Added nested acl verifier

This verifier will allow embedding one ACL in another for more flexible
ACL handling.  As part of thise we've also added the ability for each
verifier to do a syntax check to see if a given name is valid for that
verifier.  For the moment this returns true for everything but Nested.
Nested will check to make sure the given name is an existing group.

Change-Id: Iacdf146d46ed882d57b7534058d34db6e6ec1de4

1 files changed, 12 insertions, 1 deletions

diff --git a/perl/lib/Wallet/ACL/Base.pm b/perl/lib/Wallet/ACL/Base.pm
index a2b07cc..19ca612 100644
--- a/perl/lib/Wallet/ACL/Base.pm
+++ b/perl/lib/Wallet/ACL/Base.pm
@@ -20,7 +20,7 @@ use vars qw($VERSION);
 # This version should be increased on any code change to this module.  Always
 # use two digits for the minor version with a leading zero if necessary so
 # that it will sort properly.
-$VERSION = '0.02';
+$VERSION = '0.03';
 
 ##############################################################################
 # Interface
@@ -37,6 +37,11 @@ sub new {
     return $self;
 }
 
+# The default name check method allows any name.
+sub syntax_check {
+    return 1;
+}
+
 # The default check method denies all access.
 sub check {
     return 0;
@@ -92,6 +97,12 @@ inherit from it.  It is not used directly.
 Creates a new ACL verifier.  The generic function provided here just
 creates and blesses an object.
 
+=item syntax_check(PRINCIPAL, ACL)
+
+This method should be overridden by any child classes that want to
+implement validating the name of an ACL before creation.  The default
+implementation allows any name for an ACL.
+
 =item check(PRINCIPAL, ACL)
 
 This method should always be overridden by child classes.  The default