Improvements to default_check including the operation type, and pass

the database handle to the ACL constructor.
author: Russ Allbery <rra@stanford.edu> 2007-05-02 22:28:58 +0000
committer: Russ Allbery <rra@stanford.edu> 2007-05-02 22:28:58 +0000
commit: 7a7fc37d7c9672748f7df6d6b77e9b2e24145be0 (patch)
tree: 8a291ba0776210b733dfef9d9092963474a4bb1d /docs
parent: ebfe15fca0fe5f15c17efc7220d9313436e138ab (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/docs/design-api b/docs/design-api
index 0af6862..9ef3901 100644
--- a/docs/design-api
+++ b/docs/design-api
@@ -61,13 +61,14 @@ Object API
     display, or undef on error.  On error, the caller should call error()
     to get the error text.
 
-  default_check(PRINCIPAL)
+  default_check(OPERATION, PRINCIPAL)
 
     Applies the default authorization rules for this object type, if any,
     and returns 1 if those default authorization rules allow access.  If
     there are no authorization rules or if they don't allow access,
     returns 0.  On error, returns undef; the caller should call error() to
-    get the error text.
+    get the error text.  Operation should be one of get, store, delete,
+    show, and flags.
 
   error()
 
@@ -76,11 +77,12 @@ Object API
 
 ACL API
 
-  new()
+  new(DBH)
 
     Creates a persistant ACL verifier for the given ACL type.  This may do
     nothing, but some ACL verifiers require some persistant data, like a
-    persistant LDAP connection.
+    persistant LDAP connection.  The database handle should be provided to
+    the constructor, but a given ACL implementation may not use it.
 
   check(PRINCIPAL, ACL)
author	Russ Allbery <rra@stanford.edu>	2007-05-02 22:28:58 +0000
committer	Russ Allbery <rra@stanford.edu>	2007-05-02 22:28:58 +0000
commit	7a7fc37d7c9672748f7df6d6b77e9b2e24145be0 (patch)
tree	8a291ba0776210b733dfef9d9092963474a4bb1d /docs
parent	ebfe15fca0fe5f15c17efc7220d9313436e138ab (diff)