From 357532f312aea30ab5b3e459ccf19f1580b29262 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Sun, 4 Nov 2012 10:38:29 -0800
Subject: Add new acl check command

Add a new acl check command which, given an ACL ID, prints yes if that
ACL already exists and no otherwise.  This is parallel to the check
command for objects.

Also fix some documentation errors in the wallet client documentation,
saying that the check command doesn't require any ACL and fixing one
place where "show" was used instead of "store".
---
 client/wallet.pod | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

(limited to 'client')

diff --git a/client/wallet.pod b/client/wallet.pod
index a0785a5..23e4e7c 100644
--- a/client/wallet.pod
+++ b/client/wallet.pod
@@ -151,19 +151,20 @@ options and commands are ignored.
 =head1 COMMANDS
 
 As mentioned above, most commands are only available to wallet
-administrators.  The exceptions are C<get>, C<store>, C<show>, C<destroy>,
-C<flag clear>, C<flag set>, C<getattr>, C<setattr>, and C<history>.  All
-of those commands have their own ACLs except C<getattr> and C<history>,
-which use the C<show> ACL, C<setattr>, which uses the C<store> ACL, and
-C<comment>, which uses the owner or C<show> ACL depending on whether one
-is setting or retrieving the comment.  If the appropriate ACL is set, it
-alone is checked to see if the user has access.  Otherwise, C<get>,
-C<store>, C<show>, C<getattr>, C<setattr>, C<history>, and C<comment>
-access is permitted if the user is authorized by the owner ACL of the
-object.
+administrators.  The exceptions are C<acl check>, C<check>, C<get>,
+C<store>, C<show>, C<destroy>, C<flag clear>, C<flag set>, C<getattr>,
+C<setattr>, and C<history>.  C<acl check> and C<check> can be run by
+anyone.  All of the rest of those commands have their own ACLs except
+C<getattr> and C<history>, which use the C<show> ACL, C<setattr>, which
+uses the C<store> ACL, and C<comment>, which uses the owner or C<show> ACL
+depending on whether one is setting or retrieving the comment.  If the
+appropriate ACL is set, it alone is checked to see if the user has access.
+Otherwise, C<get>, C<store>, C<show>, C<getattr>, C<setattr>, C<history>,
+and C<comment> access is permitted if the user is authorized by the owner
+ACL of the object.
 
 Administrators can run any command on any object or ACL except for C<get>
-and C<store>.  For C<get> and C<show>, they must still be authorized by
+and C<store>.  For C<get> and C<store>, they must still be authorized by
 either the appropriate specific ACL or the owner ACL.
 
 If the locked flag is set on an object, no commands can be run on that
@@ -178,9 +179,14 @@ For more information on attributes, see L<ATTRIBUTES>.
 
 =item acl add <id> <scheme> <identifier>
 
-Adds an entry with <scheme> and <identifier> to the ACL <id>.  <id> may be
+Add an entry with <scheme> and <identifier> to the ACL <id>.  <id> may be
 either the name of an ACL or its numeric identifier.
 
+=item acl check <id>
+
+Check whether an ACL with the ID <id> already exists.  If it does, prints
+C<yes>; if not, prints C<no>.
+
 =item acl create <name>
 
 Create a new, empty ACL with name <name>.  When setting an ACL on an
-- 
cgit v1.2.3