diff options
| author | Russ Allbery <rra@stanford.edu> | 2007-10-11 00:11:43 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2007-10-11 00:11:43 +0000 |
| commit | 32ec05c61136ceff5c6013f304e309c7abdd2fb0 (patch) | |
| tree | 0cc3e17dd1d73f2c267c20ca13693ffe2feac458 /perl/Wallet | |
| parent | c940a0f4716b0c8048c46ab3e783f543d190eed6 (diff) | |
Add an acl_history method to the server layer and test it.
Diffstat (limited to 'perl/Wallet')
| -rw-r--r-- | perl/Wallet/Server.pm | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/perl/Wallet/Server.pm b/perl/Wallet/Server.pm index 2bc6ba1..41072a8 100644 --- a/perl/Wallet/Server.pm +++ b/perl/Wallet/Server.pm @@ -461,10 +461,32 @@ sub acl_error { $action = 'add to'; } elsif ($action eq 'remove') { $action = 'remove from'; + } elsif ($action eq 'history') { + $action = 'see history of'; } $self->error ("$self->{user} not authorized to $action ACL $acl"); } +# Display the history of an ACL or return undef and set the internal error. +sub acl_history { + my ($self, $id) = @_; + unless ($self->{admin}->check ($self->{user})) { + $self->acl_error ($id, 'history'); + return undef; + } + my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) }; + if ($@) { + $self->error ($@); + return undef; + } + my $result = $acl->history; + if (not defined $result) { + $self->error ($acl->error); + return undef; + } + return $result; +} + # Display the membership of an ACL or return undef and set the internal error. sub acl_show { my ($self, $id) = @_; @@ -700,6 +722,16 @@ object. The ADMIN ACL may not be destroyed. To destroy an ACL, the current user must be authorized by the ADMIN ACL. Returns true on success and false on failure. +=item acl_history(ID) + +Returns the history of the ACL identified by ID, which may be either the ACL +name or its numeric ID. To see the history of an ACL, the current user must +be authorized by the ADMIN ACL. Each change that modifies the ACL (not +counting changes in the name of the ACL) will be represented by two lines. +The first line will have a timestamp of the change followed by a description +of the change, and the second line will give the user who made the change +and the host from which the change was made. Returns undef on failure. + =item acl_remove(ID, SCHEME, IDENTIFIER) Removes from the ACL identified by ID the entry matching SCHEME and |