diff options
| author | Jon Robertson <jonrober@stanford.edu> | 2015-02-06 23:43:50 -0800 |
|---|---|---|
| committer | Jon Robertson <jonrober@stanford.edu> | 2015-06-08 15:24:34 -0700 |
| commit | 0e16def8a9e12f9b2232b29da79cdacb6710b086 (patch) | |
| tree | cbc454b69485aa2827200213f475d7ed5882b967 /server | |
| parent | aebae838e3aa327e94d796bd99b48c169ffe6683 (diff) | |
Added acl replace command to wallet backend
New command for replacing the ownership of anything owned by a specific
ACL with another ACL. This differs from acl rename in that it's to be
used when the destination ACL already exists and potentially already
owns some objects.
Change-Id: I765bebf499fe0f861abc2ffe1873990590beed36
Diffstat (limited to 'server')
| -rwxr-xr-x | server/wallet-backend | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/server/wallet-backend b/server/wallet-backend index 8dfc952..dcf2300 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -173,6 +173,9 @@ sub command { } elsif ($action eq 'rename') { check_args (2, 2, [], @args); $server->acl_rename (@args) or failure ($server->error, @_); + } elsif ($action eq 'replace') { + check_args (2, 2, [], @args); + $server->acl_replace (@args) or failure ($server->error, @_); } elsif ($action eq 'show') { check_args (1, 1, [], @args); my $output = $server->acl_show (@args); @@ -449,6 +452,25 @@ accidental lockout, but administrators can remove themselves from the C<ADMIN> ACL and can leave only a non-functioning entry on the ACL. Use caution when removing entries from the C<ADMIN> ACL. +=item acl rename <id> <name> + +Renames the ACL identified by <id> to <name>. This changes the +human-readable name, not the underlying numeric ID, so the ACL's +associations with objects will be unchanged. The C<ADMIN> ACL may not be +renamed. <id> may be either the current name or the numeric ID. <name> +must not be all-numeric. To rename an ACL, the current user must be +authorized by the C<ADMIN> ACL. + +=item acl replace <id> <new-id> + +Find any objects owned by <id>, and then change their ownership to +<new_id> instead. <new-id> should already exist, and may already have +some objects owned by it. <id> is not deleted afterwards, though in +most cases that is probably your next step. The C<ADMIN> ACL may not be +replaced from. <id> and <new-id> may be either the current name or the +numeric ID. To replace an ACL, the current user must be authorized by +the C<ADMIN> ACL. + =item acl show <id> Display the name, numeric ID, and entries of the ACL <id>. |