_acl;
 	$vars->{users_acl} = $users_acl;
 
 	$panel->render('acl/view.tt', $vars);

Modified: trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Bazaar.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Bazaar;
 use Vhffs::Constants;
 use Vhffs::Functions;
@@ -111,8 +110,6 @@
 	my $bazaar = Vhffs::Services::Bazaar::create( $main, $repo, $description, $user, $group );
 	return -1 unless defined $bazaar;
 
-	return -3 if Vhffs::Acl::add_acl( $main, $user, $bazaar, Vhffs::Constants::ACL_DELETE ) < 0;
-	return -3 if Vhffs::Acl::add_acl( $main, $group, $bazaar, Vhffs::Constants::ACL_VIEW ) < 0;
 	return $bazaar;
 }
 

Modified: trunk/vhffs-api/src/Vhffs/Panel/Cron.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Cron.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Cron.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Cron;
 use Vhffs::Constants;
 
@@ -96,8 +95,6 @@
 	my $cron = Vhffs::Services::Cron::create( $main , $cronpath , $interval , $reportmail , $description, $user , $group );
 	return undef unless defined $cron;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $cron, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $cron, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $cron;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Cvs.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Cvs;
 use Vhffs::Constants;
 
@@ -71,8 +70,6 @@
 	my $cvs = Vhffs::Services::Cvs::create($main, $cvsroot, $description, $user, $group);
 	return undef unless defined $cvs;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $cvs, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $cvs, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $cvs;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/DNS.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/DNS.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/DNS.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
 use locale;
 use Locale::gettext;
 use Vhffs::Constants;
-use Vhffs::Acl;
 use Vhffs::Services::DNS;
 
 
@@ -70,8 +69,6 @@
 	my $dns = Vhffs::Services::DNS::create( $main , $dns_name, $description, $user , $group );
 	return undef unless defined $dns;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $dns, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $dns, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $dns;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Git.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Git.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Git.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Git;
 use Vhffs::Constants;
 use Vhffs::Functions;
@@ -112,8 +111,6 @@
 	my $git = Vhffs::Services::Git::create( $main, $repo, $description, $user, $group );
 	return -1 unless defined $git;
 
-	return -3 if Vhffs::Acl::add_acl( $main, $user, $git, Vhffs::Constants::ACL_DELETE ) < 0;
-	return -3 if Vhffs::Acl::add_acl( $main, $group, $git, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $git;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Group.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Group.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Group.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -204,8 +204,6 @@
 
 	return undef if ($group->add_user( $user->get_uid ) < 0 );
 
-	return undef if ( Vhffs::Acl::add_acl( $main, $user, $group, Vhffs::Constants::ACL_DELETE ) < 0 );
-	return undef if ( Vhffs::Acl::add_acl( $main, $group, $group, Vhffs::Constants::ACL_VIEW ) < 0 );
 
 	return $group;
 }
@@ -356,6 +354,12 @@
 		$panel->render('misc/message.tt', { message => gettext( 'You must specify a project name' ) });
 		return;
 	}
+
+	unless( $user->can_view( $group ) ) {
+		$panel->render('misc/message.tt', { message => gettext( 'You\'re not allowed to do this, object is not in active state or you don\'t have enough ACL rights' ) } );
+		return;
+	}
+
 	$panel->set_group( $group );
 
 	my $vars = { group => $group };

Modified: trunk/vhffs-api/src/Vhffs/Panel/Mail.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Mail.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Mail.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -117,8 +117,6 @@
 	my $mail = Vhffs::Services::Mail::create($main, $domain, $description, $user, $group);
 	return undef unless defined $mail;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $mail, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $mail, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $mail;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/MailingList.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -124,8 +124,6 @@
 	my $list = Vhffs::Services::MailingList::create( $main , $lpart , $domain, $description, $user, $group );
 	return undef unless defined $list;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $list, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $list, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $list;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Mercurial.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Mercurial;
 use Vhffs::Constants;
 use Vhffs::Functions;
@@ -113,8 +112,6 @@
 	my $mercurial = Vhffs::Services::Mercurial::create( $main, $repo, $description, $user, $group );
 	return -1 unless defined $mercurial;
 
-	return -3 if Vhffs::Acl::add_acl( $main, $user, $mercurial, Vhffs::Constants::ACL_DELETE ) < 0;
-	return -3 if Vhffs::Acl::add_acl( $main, $group, $mercurial, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $mercurial;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Mysql.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -39,7 +39,6 @@
 use Locale::gettext;
 use Vhffs::Services::Mysql;
 use Vhffs::Constants;
-use Vhffs::Acl;
 
 =pod
 
@@ -80,8 +79,6 @@
 	my $mysql = Vhffs::Services::Mysql::create($main, $dbname, $dbuser, $dbpass, $description, $user, $group);
 	return undef unless defined $mysql;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $mysql, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $mysql, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $mysql;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Pgsql.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
 use locale;
 use Locale::gettext;
 use Vhffs::Constants;
-use Vhffs::Acl;
 use Vhffs::Services::Pgsql;
 
 
@@ -101,8 +100,6 @@
 	my $pgsql = Vhffs::Services::Pgsql::create($main, $dbname, $dbuser, $dbpass, $description, $user, $group);
 	return undef unless defined $pgsql;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $pgsql, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $pgsql, Vhffs::Constants::ACL_VIEW ) < 0;
 	return $pgsql;
 }
 

Modified: trunk/vhffs-api/src/Vhffs/Panel/Repository.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Repository.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Repository.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -37,7 +37,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Repository;
 use Vhffs::Constants;
 
@@ -100,8 +99,6 @@
 	my $repo = Vhffs::Services::Repository::create( $main , $name , $description, $user , $group );
 	return undef unless defined $repo;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $repo, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $repo, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $repo;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Subscribe.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -121,7 +121,6 @@
 					$panel->add_error( gettext('Cannot apply changes to the user') );
 				}
 				else {
-					Vhffs::Acl::add_acl( $vhffs, $user, $user, Vhffs::Constants::ACL_DELETE );
 
 					# Newsletter
 					if( $vhffs->get_config->get_service_availability('newsletter') ) {

Modified: trunk/vhffs-api/src/Vhffs/Panel/Svn.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Svn.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Svn.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -38,7 +38,6 @@
 use POSIX qw(locale_h);
 use locale;
 use Locale::gettext;
-use Vhffs::Acl;
 use Vhffs::Services::Svn;
 use Vhffs::Constants;
 use Vhffs::Functions;
@@ -112,8 +111,6 @@
 	my $svn = Vhffs::Services::Svn::create( $main, $repo, $description, $user, $group );
 	return -1 unless defined $svn;
 
-	return -3 if Vhffs::Acl::add_acl( $main, $user, $svn, Vhffs::Constants::ACL_DELETE ) < 0;
-	return -3 if Vhffs::Acl::add_acl( $main, $group, $svn, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $svn;
 }

Modified: trunk/vhffs-api/src/Vhffs/Panel/Web.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/Panel/Web.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/Panel/Web.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -41,7 +41,6 @@
 use Vhffs::Services::Web;
 use Vhffs::Constants;
 use Vhffs::Functions;
-use Vhffs::Acl;
 
 =pod
 
@@ -144,8 +143,6 @@
 	my $web = Vhffs::Services::Web::create($main, $servername, $description, $user, $group);
 	return undef unless defined $web;
 
-	return undef if Vhffs::Acl::add_acl( $main, $user, $web, Vhffs::Constants::ACL_DELETE ) < 0;
-	return undef if Vhffs::Acl::add_acl( $main, $group, $web, Vhffs::Constants::ACL_VIEW ) < 0;
 
 	return $web;
 }

Modified: trunk/vhffs-api/src/Vhffs/User.pm
===================================================================
--- trunk/vhffs-api/src/Vhffs/User.pm	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/Vhffs/User.pm	2012-02-22 00:32:40 UTC (rev 2036)
@@ -39,7 +39,6 @@
 use Locale::gettext;
 use Vhffs::Group;
 use Vhffs::Functions;
-use Vhffs::Acl;
 
 =pod
 
@@ -1018,88 +1017,18 @@
 
 =pod
 
-=head2 get_permissions
+=head2 get_admin
 
-	my $perm = $user->get_permissions;
+	my $perm = $user->get_admin;
 
 Returns user access level.
 
 =cut
-sub get_permissions {
+sub get_admin {
 	my $self = shift;
 	return $self->{admin};
 }
 
-=head2 can_view
-
-	die("You are not allowed to view this object\n")
-		                        unless($user->can_view($object));
-
-Returns true if the user on which the method is called can view the given
-object.
-
-=cut
-sub can_view {
-	my ($self, $o) = @_;
-	return 0 unless( $o->get_status == Vhffs::Constants::ACTIVATED || $self->is_admin || $self->is_moderator );
-	return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self )  >=  Vhffs::Constants::ACL_VIEW );
-}
-
-=head2 can_modify
-
-	die("You are not allowed to modify this object\n")
-		                        unless($user->can_modify($object));
-
-Returns true if the user on which the method is called can modify the given
-object.
-
-=cut
-sub can_modify {
-	my ($self, $o) = @_;
-	return 0 unless( $o->get_status == Vhffs::Constants::ACTIVATED || $self->is_admin || $self->is_moderator );
-	return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self )  >=  Vhffs::Constants::ACL_MODIFY );
-}
-
-=head2 can_manageacl
-
-	die("You are not allowed to manage acl on this object\n")
-		                        unless($user->can_manageacl($object));
-
-Returns true if the user on which the method is called can modify ACLs on the given object.
-
-=cut
-sub can_manageacl {
-	my ($self, $o) = @_;
-	return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self )  >=  Vhffs::Constants::ACL_MANAGEACL );
-}
-
-=head2 can_delete
-
-	die("You are not allowed to delete this object\n")
-		                        unless($user->can_delete($object));
-
-Returns true if the user on which the method is called can delete the given
-object.
-
-=cut
-sub can_delete {
-	my ($self, $o) = @_;
-	return 0 unless( $o->get_status == Vhffs::Constants::ACTIVATED || $self->is_admin || $self->is_moderator );
-	return ( Vhffs::Acl::get_perm( $self->get_main, $o, $self )  >=  Vhffs::Constants::ACL_DELETE );
-}
-
-=head2 get_perm
-
-	my $perm = $user->get_perm( $object );
-
-Returns the permission level of the user on the given object.
-
-=cut
-sub get_perm {
-	my ($self, $o) = @_;
-	return Vhffs::Acl::get_perm( $self->get_main, $o, $self );
-}
-
 =head2 have_activegroups
 
 	my $havegroups = $user->have_activegroups;

Modified: trunk/vhffs-api/src/examples/add_acl.pl
===================================================================
--- trunk/vhffs-api/src/examples/add_acl.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/add_acl.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -7,7 +7,6 @@
 use Vhffs::User;
 use Vhffs::Main;
 use Vhffs::Services::Web;
-use Vhffs::Acl;
 
 my $princ = init Vhffs::Main;
 
@@ -21,5 +20,4 @@
 my $httpd = Vhffs::Services::Web::get_by_servername($princ, $servername);
 die("Webarea $servername not found\n") unless(defined $httpd);
 
-Vhffs::Acl::add_acl( $princ, $user, $httpd, $level );
-
+$httpd->add_acl( $user, $level );

Modified: trunk/vhffs-api/src/examples/add_acl_dns.pl
===================================================================
--- trunk/vhffs-api/src/examples/add_acl_dns.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/add_acl_dns.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -8,7 +8,6 @@
 use Vhffs::User;
 use Vhffs::Main;
 use Vhffs::Services::DNS;
-use Vhffs::Acl;
 
 my $princ = init Vhffs::Main;
 
@@ -22,6 +21,6 @@
 my $user = Vhffs::User::get_by_username($princ, $username);
 die("User $username not found\n") unless(defined $user);
 
-Vhffs::Acl::add_acl($princ, $user, $dns, $level);
+$dns->add_acl( $user, $level );
 
 print "User $username has now access level $level domain $domain\n";

Modified: trunk/vhffs-api/src/examples/delete_acl.pl
===================================================================
--- trunk/vhffs-api/src/examples/delete_acl.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/delete_acl.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -10,7 +10,6 @@
 use Vhffs::Main;
 use Vhffs::Object;
 use Vhffs::Services::Web;
-use Vhffs::Acl;
 
 my $princ = init Vhffs::Main;
 
@@ -24,6 +23,6 @@
 my $httpd = Vhffs::Services::Web::get_by_servername($princ, $servername);
 die("Webarea $servername not found\n") unless(defined $httpd);
 
-die("Unable to delete ACL\n") unless(Vhffs::Acl::del_acl( $user , $httpd , $princ) > 0);
+die("Unable to delete ACL\n") unless $httpd->del_acl( $user );
 print "User $username has no longer access to webarea $servername\n";
 

Modified: trunk/vhffs-api/src/examples/mailuser.pl
===================================================================
--- trunk/vhffs-api/src/examples/mailuser.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/mailuser.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
 use Vhffs::Group;
 use Vhffs::Main;
 use Vhffs::Object;
-use Vhffs::Acl;
 use Vhffs::Services::MailUser;
 use Vhffs::Panel::Mail;
 

Modified: trunk/vhffs-api/src/examples/mailuser_add_box.pl
===================================================================
--- trunk/vhffs-api/src/examples/mailuser_add_box.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/mailuser_add_box.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
 use Vhffs::Group;
 use Vhffs::Main;
 use Vhffs::Object;
-use Vhffs::Acl;
 use Vhffs::Services::MailUser;
 use Vhffs::Panel::Mail;
 

Modified: trunk/vhffs-api/src/examples/modify_acl.pl
===================================================================
--- trunk/vhffs-api/src/examples/modify_acl.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/modify_acl.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -7,7 +7,6 @@
 use Vhffs::User;
 use Vhffs::Main;
 use Vhffs::Services::Web;
-use Vhffs::Acl;
 
 my $princ = init Vhffs::Main;
 
@@ -21,5 +20,4 @@
 my $httpd = Vhffs::Services::Web::get_by_servername($princ, $servername);
 die("Webarea $servername not found\n") unless(defined $httpd);
 
-Vhffs::Acl::add_acl($princ, $user, $httpd, $level);
-
+$httpd->add_acl( $user, $level );

Modified: trunk/vhffs-api/src/examples/perm_for_user.pl
===================================================================
--- trunk/vhffs-api/src/examples/perm_for_user.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/perm_for_user.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -10,7 +10,6 @@
 use Vhffs::Object;
 use Vhffs::Services::Mysql;
 use Vhffs::Services::Web;
-use Vhffs::Acl;
 
 my $princ = init Vhffs::Main;
 
@@ -25,5 +24,5 @@
 die("Webarea $servername not found\n") unless(defined $httpd);
 
 print "Permission: ";
-print Vhffs::Acl::get_perm( $princ,  $httpd , $user );
+print $user->get_perm( $httpd );
 print "\n";

Modified: trunk/vhffs-api/src/examples/show_acl_per_object.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_acl_per_object.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/show_acl_per_object.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -6,7 +6,6 @@
 use Data::Dumper;
 use lib '%VHFFS_LIB_DIR%';
 use Vhffs::Main;
-use Vhffs::Acl;
 use Vhffs::Services::Mysql;
 
 my $princ = init Vhffs::Main;
@@ -19,5 +18,5 @@
 
 die("MySQL service $dbname not found\n") unless(defined $sql);
 
-my $acl = Vhffs::Acl::get_object_acl( $princ, $sql );
+my $acl = $sql->get_acl();
 print Dumper $acl;

Modified: trunk/vhffs-api/src/examples/show_dumper_cvs.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_dumper_cvs.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/show_dumper_cvs.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
 use Vhffs::Group;
 use Vhffs::Main;
 use Vhffs::Object;
-use Vhffs::Acl;
 use Vhffs::Services::Web;
 use Vhffs::Panel::Group;
 use Vhffs::Services::Cvs;

Modified: trunk/vhffs-api/src/examples/show_dumper_object.pl
===================================================================
--- trunk/vhffs-api/src/examples/show_dumper_object.pl	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-api/src/examples/show_dumper_object.pl	2012-02-22 00:32:40 UTC (rev 2036)
@@ -9,7 +9,6 @@
 use Vhffs::Group;
 use Vhffs::Main;
 use Vhffs::Object;
-use Vhffs::Acl;
 use Vhffs::Services::Web;
 use Vhffs::Panel::Group;
 

Modified: trunk/vhffs-compat/from-4.3-to-4.4.sql
===================================================================
--- trunk/vhffs-compat/from-4.3-to-4.4.sql	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-compat/from-4.3-to-4.4.sql	2012-02-22 00:32:40 UTC (rev 2036)
@@ -8,3 +8,12 @@
 -- Although, default ACL is ACL_DENIED, which is what we want for users on their primary group.
 DELETE FROM vhffs_acl acl WHERE acl.target_oid IN (SELECT object_id FROM vhffs_object WHERE type=10) AND acl.granted_oid IN (SELECT object_id FROM vhffs_object WHERE type=11);
 
+-- Removed useless ACL on users where user is currently the owner_uid of the object, thus already having ACL_DELETE privilege
+DELETE FROM vhffs_acl acl
+	WHERE acl.granted_oid IN (SELECT acl.granted_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=10 AND og.owner_uid=ot.owner_uid)
+	AND acl.target_oid IN (SELECT acl.target_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=10 AND og.owner_uid=ot.owner_uid);
+
+-- Removed useless ACL on groups where group is currently the owner_gid of the object and where the perm is set to ACL_VIEW, which is the default privilege
+DELETE FROM vhffs_acl acl
+	WHERE acl.granted_oid IN (SELECT acl.granted_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=11 AND og.owner_gid=ot.owner_gid AND acl.perm=2)
+	AND acl.target_oid IN (SELECT acl.target_oid FROM vhffs_acl acl INNER JOIN vhffs_object ot ON ot.object_id=acl.target_oid INNER JOIN vhffs_object og ON og.object_id=acl.granted_oid WHERE og.type=11 AND og.owner_gid=ot.owner_gid AND acl.perm=2);

Modified: trunk/vhffs-panel/templates/acl/view.tt
===================================================================
--- trunk/vhffs-panel/templates/acl/view.tt	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-panel/templates/acl/view.tt	2012-02-22 00:32:40 UTC (rev 2036)
@@ -18,7 +18,7 @@
       <span><b>[% 'Default' | i18n | html %]</b></span>
       <span> </span>
       <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.DENIED %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.DENIED %]/></span>
-      <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.item('VIEW') %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.item('VIEW') %]/></span>
+      <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.UNDEFINED %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.item('VIEW') %]/></span>
       <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.MODIFY %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.MODIFY %]/></span>
       <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.MANAGEACL %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.MANAGEACL %]/></span>
       <span><input type="radio" name="perm[% default_acl.granted_oid %]" value="[% constants.acl.DELETE %]"[% ' checked="checked"' IF default_acl.perm == constants.acl.DELETE %]/></span>
@@ -29,6 +29,18 @@
       </span>
     </p>
   </form>
+  <form method="post" action="#" accept-charset="utf-8">
+    <p>
+      <span><b>[% owner_acl.name %]</b></span>
+      <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.UNDEFINED %]" disabled="disabled"/></span>
+      <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.DENIED %]" disabled="disabled"/></span>
+      <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.item('VIEW') %]" disabled="disabled"/></span>
+      <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.MODIFY %]" disabled="disabled"/></span>
+      <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.MANAGEACL %]" disabled="disabled"/></span>
+      <span><input type="radio" name="perm[% owner_acl.granted_oid %]" value="[% constants.acl.DELETE %]" checked="checked" disabled="disabled"/></span>
+      <span> </span>
+    </p>
+  </form>
 [% FOREACH acl IN users_acl %]
   <form method="post" action="#" accept-charset="utf-8">
     <p>

Modified: trunk/vhffs-panel/templates/user/prefs.tt
===================================================================
--- trunk/vhffs-panel/templates/user/prefs.tt	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-panel/templates/user/prefs.tt	2012-02-22 00:32:40 UTC (rev 2036)
@@ -195,11 +195,11 @@
         <input type="hidden" name="name" value="[% user.get_username %]"/>
         <p><label for="user_permissions">[% 'User\'s permissions:' | i18n | html %]</label>
         <select name="permissions" id="user_permissions">
-            <option value="[% constants.user_permissions.NORMAL %]"[% ' selected="selected"' IF user.get_permissions == constants.user_permissions.NORMAL %]>
+            <option value="[% constants.user_permissions.NORMAL %]"[% ' selected="selected"' IF user.get_admin == constants.user_permissions.NORMAL %]>
                 [% 'Normal' | i18n | html %]</option>
-            <option value="[% constants.user_permissions.MODERATOR %]"[% ' selected="selected"' IF user.get_permissions == constants.user_permissions.MODERATOR %]>
+            <option value="[% constants.user_permissions.MODERATOR %]"[% ' selected="selected"' IF user.get_admin == constants.user_permissions.MODERATOR %]>
                 [% 'Moderator' | i18n | html %]</option>
-            <option value="[% constants.user_permissions.ADMIN %]"[% ' selected="selected"' IF user.get_permissions == constants.user_permissions.ADMIN %]>
+            <option value="[% constants.user_permissions.ADMIN %]"[% ' selected="selected"' IF user.get_admin == constants.user_permissions.ADMIN %]>
                 [% 'Administrator' | i18n | html %]</option>
         </select>
         </p>

Modified: trunk/vhffs-tools/src/vhffs-useradd
===================================================================
--- trunk/vhffs-tools/src/vhffs-useradd	2012-02-20 21:24:44 UTC (rev 2035)
+++ trunk/vhffs-tools/src/vhffs-useradd	2012-02-22 00:32:40 UTC (rev 2036)
@@ -57,8 +57,6 @@
 
 if(defined $user) {
 	print "User successfully created, setting default ACL\n";
-        Vhffs::Acl::add_acl( $vhffs, $user, $user, Vhffs::Constants::ACL_DELETE );
-        Vhffs::Acl::add_acl( $vhffs, $user->get_group, $user, Vhffs::Constants::ACL_DENIED );
 } else {
 	print "Unable to create user (duplicate ?)\n";
 }


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/