Added wallet report for nested ACL

We needed a way to report on where all a specific ACL might be nested, since we can't destroy an ACL until it's no longer being nested. For the immediate this is part of wallet-report. Change-Id: I41c11b73325d1eb3a28289eac3505bf965877be1
author: Jon Robertson <jonrober@stanford.edu> 2015-06-09 15:04:14 -0700
committer: Jon Robertson <jonrober@stanford.edu> 2015-11-18 23:47:40 -0800
commit: 5d668b86ced32e84fd0f49046326a0a5e20dc8eb (patch)
tree: 29f57641512d39186f398a5e8e1fbb7a0a127b7e
parent: 43f386a6e3d0c141cd732b5ef5c2be8349f51f03 (diff)
3 files changed, 49 insertions, 8 deletions
diff --git a/perl/lib/Wallet/Report.pm b/perl/lib/Wallet/Report.pm
index fc7bb4d..353cd97 100644
--- a/perl/lib/Wallet/Report.pm
+++ b/perl/lib/Wallet/Report.pm
@@ -359,8 +359,7 @@ sub types {
 # ACL reports
 ##############################################################################
 
-# Returns the SQL statement required to find and return all ACLs in the
-# database.
+# Returns the array of all ACLs in the database.
 sub acls_all {
     my ($self) = @_;
     my @acls;
@@ -384,7 +383,7 @@ sub acls_all {
     return (@acls);
 }
 
-# Returns the SQL statement required to find all empty ACLs in the database.
+# Returns the array of all empty ACLs in the database.
 sub acls_empty {
     my ($self) = @_;
     my @acls;
@@ -410,9 +409,36 @@ sub acls_empty {
     return (@acls);
 }
 
-# Returns the SQL statement and the field required to find ACLs containing the
-# specified entry.  The identifier is automatically surrounded by wildcards to
-# do a substring search.
+# Returns the array of ACLs that nest a given ACL.
+sub acls_nesting {
+    my ($self, $name) = @_;
+    my @acls;
+
+    my $schema = $self->{schema};
+    my %search = (ae_scheme     => 'nested',
+                  ae_identifier => $name);
+    my %options = (join     => 'acl_entries',
+                   prefetch => 'acl_entries',
+                   order_by => [ qw/ac_id/ ],
+                   select   => [ qw/ac_id ac_name/ ]);
+
+    eval {
+        my @acls_rs = $schema->resultset('Acl')->search (\%search, \%options);
+        for my $acl_rs (@acls_rs) {
+            push (@acls, [ $acl_rs->ac_id, $acl_rs->ac_name ]);
+        }
+    };
+
+    if ($@) {
+        $self->error ("cannot list ACLs: $@");
+        return;
+    }
+    return (@acls);
+}
+
+# Returns the array of all ACLs containing the specified entry.  The given
+# identifier is automatically surrounded by wildcards to do a substring
+# search.
 sub acls_entry {
     my ($self, $type, $identifier) = @_;
     my @acls;
@@ -440,7 +466,7 @@ sub acls_entry {
     return (@acls);
 }
 
-# Returns the SQL statement required to find unused ACLs.
+# Returns the array of all unused ACLs.
 sub acls_unused {
     my ($self) = @_;
     my @acls;
@@ -553,6 +579,13 @@ sub acls {
             @acls = $self->acls_empty;
         } elsif ($type eq 'unused') {
             @acls = $self->acls_unused;
+        } elsif ($type eq 'nesting') {
+            if (@args == 0) {
+                $self->error ('ACL nesting search requires an ACL to search');
+                return;
+            } else {
+                @acls = $self->acls_nesting (@args);
+            }
         } else {
             $self->error ("unknown search type: $type");
             return;
diff --git a/perl/t/general/report.t b/perl/t/general/report.t
index 6f6b750..a841acd 100755
--- a/perl/t/general/report.t
+++ b/perl/t/general/report.t
@@ -11,7 +11,7 @@
 use strict;
 use warnings;
 
-use Test::More tests => 219;
+use Test::More tests => 222;
 
 use Wallet::Admin;
 use Wallet::Report;
@@ -366,6 +366,13 @@ is ($server->acl_add ('third', 'base', 'baz'), 1,
 is (scalar (@acls), 0, 'There are no duplicate ACLs');
 is ($report->error, undef, ' and no error');
 
+# See if the acl nesting report works correctly.
+is ($server->acl_add ('fourth', 'nested', 'second'), 1,
+    'Adding an ACL as a nested entry for another works');
+@acls = $report->acls ('nesting', 'second');
+is (scalar (@acls), 1, ' and the nested report shows one nesting');
+is ($acls[0][1], 'fourth', ' with the correct ACL nesting it');
+
 # Clean up.
 $admin->destroy;
 system ('rm -r test-files') == 0 or die "cannot remove test-files\n";
diff --git a/server/wallet-report b/server/wallet-report
index 77a2f8a..4719a8a 100755
--- a/server/wallet-report
+++ b/server/wallet-report
@@ -17,6 +17,7 @@ Wallet reporting help:
   acls duplicate                ACLs that duplicate another
   acls empty                    All empty ACLs
   acls entry <scheme> <id>      ACLs containing this entry (wildcarded)
+  acls nesting <acl>            ACLs containing this ACL as a nested entry
   acls unused                   ACLs that are not referenced by any object
   audit acls name               ACLs failing the naming policy
   audit objects name            Objects failing the naming policy
author	Jon Robertson <jonrober@stanford.edu>	2015-06-09 15:04:14 -0700
committer	Jon Robertson <jonrober@stanford.edu>	2015-11-18 23:47:40 -0800
commit	5d668b86ced32e84fd0f49046326a0a5e20dc8eb (patch)
tree	29f57641512d39186f398a5e8e1fbb7a0a127b7e
parent	43f386a6e3d0c141cd732b5ef5c2be8349f51f03 (diff)