diff options
| -rw-r--r-- | client/wallet.pod | 26 | ||||
| -rwxr-xr-x | server/wallet-backend | 36 | ||||
| -rw-r--r-- | tests/server/backend-t.in | 14 | 
3 files changed, 56 insertions, 20 deletions
| diff --git a/client/wallet.pod b/client/wallet.pod index 7d70a9d..957cd24 100644 --- a/client/wallet.pod +++ b/client/wallet.pod @@ -114,12 +114,13 @@ options and commands are ignored.  As mentioned above, most commands are only available to wallet  administrators.  The exceptions are C<get>, C<store>, C<show>, C<destroy>, -C<flag clear>, C<flag set>, C<getattr>, and C<setattr>.  All of those -commands have their own ACLs except C<getattr>, which uses the C<show> -ACL, and C<setattr>, which uses the C<show> ACL.  If the appropriate ACL -is set, it alone is checked to see if the user has access.  Otherwise, -C<get>, C<store>, C<show>, C<getattr>, and C<setattr> access is permitted -if the user is authorized by the owner ACL of the object. +C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>.  All +of those commands have their own ACLs except C<getattr> and C<history>, +which use the C<show> ACL, and C<setattr>, which uses the C<store> ACL. +If the appropriate ACL is set, it alone is checked to see if the user has +access.  Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, and +C<history> access is permitted if the user is authorized by the owner ACL +of the object.  Administrators can run any command on any object or ACL except for C<get>  and C<store>.  For C<get> and C<show>, they must still be authorized by @@ -127,8 +128,9 @@ either the appropriate specific ACL or the owner ACL.  If the locked flag is set on an object, no commands can be run on that  object that change data except the C<flags> commands, nor can the C<get> -command be used on that object.  C<show>, C<getacl>, and C<owner> or -C<expires> without an argument can still be used on that object. +command be used on that object.  C<show>, C<history>, C<getacl>, +C<getattr>, and C<owner> or C<expires> without an argument can still be +used on that object.  For more information on attributes, see L<ATTRIBUTES>. @@ -230,6 +232,14 @@ underlying object implementation.  The attribute values, if any, are  printed one per line.  If the attribute is not set on this object, nothing  is printed. +=item history <type> <name> + +Displays the history for the object identified by <type> and <name>. +This human-readable output will have two lines for each action that +changes the object, plus for any get action.  The first line has the +timestamp of the action and the action, and the second line gives the user +who performed the action and the host from which they performed it. +  =item owner <type> <name> [<owner>]  If <owner> is not given, displays the current owner ACL of the object diff --git a/server/wallet-backend b/server/wallet-backend index 4a5a868..3f84ecd 100755 --- a/server/wallet-backend +++ b/server/wallet-backend @@ -144,6 +144,14 @@ sub command {          } elsif (@result) {              print join ("\n", @result, '');          } +    } elsif ($command eq 'history') { +        check_args (2, 2, [], @args); +        my $output = $server->history (@args); +        if (defined $output) { +            print $output; +        } else { +            die $server->error; +        }      } elsif ($command eq 'owner') {          check_args (2, 3, [], @args);          if (@args > 2) { @@ -222,21 +230,23 @@ B<wallet-backend> takes no traditional options.  Most commands are only available to wallet administrators (users on the  C<ADMIN> ACL).  The exceptions are C<get>, C<store>, C<show>, C<destroy>, -C<flag clear>, C<flag set>, C<getattr>, and C<setattr>.  All of those -commands have their own ACLs except C<getattr>, which uses the C<show> ACL, -and C<setattr>, which uses the C<show> ACL.  If the appropriate ACL is set, -it alone is checked to see if the user has access.  Otherwise, C<get>, -C<store>, C<show>, C<getattr>, and C<setattr> access is permitted if the -user is authorized by the owner ACL of the object. +C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>.  All +of those commands have their own ACLs except C<getattr> and C<history>, +which use the C<show> ACL, and C<setattr>, which uses the C<store> ACL. +If the appropriate ACL is set, it alone is checked to see if the user has +access.  Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, and +C<history> access is permitted if the user is authorized by the owner ACL +of the object.  Administrators can run any command on any object or ACL except for C<get> -and C<store>.  For C<get> and C<show>, they must still be authorized by +and C<store>.  For C<get> and C<store>, they must still be authorized by  either the appropriate specific ACL or the owner ACL.  If the locked flag is set on an object, no commands can be run on that  object that change data except the C<flags> commands, nor can the C<get> -command be used on that object.  C<show>, C<getacl>, and C<owner> or -C<expires> without an argument can still be used on that object. +command be used on that object.  C<show>, C<history>, C<getacl>, +C<getattr>, and C<owner> or C<expires> without an argument can still be +used on that object.  For more information on attributes, see L<ATTRIBUTES>. @@ -337,6 +347,14 @@ underlying object implementation.  The attribute values, if any, are printed  one per line.  If the attribute is not set on this object, nothing is  printed. +=item history <type> <name> + +Displays the history for the object identified by <type> and <name>. +This human-readable output will have two lines for each action that +changes the object, plus for any get action.  The first line has the +timestamp of the action and the action, and the second line gives the user +who performed the action and the host from which they performed it. +  =item owner <type> <name> [<owner>]  If <owner> is not given, displays the current owner ACL of the object diff --git a/tests/server/backend-t.in b/tests/server/backend-t.in index e8558f5..85fb0ce 100644 --- a/tests/server/backend-t.in +++ b/tests/server/backend-t.in @@ -9,7 +9,7 @@  use strict;  use IO::String; -use Test::More tests => 790; +use Test::More tests => 802;  # Create a dummy class for Wallet::Server that prints what method was called  # with its arguments and returns data for testing. @@ -105,6 +105,13 @@ sub get {      return 'get';  } +sub history { +    shift; +    print "history @_\n"; +    return if $_[0] eq 'error'; +    return 'history'; +} +  sub owner {      shift;      print "owner @_\n"; @@ -174,6 +181,7 @@ my %commands = (create  => [2, 2],                  get     => [2, 2],                  getacl  => [3, 3],                  getattr => [3, 3], +                history => [2, 2],                  owner   => [2, 3],                  setacl  => [4, 4],                  setattr => [4, 9], @@ -269,7 +277,7 @@ for my $command (qw/create destroy setacl setattr store/) {          ' and ran the right method');      $error++;  } -for my $command (qw/expires get getacl getattr owner show/) { +for my $command (qw/expires get getacl getattr history owner show/) {      my $method = { getacl => 'acl', getattr => 'attr' }->{$command};      $method ||= $command;      my @extra = ('foo') x ($commands{$command}[0] - 2); @@ -280,7 +288,7 @@ for my $command (qw/expires get getacl getattr owner show/) {          is ($out, "$new\n$method type name$extra\nattr1\nattr2\n",              ' and ran the right method with output');      } else { -        my $newline = ($command eq 'get' or $command eq 'show') ? '' : "\n"; +        my $newline = ($command =~ /^(get|history|show)\z/) ? '' : "\n";          ($out, $err) = run_backend ($command, 'type', 'name', @extra);          is ($err, '', "Command $command ran with no errors");          is ($out, "$new\n$method type name$extra\n$method$newline", | 
