| Age | Commit message (Collapse) | Author |
|---|
|
names of Wallet::Object::* and all ACL verifier implementations must
have class names of Wallet::ACL::*.
|
|
default ACLs. Remove autocreation support from create, which now
requires that one be on the ADMIN ACL, and from get and store. The
wallet client will soon know how to do the right thing.
|
|
already exists.
|
|
default ACLs to avoid creating and stranding an ACL when the naming
policy check fails.
|
|
destruction if the database handle hasn't already been destroyed.
|
|
|
|
previously in Wallet::Server. Remove all the attribute setting on
database handles in the other classes since Wallet::Database handles that
initialization.
|
|
function in the wallet server configuration file.
|
|
whether we can auto-create a non-existent ACL, since creating one with
the ADMIN ACL doesn't create a useful object.
Allow @ in wallet-backend arguments so that principal names can be
passed in.
|
|
to the empty string clears the attribute values.
|
|
|
|
now that we're reading the class from the database.
|
|
code audit by Simon Cozens. I didn't take all of his advise, and he
shouldn't be blamed for any remaining issues.
|
|
database rather than a hard-coded list and provide Wallet::Schema
methods for adding new class mappings.
Add a missing class mapping for the netdb ACL schema verifier.
|
|
that we have some hope of getting error messages if it fails.
|
|
marked with InactiveDestroy.
|
|
seconds since epoch and returned the same way. Timestamps are now
stored in the database as correct date and time types rather than
seconds since epoch to work properly with MySQL.
|
|
Add a drop() method to Wallet::Schema to destroy the wallet database. Add
a test suite for it. Add a reinitialize() method to Wallet;:Server that
drops the database before creating it.
Modify the wallet object test cases to call reinitialize() to create the
initial database and drop() to clean up the database after the test is
complete.
Fix a bug preventing Wallet::Schema from being initialized multiple times.
We now stash the schema in a class static variable and reuse it for
subsequent initializations, since re-reading DATA doesn't work.
|
|
when the object doesn't exist.
|
|
created by a non-ADMIN user and using the default owner ACL returned
by that function provided that the calling user is authorized by that
ACL. This permits dynamic creation of new objects based on a default
owner ACL programmatically determined from the name of the object.
|
|
|
|
|
|
and license statements in all files. Make sure that some files that were
missing copyright information now have them. Reference LICENSE rather
than README in all notices.
|
|
to an array internally so that the callers don't have to be aware of the
internal API.
|
|
empty list on errors and clear error() so that it can be used to
distinguish between an error and an empty ACL.
|
|
interface with appropriate ACL support. Retrieving is controlled by
the show ACL and setting is controlled by the store ACL, both falling
back to owner.
|
|
|
|
show() method.
|
|
|
|
rename, or remove the last entry from the ADMIN ACL. Add full
documentation for Wallet::Server.
|
|
adjusts for trailing newlines and exception detritus, saving duplicate
code. Standardize the documentation of the error() method and document
using this in child classes of the generic ACL and Object classes.
Disable printing of errors during connect in Wallet::Server since we're
going to throw our own exception.
|
|
|
|
error before accessor functions that can return undef not because of an
error but just because the column is null so that the caller can tell
the difference.
|
|
layering violation. Fix permission denied error messages for store.
Don't give administrators global access to get and store, since it would
encourage bad ACL practices. When checking ACLs, instantiate the ACL
object correctly. Support clearing attributes and propagate object
errors into the server error correctly. Reject stores of undefined
data (the empty string is okay).
|
|
creating ACL objects in Wallet::Server. Don't return the ACL object from
the acl_create method of Wallet::Server -- it's a layering violation.
|
|
remove the " at line" stuff added by Perl and the newlines so that the
errors stored in objects are consistent.
Fix various bugs in the base object, including a few more type vs. name
inversions and use of object instead of name. Allow owners to be
specified as ACL names instead of IDs, and change the ID to a name in
show.
Add a new test suite for the base object implementation.
|
|
name, type, and fix the schema for the places where I'd renamed name to
object for no good reason. I don't know what I was thinking originally.
|
|
shares database open code with the new method. Add an accessor function
to get at the database handle, which is useful for testing. Add a
DESTROY method to shut the database connection down cleanly.
|
|
|
|
bother working hard to disconnect the database on exit, since the DESTROY
DBI method will do the right thing.
|
|
|
|
operations on objects and the full set of ACL operations.
|
|
verification pieces.
|
