Add acls duplicate report

Add an acls duplicate report to wallet-report and Wallet::Report, returning sets of ACLs that have exactly the same entries.
author: Russ Allbery <rra@stanford.edu> 2010-05-18 16:44:38 -0700
committer: Russ Allbery <rra@stanford.edu> 2010-05-18 16:45:04 -0700
commit: 4dbf126b079d87639d0a463770c3e72b5b53d5d1 (patch)
tree: 863b4d276ef6a327217272f558342931bea73e3a /perl
parent: 7bed6b6110af7532fc4a49cdb425f7f668e17c21 (diff)
2 files changed, 104 insertions, 13 deletions
diff --git a/perl/Wallet/Report.pm b/perl/Wallet/Report.pm
index 64418ee..5a8dc52 100644
--- a/perl/Wallet/Report.pm
+++ b/perl/Wallet/Report.pm
@@ -15,6 +15,7 @@ require 5.006;
 use strict;
 use vars qw($VERSION);
 
+use Wallet::ACL;
 use Wallet::Database;
 
 # This version should be increased on any code change to this module.  Always
@@ -234,6 +235,52 @@ sub acls_unused {
     return ($sql);
 }
 
+# Obtain a textual representation of the membership of an ACL, returning undef
+# on error and setting the internal error.
+sub acl_membership {
+    my ($self, $id) = @_;
+    my $acl = eval { Wallet::ACL->new ($id, $self->{dbh}) };
+    if ($@) {
+        $self->error ($@);
+        return;
+    }
+    my @members = map { "$_->[0] $_->[1]" } $acl->list;
+    if (!@members && $acl->error) {
+        $self->error ($acl->error);
+        return;
+    }
+    return join ("\n", @members);
+}
+
+# Duplicate ACL detection unfortunately needs to do something more complex
+# than just return a SQL statement, so it's handled differently than other
+# reports.  All the work is done here and the results returned as a list of
+# sets of duplicates.
+sub acls_duplicate {
+    my ($self) = @_;
+    my @acls = sort map { $_->[1] } $self->acls;
+    return if (!@acls && $self->{error});
+    return if @acls < 2;
+    my %result;
+    for my $i (0 .. ($#acls - 1)) {
+        my $members = $self->acl_membership ($acls[$i]);
+        return unless defined $members;
+        for my $j (($i + 1) .. $#acls) {
+            my $check = $self->acl_membership ($acls[$j]);
+            return unless defined $check;
+            if ($check eq $members) {
+                $result{$acls[$i]} ||= [];
+                push (@{ $result{$acls[$i]} }, $acls[$j]);
+            }
+        }
+    }
+    my @result;
+    for my $acl (sort keys %result) {
+        push (@result, [ $acl, sort @{ $result{$acl} } ]);
+    }
+    return @result;
+}
+
 # Returns a list of all ACLs stored in the wallet database as a list of pairs
 # of ACL IDs and ACL names, possibly limited by some criteria.  On error and
 # for an empty database, the empty list will be returned.  To distinguish
@@ -249,7 +296,9 @@ sub acls {
     if (!defined $type || $type eq '') {
         ($sql) = $self->acls_all;
     } else {
-        if ($type eq 'entry') {
+        if ($type eq 'duplicate') {
+            return $self->acls_duplicate;
+        } elsif ($type eq 'entry') {
             if (@args == 0) {
                 $self->error ('ACL searches require an argument to search');
                 return;
@@ -427,20 +476,28 @@ between an empty report and an error.
 
 Returns a list of all ACLs matching a search type and string in the
 database, or all ACLs if no search information is given.  There are
-currently three search types.  C<empty> takes no arguments and will return
-only those ACLs that have no entries within them.  C<entry> takes two
-arguments, an entry scheme and a (possibly partial) entry identifier, and
-will return any ACLs containing an entry with that scheme and with an
-identifier containing that value.  C<unused> returns all ACLs that are not
-referenced by any object.
-
-The return value is a list of references to pairs of ACL ID and name.  For
-example, if there are two ACLs in the database, one with name C<ADMIN> and
-ID 1 and one with name C<group/admins> and ID 3, acls() with no arguments
-would return:
+currently four search types.  C<duplicate> returns sets of duplicate ACLs
+(ones with exactly the same entries).  C<empty> takes no arguments and
+will return only those ACLs that have no entries within them.  C<entry>
+takes two arguments, an entry scheme and a (possibly partial) entry
+identifier, and will return any ACLs containing an entry with that scheme
+and with an identifier containing that value.  C<unused> returns all ACLs
+that are not referenced by any object.
+
+The return value for everything except C<duplicate> is a list of
+references to pairs of ACL ID and name.  For example, if there are two
+ACLs in the database, one with name C<ADMIN> and ID 1 and one with name
+C<group/admins> and ID 3, acls() with no arguments would return:
 
     ([ 1, 'ADMIN' ], [ 3, 'group/admins' ])
 
+The return value for the C<duplicate> search is sets of ACL names that are
+duplicates (have the same entries).  For example, if C<d1>, C<d2>, and
+C<d3> are all duplicates, and C<o1> and C<o2> are also duplicates, the
+result would be:
+
+    ([ 'd1', 'd2', 'd3' ], [ 'o1', 'o2' ])
+
 Returns the empty list on failure.  An error can be distinguished from
 empty search results by calling error().  error() is guaranteed to return
 the error message if there was an error and undef if there was no error.
diff --git a/perl/t/report.t b/perl/t/report.t
index 00636db..363db20 100755
--- a/perl/t/report.t
+++ b/perl/t/report.t
@@ -7,7 +7,7 @@
 #
 # See LICENSE for licensing terms.
 
-use Test::More tests => 179;
+use Test::More tests => 197;
 
 use Wallet::Admin;
 use Wallet::Report;
@@ -287,6 +287,40 @@ is ($objects[1][1], 'service/foo', ' and the right name');
 is ($objects[2][0], 'base', ' and the third has the right type');
 is ($objects[2][1], 'service/null', ' and the right name');
 
+# The third and fourth ACLs are both empty and should show up as duplicate.
+@acls = $report->acls ('duplicate');
+is (scalar (@acls), 1, 'There is one set of duplicate ACLs');
+is (scalar (@{ $acls[0] }), 2, ' with two members');
+is ($acls[0][0], 'fourth', ' and the first member is correct');
+is ($acls[0][1], 'third', ' and the second member is correct');
+
+# Add the same line to both ACLs.  They should still show up as duplicate.
+is ($server->acl_add ('fourth', 'base', 'bar'), 1,
+    'Adding a line to the fourth ACL works');
+is ($server->acl_add ('third', 'base', 'bar'), 1,
+    ' and adding a line to the third ACL works');
+@acls = $report->acls ('duplicate');
+is (scalar (@acls), 1, 'There is one set of duplicate ACLs');
+is (scalar (@{ $acls[0] }), 2, ' with two members');
+is ($acls[0][0], 'fourth', ' and the first member is correct');
+is ($acls[0][1], 'third', ' and the second member is correct');
+
+# Add another line to the third ACL.  Now we match second.
+is ($server->acl_add ('third', 'base', 'foo'), 1,
+    'Adding another line to the third ACL works');
+@acls = $report->acls ('duplicate');
+is (scalar (@acls), 1, 'There is one set of duplicate ACLs');
+is (scalar (@{ $acls[0] }), 2, ' with two members');
+is ($acls[0][0], 'second', ' and the first member is correct');
+is ($acls[0][1], 'third', ' and the second member is correct');
+
+# Add yet another line to the third ACL.  Now all ACLs are distinct.
+is ($server->acl_add ('third', 'base', 'baz'), 1,
+    'Adding another line to the third ACL works');
+@acls = $report->acls ('duplicate');
+is (scalar (@acls), 0, 'There are no duplicate ACLs');
+is ($report->error, undef, ' and no error');
+
 # Clean up.
 $admin->destroy;
 unlink 'wallet-db';
author	Russ Allbery <rra@stanford.edu>	2010-05-18 16:44:38 -0700
committer	Russ Allbery <rra@stanford.edu>	2010-05-18 16:45:04 -0700
commit	4dbf126b079d87639d0a463770c3e72b5b53d5d1 (patch)
tree	863b4d276ef6a327217272f558342931bea73e3a /perl
parent	7bed6b6110af7532fc4a49cdb425f7f668e17c21 (diff)