diff options
| author | Russ Allbery <rra@stanford.edu> | 2008-02-07 06:37:11 +0000 |
|---|---|---|
| committer | Russ Allbery <rra@stanford.edu> | 2008-02-07 06:37:11 +0000 |
| commit | 45823559a1e64d6c8151a984fcd9c79bbdb57171 (patch) | |
| tree | ace7573730be9f9eb6aec7676c8a2d4ac2ccb998 /server/wallet-backend | |
| parent | 428c88bb0a08ba2eb06c7f5181f7cbee2f7ee398 (diff) | |
Add a new autocreate API call that tries to create an object using the
default ACLs. Remove autocreation support from create, which now
requires that one be on the ADMIN ACL, and from get and store. The
wallet client will soon know how to do the right thing.
Diffstat (limited to 'server/wallet-backend')
| -rwxr-xr-x | server/wallet-backend | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/server/wallet-backend b/server/wallet-backend index 967f9b4..4a0b5cf 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -178,6 +178,9 @@ sub command { } else { error "unknown command acl $action"; } + } elsif ($command eq 'autocreate') { + check_args (2, 2, [], @args); + $server->autocreate (@args) or failure ($server->error, @_); } elsif ($command eq 'check') { check_args (2, 2, [], @args); my $status = $server->check (@args); @@ -328,14 +331,16 @@ B<wallet-backend> takes no traditional options. =head1 COMMANDS Most commands are only available to wallet administrators (users on the -C<ADMIN> ACL). The exceptions are C<get>, C<store>, C<show>, C<destroy>, -C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>. All -of those commands have their own ACLs except C<getattr> and C<history>, -which use the C<show> ACL, and C<setattr>, which uses the C<store> ACL. -If the appropriate ACL is set, it alone is checked to see if the user has -access. Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, and -C<history> access is permitted if the user is authorized by the owner ACL -of the object. +C<ADMIN> ACL). The exceptions are C<autocreate>, C<get>, C<store>, +C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>, C<setattr>, +and C<history>. All of those commands have their own ACLs except +C<getattr> and C<history>, which use the C<show> ACL, and C<setattr>, +which uses the C<store> ACL. If the appropriate ACL is set, it alone is +checked to see if the user has access. Otherwise, C<get>, C<store>, +C<show>, C<getattr>, C<setattr>, and C<history> access is permitted if the +user is authorized by the owner ACL of the object. C<autocreate> is +permitted if the user is listed in the default ACL for an object for that +name. Administrators can run any command on any object or ACL except for C<get> and C<store>. For C<get> and C<store>, they must still be authorized by @@ -391,6 +396,12 @@ caution when removing entries from the C<ADMIN> ACL. Display the name, numeric ID, and entries of the ACL <id>. +=item autocreate <type> <name> + +Create a new object of type <type> with name <name>. The user must be +listed in the default ACL for an object with that type and name, and the +object will be created with that default ACL set as the object owner. + =item check <type> <name> Check whether an object of type <type> and name <name> already exists. If |