[pve-devel] r5523 - in pve-access-control/trunk: . PVE test

Tue Feb 15 11:05:05 CET 2011

Author: dietmar
Date: 2011-02-15 11:05:05 +0100 (Tue, 15 Feb 2011)
New Revision: 5523

Added:
   pve-access-control/trunk/PVE/ACLCache.pm
Modified:
   pve-access-control/trunk/ChangeLog
   pve-access-control/trunk/PVE/AccessControl.pm
   pve-access-control/trunk/PVE/Makefile
   pve-access-control/trunk/test/perm-test1.pl
Log:


Modified: pve-access-control/trunk/ChangeLog
===================================================================

--- pve-access-control/trunk/ChangeLog	2011-02-15 09:54:34 UTC (rev 5522)
+++ pve-access-control/trunk/ChangeLog	2011-02-15 10:05:05 UTC (rev 5523)
@@ -1,5 +1,7 @@
 2011-02-15  Proxmox Support Team  <support at proxmox.com>
 
+	* PVE/ACLCache.pm: move code into new file.
+
 	* test/perm-test1.pl: modified to use new PVE::ACLCache class.
 
 	* PVE/AccessControl.pm: add new class PVE::ACLCache (speed up ACL

Added: pve-access-control/trunk/PVE/ACLCache.pm
===================================================================
--- pve-access-control/trunk/PVE/ACLCache.pm	                        (rev 0)
+++ pve-access-control/trunk/PVE/ACLCache.pm	2011-02-15 10:05:05 UTC (rev 5523)
@@ -0,0 +1,88 @@
+package PVE::ACLCache;
+
+use strict;
+use warnings;
+use PVE::AccessControl;
+
+sub new {
+    my ($class, $user_cfg) = @_;
+
+    my $self = {
+	cfg => $user_cfg,
+	cache => {},
+    };
+
+    bless $self;
+
+    return $self;
+}
+
+sub compile {
+    my ($self, $user) = @_;
+
+    if ($user eq 'root') { # root can do anything
+	return {'/' => 'Administrator'};
+    } 
+
+    my $res = {};
+    my $cfg = $self->{cfg};
+
+    foreach my $path (sort keys %{$cfg->{acl}}) {
+	my @ra = PVE::AccessControl::roles($cfg, $user, $path);
+
+	my $privs = {};
+	foreach my $role (@ra) {
+	    if (my $privset = $cfg->{roles}->{$role}) {
+		foreach my $p (keys %$privset) {
+		    $privs->{$p} = 1;
+		}
+	    }
+	}
+
+	$res->{$path} = $privs;
+    }
+
+    return $res;
+}
+
+sub permissions {
+    my ($self, $user, $path) = @_;
+
+    my $cache = $self->{cache};
+
+    my $acl = $cache->{$user};
+
+    if (!$acl) {
+	$acl = $cache->{$user} = $self->compile($user);
+    }
+
+    my $perm;
+
+    if (!($perm = $acl->{$path})) {
+	$perm = {};
+	foreach my $p (sort keys %$acl) {
+	    my $final = ($path eq $p);
+	    
+	    next if !(($p eq '/') || $final || ($path =~ m|^$p/|));
+
+	    $perm = $acl->{$p};
+	}
+	$acl->{$path} = $perm;
+    }
+
+    return $perm;
+}
+
+sub check {
+    my ($self, $user, $path, $privs) = @_;
+
+    my $perm = $self->permissions($user, $path);
+
+    foreach my $priv (@$privs) {
+	return undef if !$perm->{$priv};
+    };
+
+    return 1;
+};
+
+1;

Modified: pve-access-control/trunk/PVE/AccessControl.pm
===================================================================
--- pve-access-control/trunk/PVE/AccessControl.pm	2011-02-15 09:54:34 UTC (rev 5522)
+++ pve-access-control/trunk/PVE/AccessControl.pm	2011-02-15 10:05:05 UTC (rev 5523)
@@ -1054,90 +1054,4 @@
     return 1;
 }
 
-package PVE::ACLCache;
-
-use strict;
-use warnings;
-
-sub new {
-    my ($class, $user_cfg) = @_;
-
-    my $self = {
-	cfg => $user_cfg,
-	cache => {},
-    };
-
-    bless $self;
-
-    return $self;
-}
-
-sub compile {
-    my ($self, $user) = @_;
-
-    if ($user eq 'root') { # root can do anything
-	return {'/' => 'Administrator'};
-    } 
-
-    my $res = {};
-    my $cfg = $self->{cfg};
-
-    foreach my $path (sort keys %{$cfg->{acl}}) {
-	my @ra = PVE::AccessControl::roles($cfg, $user, $path);
-
-	my $privs = {};
-	foreach my $role (@ra) {
-	    if (my $privset = $cfg->{roles}->{$role}) {
-		foreach my $p (keys %$privset) {
-		    $privs->{$p} = 1;
-		}
-	    }
-	}
-
-	$res->{$path} = $privs;
-    }
-
-    return $res;
-}
-
-sub permissions {
-    my ($self, $user, $path) = @_;
-
-    my $cache = $self->{cache};
-
-    my $acl = $cache->{$user};
-
-    if (!$acl) {
-	$acl = $cache->{$user} = $self->compile($user);
-    }
-
-    my $perm;
-
-    if (!($perm = $acl->{$path})) {
-	$perm = {};
-	foreach my $p (sort keys %$acl) {
-	    my $final = ($path eq $p);
-	    
-	    next if !(($p eq '/') || $final || ($path =~ m|^$p/|));
-
-	    $perm = $acl->{$p};
-	}
-	$acl->{$path} = $perm;
-    }
-
-    return $perm;
-}
-
-sub check {
-    my ($self, $user, $path, $privs) = @_;
-
-    my $perm = $self->permissions($user, $path);
-
-    foreach my $priv (@$privs) {
-	return undef if !$perm->{$priv};
-    };
-
-    return 1;
-};
-
 1;

Modified: pve-access-control/trunk/PVE/Makefile
===================================================================
--- pve-access-control/trunk/PVE/Makefile	2011-02-15 09:54:34 UTC (rev 5522)
+++ pve-access-control/trunk/PVE/Makefile	2011-02-15 10:05:05 UTC (rev 5523)
@@ -3,4 +3,5 @@
 .PHONY: install
 install:
 	install -D -m 0644 AccessControl.pm ${DESTDIR}${PERLDIR}/PVE/AccessControl.pm
+	install -D -m 0644 ACLCache.pm ${DESTDIR}${PERLDIR}/PVE/ACLCache.pm
 	make -C API2 install
\ No newline at end of file

Modified: pve-access-control/trunk/test/perm-test1.pl
===================================================================
--- pve-access-control/trunk/test/perm-test1.pl	2011-02-15 09:54:34 UTC (rev 5522)
+++ pve-access-control/trunk/test/perm-test1.pl	2011-02-15 10:05:05 UTC (rev 5523)
@@ -3,6 +3,7 @@
 use strict;
 use PVE::Tools;
 use PVE::AccessControl;
+use PVE::ACLCache;
 use Getopt::Long;
 
 my $cfgfn = "user.cfg.ex1";


