diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | perl/lib/Wallet/ACL.pm | 18 | ||||
| -rwxr-xr-x | perl/t/general/acl.t | 6 | ||||
| -rwxr-xr-x | perl/t/general/server.t | 10 |
4 files changed, 19 insertions, 17 deletions
@@ -19,6 +19,8 @@ wallet 1.3 (xxxx-xx-xx) Added an acl replace command, to change all objects owned by one ACL to be owned by another. + All ACL operations now refer to the ACL by name rather than ID. + Added a report for unstored objects to wallet-report, and cleaned up the help for the existing unused report that implied it showed unstored as well as unused. diff --git a/perl/lib/Wallet/ACL.pm b/perl/lib/Wallet/ACL.pm index a090256..260ff22 100644 --- a/perl/lib/Wallet/ACL.pm +++ b/perl/lib/Wallet/ACL.pm @@ -1,7 +1,7 @@ # Wallet::ACL -- Implementation of ACLs in the wallet system. # # Written by Russ Allbery <eagle@eyrie.org> -# Copyright 2007, 2008, 2010, 2013, 2014 +# Copyright 2007, 2008, 2010, 2013, 2014, 2015 # The Board of Trustees of the Leland Stanford Junior University # # See LICENSE for licensing terms. @@ -24,7 +24,7 @@ use DBI; # This version should be increased on any code change to this module. Always # use two digits for the minor version with a leading zero if necessary so # that it will sort properly. -$VERSION = '0.08'; +$VERSION = '0.09'; ############################################################################## # Constructors @@ -201,7 +201,7 @@ sub rename { $guard->commit; }; if ($@) { - $self->error ("cannot rename ACL $self->{id} to $name: $@"); + $self->error ("cannot rename ACL $self->{name} to $name: $@"); return; } $self->{name} = $name; @@ -228,7 +228,7 @@ sub replace { $object->owner ($replace_id, $user, $host, $time); } } else { - $self->error ("no objects found for ACL $self->{id}"); + $self->error ("no objects found for ACL $self->{name}"); return; } return 1; @@ -284,7 +284,7 @@ sub destroy { $guard->commit; }; if ($@) { - $self->error ("cannot destroy ACL $self->{id}: $@"); + $self->error ("cannot destroy ACL $self->{name}: $@"); return; } return 1; @@ -312,7 +312,7 @@ sub add { $guard->commit; }; if ($@) { - $self->error ("cannot add $scheme:$identifier to $self->{id}: $@"); + $self->error ("cannot add $scheme:$identifier to $self->{name}: $@"); return; } return 1; @@ -339,7 +339,7 @@ sub remove { }; if ($@) { my $entry = "$scheme:$identifier"; - $self->error ("cannot remove $entry from $self->{id}: $@"); + $self->error ("cannot remove $entry from $self->{name}: $@"); return; } return 1; @@ -367,7 +367,7 @@ sub list { $guard->commit; }; if ($@) { - $self->error ("cannot retrieve ACL $self->{id}: $@"); + $self->error ("cannot retrieve ACL $self->{name}: $@"); return; } else { return @entries; @@ -422,7 +422,7 @@ sub history { $guard->commit; }; if ($@) { - $self->error ("cannot read history for $self->{id}: $@"); + $self->error ("cannot read history for $self->{name}: $@"); return; } return $output; diff --git a/perl/t/general/acl.t b/perl/t/general/acl.t index ff8ddad..80e8b3c 100755 --- a/perl/t/general/acl.t +++ b/perl/t/general/acl.t @@ -85,7 +85,7 @@ is ($acl->name, 'example', ' and the right name'); is ($acl->id, 2, ' and the right ID'); ok (! $acl->rename ('ADMIN', @trace), ' but renaming to an existing name fails'); -like ($acl->error, qr/^cannot rename ACL 2 to ADMIN: /, +like ($acl->error, qr/^cannot rename ACL example to ADMIN: /, ' with the right error'); # Test add, check, remove, list, and show. @@ -131,7 +131,7 @@ EOE is ($acl->show, $expected, ' and show returns correctly'); ok (! $acl->remove ('krb5', $admin, @trace), 'Removing a nonexistent entry fails'); -is ($acl->error, "cannot remove krb5:$admin from 2: entry not found in ACL", +is ($acl->error, "cannot remove krb5:$admin from example: entry not found in ACL", ' with the right error'); if ($acl->remove ('krb5', $user1, @trace)) { ok (1, ' but removing the first user works'); @@ -145,7 +145,7 @@ is (scalar (@entries), 1, ' and now there is one entry'); is ($entries[0][0], 'krb5', ' with the right scheme'); is ($entries[0][1], $user2, ' and the right identifier'); ok (! $acl->add ('krb5', $user2), 'Adding the same entry again fails'); -like ($acl->error, qr/^cannot add \Qkrb5:$user2\E to 2: /, +like ($acl->error, qr/^cannot add \Qkrb5:$user2\E to example: /, ' with the right error'); if ($acl->add ('krb5', '', @trace)) { ok (1, 'Adding a bad entry works'); diff --git a/perl/t/general/server.t b/perl/t/general/server.t index 0a527a5..8f4c16c 100755 --- a/perl/t/general/server.t +++ b/perl/t/general/server.t @@ -89,7 +89,7 @@ is ($server->acl_rename ('empty', 'test'), undef, is ($server->error, 'ACL empty not found', ' and returns the right error'); is ($server->acl_rename ('test', 'test2'), undef, ' and cannot rename to an existing name'); -like ($server->error, qr/^cannot rename ACL 6 to test2: /, +like ($server->error, qr/^cannot rename ACL test to test2: /, ' and returns the right error'); is ($server->acl_rename ('test', 'empty'), 1, 'Renaming does work'); is ($server->acl_rename ('test', 'empty'), undef, ' but not twice'); @@ -138,7 +138,7 @@ is ($server->error, 'ACL test not found', ' and returns the right error'); is ($server->acl_remove ('empty', 'krb5', $user2), undef, ' and removing an entry not there fails'); is ($server->error, - "cannot remove krb5:$user2 from 6: entry not found in ACL", + "cannot remove krb5:$user2 from empty: entry not found in ACL", ' and returns the right error'); is ($server->acl_show ('empty'), "Members of ACL empty (id: 6) are:\n krb5 $user1\n", @@ -148,7 +148,7 @@ is ($server->acl_remove ('empty', 'krb5', $user1), 1, is ($server->acl_remove ('empty', 'krb5', $user1), undef, ' but does not work twice'); is ($server->error, - "cannot remove krb5:$user1 from 6: entry not found in ACL", + "cannot remove krb5:$user1 from empty: entry not found in ACL", ' and returns the right error'); is ($server->acl_show ('empty'), "Members of ACL empty (id: 6) are:\n", ' and show returns the correct status'); @@ -168,7 +168,7 @@ is ($server->acl_remove ('ADMIN', 'krb5', $user1), 1, ' and then remove it'); is ($server->acl_remove ('ADMIN', 'krb5', $user1), undef, ' and remove a user not on it'); is ($server->error, - "cannot remove krb5:$user1 from 1: entry not found in ACL", + "cannot remove krb5:$user1 from ADMIN: entry not found in ACL", ' and get the right error'); # Now, create a few objects to use for testing and test the object API while @@ -994,7 +994,7 @@ is ($server->owner ('base', 'service/acl-user', 'test-destroy'), 1, is ($server->acl_destroy ('test-destroy'), undef, ' and now we cannot destroy that ACL'); is ($server->error, - 'cannot destroy ACL 9: ACL in use by base:service/acl-user', + 'cannot destroy ACL test-destroy: ACL in use by base:service/acl-user', ' with the right error'); is ($server->owner ('base', 'service/acl-user', ''), 1, ' but after we clear the owner'); |