diff options
| author | Jon Robertson <jonrober@stanford.edu> | 2015-02-06 23:43:50 -0800 |
|---|---|---|
| committer | Jon Robertson <jonrober@stanford.edu> | 2015-06-08 15:24:34 -0700 |
| commit | 0e16def8a9e12f9b2232b29da79cdacb6710b086 (patch) | |
| tree | cbc454b69485aa2827200213f475d7ed5882b967 /perl/lib/Wallet/Server.pm | |
| parent | aebae838e3aa327e94d796bd99b48c169ffe6683 (diff) | |
Added acl replace command to wallet backend
New command for replacing the ownership of anything owned by a specific
ACL with another ACL. This differs from acl rename in that it's to be
used when the destination ACL already exists and potentially already
owns some objects.
Change-Id: I765bebf499fe0f861abc2ffe1873990590beed36
Diffstat (limited to 'perl/lib/Wallet/Server.pm')
| -rw-r--r-- | perl/lib/Wallet/Server.pm | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/perl/lib/Wallet/Server.pm b/perl/lib/Wallet/Server.pm index f6ea342..6af0570 100644 --- a/perl/lib/Wallet/Server.pm +++ b/perl/lib/Wallet/Server.pm @@ -734,6 +734,36 @@ sub acl_rename { return 1; } +# Move all ACLs owned by one ACL to another, or return undef and set the +# internal error. +sub acl_replace { + my ($self, $old_id, $replace_id) = @_; + unless ($self->{admin}->check ($self->{user})) { + $self->acl_error ($old_id, 'replace'); + return; + } + my $acl = eval { Wallet::ACL->new ($old_id, $self->{schema}) }; + if ($@) { + $self->error ($@); + return; + } + if ($acl->name eq 'ADMIN') { + $self->error ('cannot replace the ADMIN ACL'); + return; + } + my $replace_acl = eval { Wallet::ACL->new ($replace_id, $self->{schema}) }; + if ($@) { + $self->error ($@); + return; + } + + unless ($acl->replace ($replace_id, $self->{user}, $self->{host})) { + $self->error ($acl->error); + return; + } + return 1; +} + # Destroy an ACL, deleting it out of the database. Returns true on success. # On failure, returns undef, setting the internal error. sub acl_destroy { @@ -942,6 +972,14 @@ either the current name or the numeric ID. NEW must not be all-numeric. To rename an ACL, the current user must be authorized by the ADMIN ACL. Returns true on success and false on failure. +=item acl_replace(OLD, NEW) + +Moves any object owned by the ACL identified by OLD to be instead owned by +NEW. This goes through all objects owned by OLD and individually changes +the owner, along with history updates. OLD and NEW may be either the name +or the numeric ID. To replace an ACL, the current user must be authorized +by the ADMIN ACL. Returns true on success and false on failure. + =item acl_show(ID) Returns a human-readable description, including membership, of the ACL |