From 3ddda5befe1c3555c248a078e9e848be40ad1085 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@stanford.edu>
Date: Thu, 30 Aug 2007 21:15:13 +0000
Subject: Fix ACL verification for destroy and flags actions.  Clear the
 internal error before accessor functions that can return undef not because of
 an error but just because the column is null so that the caller can tell the
 difference.

---
 perl/Wallet/Server.pm | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'perl')

diff --git a/perl/Wallet/Server.pm b/perl/Wallet/Server.pm
index 33e2857..e7a419f 100644
--- a/perl/Wallet/Server.pm
+++ b/perl/Wallet/Server.pm
@@ -202,7 +202,7 @@ sub acl_check {
         return 1 if $self->{admin}->check ($self->{user});
     }
     my $id = $object->acl ($action);
-    if (not defined $id && $action =~ /^(get|store|show)\z/) {
+    if (not defined ($id) and $action =~ /^(get|store|show)\z/) {
         $id = $object->owner;
     }
     unless (defined $id) {
@@ -231,6 +231,7 @@ sub acl_check {
 # Retrieves or sets an ACL on an object.
 sub acl {
     my ($self, $type, $name, $acl, $id) = @_;
+    undef $self->{error};
     my $object = $self->retrieve ($type, $name);
     return undef unless defined $object;
     unless ($self->{admin}->check ($self->{user})) {
@@ -250,6 +251,7 @@ sub acl {
 # Retrieves or sets the expiration of an object.
 sub expires {
     my ($self, $type, $name, $expires) = @_;
+    undef $self->{error};
     my $object = $self->retrieve ($type, $name);
     return undef unless defined $object;
     unless ($self->{admin}->check ($self->{user})) {
@@ -269,6 +271,7 @@ sub expires {
 # Retrieves or sets the owner of an object.
 sub owner {
     my ($self, $type, $name, $owner) = @_;
+    undef $self->{error};
     my $object = $self->retrieve ($type, $name);
     return undef unless defined $object;
     unless ($self->{admin}->check ($self->{user})) {
@@ -334,10 +337,7 @@ sub destroy {
     my ($self, $type, $name) = @_;
     my $object = $self->retrieve ($type, $name);
     return undef unless defined $object;
-    unless ($self->{admin}->check ($self->{user})) {
-        $self->object_error ($object, 'owner');
-        return undef;
-    }
+    return undef unless $self->acl_check ($object, 'destroy');
     my $result = $object->destroy ($self->{user}, $self->{host});
     $self->{error} = $object->error unless defined $result;
     return $result;
-- 
cgit v1.2.3