Add a show method to Wallet::ACL.

2 files changed, 43 insertions, 2 deletions

diff --git a/perl/Wallet/ACL.pm b/perl/Wallet/ACL.pm
index a0417f8..d6cc29c 100644
--- a/perl/Wallet/ACL.pm
+++ b/perl/Wallet/ACL.pm
@@ -278,6 +278,26 @@ sub list {
     }
 }
 
+# Return as a string a human-readable description of an ACL, including its
+# membership.  This method is only for human-readable output; use the list()
+# method if you are using the results in other code.  Returns undef on
+# failure.
+sub show {
+    my ($self) = @_;
+    my @entries = $self->list;
+    if (@entries == 1 and not defined ($entries[0])) {
+        return undef;
+    }
+    my $name = $self->name;
+    my $id = $self->id;
+    my $output = "Members of ACL $name (id: $id) are:\n";
+    for my $entry (sort { $$a[0] cmp $$b[0] or $$a[1] cmp $$b[1] } @entries) {
+        my ($scheme, $identifier) = @$entry;
+        $output .= "  $scheme $identifier\n";
+    }
+    return $output;
+}
+
 # Given a principal, check whether it should be granted access according to
 # this ACL.  Returns 1 if access was granted, 0 if access was denied, and
 # undef on some error.  Errors from ACL verifiers do not cause an error
@@ -488,6 +508,14 @@ failure, the caller should call error() to get the error message.
 
 Note that rename() operations are not logged in the ACL history.
 
+=item show()
+
+Returns a human-readable description of this ACL, including its membership.
+This method should only be used for display of the ACL to humans.  Use the
+list(), name(), and id() methods instead to get ACL information for use in
+other code.  On failure, returns undef, and the caller should call error()
+to get the error message.
+
 =back
 
 =head1 SEE ALSO
diff --git a/perl/t/acl.t b/perl/t/acl.t
index 6d4fd78..a3a9214 100755
--- a/perl/t/acl.t
+++ b/perl/t/acl.t
@@ -3,7 +3,7 @@
 #
 # t/api.t -- Tests for the wallet ACL API.
 
-use Test::More tests => 97;
+use Test::More tests => 100;
 
 use Wallet::ACL;
 use Wallet::Config;
@@ -79,7 +79,7 @@ ok (! $acl->rename ('ADMIN'), ' but renaming to an existing name fails');
 like ($acl->error, qr/^cannot rename ACL 2 to ADMIN: /,
       ' with the right error');
 
-# Test add, check, remove, and list.
+# Test add, check, remove, list, and show.
 my @entries = $acl->list;
 is (scalar (@entries), 0, 'ACL starts empty');
 is ($acl->check ($user1), 0, ' so check fails');
@@ -114,6 +114,12 @@ is ($entries[0][0], 'krb5', ' with the right scheme for 1');
 is ($entries[0][1], $user1, ' and the right identifier for 1');
 is ($entries[1][0], 'krb5', ' and the right scheme for 2');
 is ($entries[1][1], $user2, ' and the right identifier for 2');
+my $expected = <<"EOE";
+Members of ACL example (id: 2) are:
+  krb5 $user1
+  krb5 $user2
+EOE
+is ($acl->show, $expected, ' and show returns correctly');
 ok (! $acl->remove ('krb5', $admin, @trace),
     'Removing a nonexistent entry fails');
 is ($acl->error, "cannot remove krb5:$admin from 2: entry not found in ACL",
@@ -143,6 +149,12 @@ is ($entries[0][0], 'krb5', ' with the right scheme for 1');
 is ($entries[0][1], '', ' and the right identifier for 1');
 is ($entries[1][0], 'krb5', ' and the right scheme for 2');
 is ($entries[1][1], $user2, ' and the right identifier for 2');
+$expected = <<"EOE";
+Members of ACL example (id: 2) are:
+  krb5 
+  krb5 $user2
+EOE
+is ($acl->show, $expected, ' and show returns correctly');
 is ($acl->check ($user2), 1, ' and checking the good entry still works');
 is (scalar ($acl->check_errors), "malformed krb5 ACL\n",
     ' but now with the right error');
@@ -166,6 +178,7 @@ if ($acl->remove ('krb5', '', @trace)) {
 }
 @entries = $acl->list;
 is (scalar (@entries), 0, ' and now there are no entries');
+is ($acl->show, "Members of ACL example (id: 2) are:\n", ' and show concurs');
 is ($acl->check ($user2), 0, ' and the second user check fails');
 is (scalar ($acl->check_errors), '', ' with no error message');