Add history to the wallet-backend and to its documentation and the end-user

documentation.  Fix a variety of other problems with the documentation of
the ACLs used and add mentions of getattr and setattr to a few places
where they were missing.

3 files changed, 56 insertions, 20 deletions

diff --git a/client/wallet.pod b/client/wallet.pod
index 7d70a9d..957cd24 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -114,12 +114,13 @@ options and commands are ignored.
 
 As mentioned above, most commands are only available to wallet
 administrators.  The exceptions are C<get>, C<store>, C<show>, C<destroy>,
-C<flag clear>, C<flag set>, C<getattr>, and C<setattr>.  All of those
-commands have their own ACLs except C<getattr>, which uses the C<show>
-ACL, and C<setattr>, which uses the C<show> ACL.  If the appropriate ACL
-is set, it alone is checked to see if the user has access.  Otherwise,
-C<get>, C<store>, C<show>, C<getattr>, and C<setattr> access is permitted
-if the user is authorized by the owner ACL of the object.
+C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>.  All
+of those commands have their own ACLs except C<getattr> and C<history>,
+which use the C<show> ACL, and C<setattr>, which uses the C<store> ACL.
+If the appropriate ACL is set, it alone is checked to see if the user has
+access.  Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, and
+C<history> access is permitted if the user is authorized by the owner ACL
+of the object.
 
 Administrators can run any command on any object or ACL except for C<get>
 and C<store>.  For C<get> and C<show>, they must still be authorized by
@@ -127,8 +128,9 @@ either the appropriate specific ACL or the owner ACL.
 
 If the locked flag is set on an object, no commands can be run on that
 object that change data except the C<flags> commands, nor can the C<get>
-command be used on that object.  C<show>, C<getacl>, and C<owner> or
-C<expires> without an argument can still be used on that object.
+command be used on that object.  C<show>, C<history>, C<getacl>,
+C<getattr>, and C<owner> or C<expires> without an argument can still be
+used on that object.
 
 For more information on attributes, see L<ATTRIBUTES>.
 
@@ -230,6 +232,14 @@ underlying object implementation.  The attribute values, if any, are
 printed one per line.  If the attribute is not set on this object, nothing
 is printed.
 
+=item history <type> <name>
+
+Displays the history for the object identified by <type> and <name>.
+This human-readable output will have two lines for each action that
+changes the object, plus for any get action.  The first line has the
+timestamp of the action and the action, and the second line gives the user
+who performed the action and the host from which they performed it.
+
 =item owner <type> <name> [<owner>]
 
 If <owner> is not given, displays the current owner ACL of the object
diff --git a/server/wallet-backend b/server/wallet-backend
index 4a5a868..3f84ecd 100755
--- a/server/wallet-backend
+++ b/server/wallet-backend
@@ -144,6 +144,14 @@ sub command {
         } elsif (@result) {
             print join ("\n", @result, '');
         }
+    } elsif ($command eq 'history') {
+        check_args (2, 2, [], @args);
+        my $output = $server->history (@args);
+        if (defined $output) {
+            print $output;
+        } else {
+            die $server->error;
+        }
     } elsif ($command eq 'owner') {
         check_args (2, 3, [], @args);
         if (@args > 2) {
@@ -222,21 +230,23 @@ B<wallet-backend> takes no traditional options.
 
 Most commands are only available to wallet administrators (users on the
 C<ADMIN> ACL).  The exceptions are C<get>, C<store>, C<show>, C<destroy>,
-C<flag clear>, C<flag set>, C<getattr>, and C<setattr>.  All of those
-commands have their own ACLs except C<getattr>, which uses the C<show> ACL,
-and C<setattr>, which uses the C<show> ACL.  If the appropriate ACL is set,
-it alone is checked to see if the user has access.  Otherwise, C<get>,
-C<store>, C<show>, C<getattr>, and C<setattr> access is permitted if the
-user is authorized by the owner ACL of the object.
+C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>.  All
+of those commands have their own ACLs except C<getattr> and C<history>,
+which use the C<show> ACL, and C<setattr>, which uses the C<store> ACL.
+If the appropriate ACL is set, it alone is checked to see if the user has
+access.  Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, and
+C<history> access is permitted if the user is authorized by the owner ACL
+of the object.
 
 Administrators can run any command on any object or ACL except for C<get>
-and C<store>.  For C<get> and C<show>, they must still be authorized by
+and C<store>.  For C<get> and C<store>, they must still be authorized by
 either the appropriate specific ACL or the owner ACL.
 
 If the locked flag is set on an object, no commands can be run on that
 object that change data except the C<flags> commands, nor can the C<get>
-command be used on that object.  C<show>, C<getacl>, and C<owner> or
-C<expires> without an argument can still be used on that object.
+command be used on that object.  C<show>, C<history>, C<getacl>,
+C<getattr>, and C<owner> or C<expires> without an argument can still be
+used on that object.
 
 For more information on attributes, see L<ATTRIBUTES>.
 
@@ -337,6 +347,14 @@ underlying object implementation.  The attribute values, if any, are printed
 one per line.  If the attribute is not set on this object, nothing is
 printed.
 
+=item history <type> <name>
+
+Displays the history for the object identified by <type> and <name>.
+This human-readable output will have two lines for each action that
+changes the object, plus for any get action.  The first line has the
+timestamp of the action and the action, and the second line gives the user
+who performed the action and the host from which they performed it.
+
 =item owner <type> <name> [<owner>]
 
 If <owner> is not given, displays the current owner ACL of the object
diff --git a/tests/server/backend-t.in b/tests/server/backend-t.in
index e8558f5..85fb0ce 100644
--- a/tests/server/backend-t.in
+++ b/tests/server/backend-t.in
@@ -9,7 +9,7 @@
 
 use strict;
 use IO::String;
-use Test::More tests => 790;
+use Test::More tests => 802;
 
 # Create a dummy class for Wallet::Server that prints what method was called
 # with its arguments and returns data for testing.
@@ -105,6 +105,13 @@ sub get {
     return 'get';
 }
 
+sub history {
+    shift;
+    print "history @_\n";
+    return if $_[0] eq 'error';
+    return 'history';
+}
+
 sub owner {
     shift;
     print "owner @_\n";
@@ -174,6 +181,7 @@ my %commands = (create  => [2, 2],
                 get     => [2, 2],
                 getacl  => [3, 3],
                 getattr => [3, 3],
+                history => [2, 2],
                 owner   => [2, 3],
                 setacl  => [4, 4],
                 setattr => [4, 9],
@@ -269,7 +277,7 @@ for my $command (qw/create destroy setacl setattr store/) {
         ' and ran the right method');
     $error++;
 }
-for my $command (qw/expires get getacl getattr owner show/) {
+for my $command (qw/expires get getacl getattr history owner show/) {
     my $method = { getacl => 'acl', getattr => 'attr' }->{$command};
     $method ||= $command;
     my @extra = ('foo') x ($commands{$command}[0] - 2);
@@ -280,7 +288,7 @@ for my $command (qw/expires get getacl getattr owner show/) {
         is ($out, "$new\n$method type name$extra\nattr1\nattr2\n",
             ' and ran the right method with output');
     } else {
-        my $newline = ($command eq 'get' or $command eq 'show') ? '' : "\n";
+        my $newline = ($command =~ /^(get|history|show)\z/) ? '' : "\n";
         ($out, $err) = run_backend ($command, 'type', 'name', @extra);
         is ($err, '', "Command $command ran with no errors");
         is ($out, "$new\n$method type name$extra\n$method$newline",