File Coverage

File:/home/mik/work/module/Tivoli/AccessManager/Admin/AuthzRule.pm
Coverage:99.2%

linestmtbrancondsubpodtimecode
1package Tivoli::AccessManager::Admin::AuthzRule;
2
15
15
15
168
78
209
use strict;
3
15
15
15
242
65
211
use warnings;
4
15
15
15
197
64
266
use Carp;
5
15
15
15
413
97
203
use Devel::Peek;
6
7
15
15
15
269
59
260
use Tivoli::AccessManager::Admin::Response;
8
9#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
10# $Id: ACL.pm 189 2005-12-15 05:39:43Z mik $
11#-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
12$Tivoli::AccessManager::Admin::AuthzRule::VERSION = "0.04";
13
15
212
use Inline( C => 'DATA',
14                 INC => '-I/opt/PolicyDirector/include',
15                 LIBS => ' -lpthread -lpdadminapi -lstdc++',
16                 CCFLAGS => '-Wall',
17# VERSION => '0.04',
18
15
15
194
66
                 NAME => 'Tivoli::AccessManager::Admin::AuthzRule');
19
20sub new {
21
16
1
92
    my $class = shift;
22
16
84
    my $cont = shift;
23
16
211
    my $resp = Tivoli::AccessManager::Admin::Response->new();
24
16
93
    my $name = '';
25
26
16
446
    unless ( defined($cont) and UNIVERSAL::isa($cont,'Tivoli::AccessManager::Admin::Context' ) ) {
27
3
29
        return undef;
28    }
29
30
13
158
    if ( @_ == 1 ) {
31
1
15
        $name = shift;
32    }
33    elsif ( @_ % 2 ) {
34
1
55
        warn "Invalid syntax for new";
35
1
10
        return undef;
36    }
37    elsif ( @_ ) {
38
10
101
        my %opts = @_;
39
10
141
        $name = $opts{name} || '';
40    }
41
42
12
100
    my $self = bless {}, $class;
43
12
75
    $self->{exist} = 0;
44
12
130
    $self->_authzrule_stash();
45
12
60
    $self->{context} = $cont;
46
12
70
    $self->{name} = $name;
47
48
12
74
    if ( $self->{name} ) {
49
10
521972
        my $rc = $self->authzrule_get( $resp );
50
10
284
        $self->{exist} = 1 if $rc;
51    }
52
53
12
162
    return $self;
54}
55
56sub list {
57
6
1
56
    my $class = shift;
58
6
37
    my ($pd,@rules);
59
6
94
    my $resp = Tivoli::AccessManager::Admin::Response->new();
60
61
6
60
    if ( ref($class) ) {
62
1
9
        $pd = $class->{context};
63    }
64    else {
65
5
29
        $pd = shift;
66
5
140
        unless ( defined($pd) and UNIVERSAL::isa($pd,'Tivoli::AccessManager::Admin::Context' ) ) {
67
2
34
            $resp->set_message("Incorrect syntax -- did you forget the context?");
68
2
31
            $resp->set_isok(0);
69
2
21
            return $resp;
70        }
71    }
72
73
4
45
    if ( @_ % 2 ) {
74
1
35
        $resp->set_message("Invalid syntax");
75
1
21
        $resp->set_isok(0);
76
1
14
        return $resp;
77    }
78
3
24
    my %opts = @_;
79
3
138692
    my @temp = authzrule_list($pd,$resp);
80
81
3
49
    @rules = ();
82
3
86
    if ( $resp->isok() ) {
83
3
34
        if ( defined($opts{pattern}) ) {
84
1
34
            $opts{pattern} =~ s/\*/.*/g;
85
1
11
            $opts{pattern} =~ s/\?/.?/g;
86
1
124
            @rules = sort grep /^$opts{pattern}/, @temp;
87        }
88        else {
89
2
61
            @rules = sort @temp;
90        }
91
3
51
        $resp->set_value(\@rules);
92    }
93
94
3
63
    return $resp;
95}
96
97sub find {
98
2
1
12
    my $self = shift;
99
2
16
    my $pd = $self->{context};
100
101
2
14
    return Tivoli::AccessManager::Admin::ProtObject->find( $pd, authzrule => $self->name );
102}
103
104sub attach {
105
4
1
28
    my $self = shift;
106
4
30
    my @temp = @_;
107
4
25
    my ($resp,@attach);
108
109
4
48
    unless ( $self->{exist} ) {
110
1
24
        $resp = Tivoli::AccessManager::Admin::Response->new;
111
1
19
        $resp->set_message("Cannot attach a non-existant rule");
112
1
18
        $resp->set_isok(0);
113
1
16
        return $resp;
114    }
115
116
3
15
    for my $name ( @temp ) {
117
3
62
        my $obj = Tivoli::AccessManager::Admin::ProtObject->new($self->{context}, name => $name );
118
3
93
        $resp = $obj->authzrule( attach => $self->name );
119
3
225
        return $resp unless $resp->isok;
120
2
17
        push @attach, $name;
121    }
122
2
52
    $resp->set_value(\@attach);
123
2
29
    return $resp;
124}
125
126sub detach {
127
4
1
53
    my $self = shift;
128
4
34
    my @temp = @_;
129
4
28
    my ($resp,@detach);
130
131
4
45
    unless ( $self->{exist} ) {
132
1
20
        $resp = Tivoli::AccessManager::Admin::Response->new;
133
1
17
        $resp->set_message("Cannot detach a non-existant rule");
134
1
12
        $resp->set_isok(0);
135
1
18
        return $resp;
136    }
137
138
3
27
    unless ( @temp ) {
139
1
9
        $resp = $self->find;
140
1
20
        return $resp unless $resp->isok;
141
1
20
        @temp = $resp->value;
142    }
143
144
3
29
    for my $name ( @temp ) {
145
3
78
        my $obj = Tivoli::AccessManager::Admin::ProtObject->new($self->{context}, name => $name );
146
3
98
        $resp = $obj->authzrule( detach => $self->name );
147
3
29
        return $resp unless $resp->isok;
148
2
15
        push @detach, $name;
149    }
150
2
52
    $resp->set_value(\@detach);
151
2
29
    return $resp;
152}
153
154sub _readfile {
155
4
23
    my $fname = shift;
156
4
19
    my $resp = shift;
157
4
15
    my $text = '';
158
159
4
234
    unless ( open(RULE,$fname) ) {
160
2
34
        $resp->set_message( $! );
161
2
24
        $resp->set_isok(0);
162
2
23
        return $resp;
163    }
164
2
62
    while (my $line = <RULE>) {
165
30
193
        $text .= $line;
166    }
167
168
2
16
    $resp->set_value($text);
169}
170
171sub create {
172
16
1
134
    my $self = shift;
173
16
201
    my $resp = Tivoli::AccessManager::Admin::Response->new();
174
16
87
    my $text = '';
175
176
16
111
    unless ( ref($self) ) {
177
7
44
        my $pd = shift;
178
7
65
        $self = $self->new($pd, @_);
179    }
180
181
16
319
    if ( $self->exist ) {
182
1
29
        $resp->set_message( $self->name . " already exists" );
183
1
19
        $resp->set_iswarning(1);
184
1
14
        $resp->set_value( $self );
185
1
15
        return $resp;
186    }
187
188
15
149
    if ( @_ % 2 ) {
189
1
44
        $resp->set_message("Invalid syntax for create: @_");
190
1
15
        $resp->set_isok(0);
191
1
11
        return $resp;
192    }
193
14
180
    my %opts = @_;
194
195
14
153
    if ( defined($opts{file}) ) {
196
2
18
        _readfile( $opts{file}, $resp );
197
2
20
        if ( $resp->isok ) {
198
1
8
            $text = $resp->value;
199        }
200        else {
201
1
13
            return $resp;
202        }
203    }
204    elsif ( defined($opts{rule}) ) {
205
11
64
        $text = $opts{rule};
206    }
207    else {
208
1
19
        $resp->set_message( "Cannot create an authzrule w/o the rule" );
209
1
19
        $resp->set_isok(0);
210
1
13
        return $resp;
211    }
212
213
12
730655
    my $rc = $self->authzrule_create( $resp,
214                                      $opts{description} || '',
215                                      $text,
216                                      $opts{failreason} || '',
217                                  );
218
12
333
    $self->{exist} = 1 if $resp->isok;
219
12
160
    $resp->set_value( $self );
220
12
216
    return $resp;
221}
222
223sub delete {
224
13
1
126
    my $self = shift;
225
13
206
    my $resp = Tivoli::AccessManager::Admin::Response->new();
226
227
13
141
    unless ( $self->{exist} ) {
228
1
16
        $resp->set_message("Cannot delete a non-existant rule");
229
1
18
        $resp->set_isok(0);
230
1
11
        return $resp;
231    }
232
233
12
567508
    my $rc = $self->authzrule_delete( $resp );
234
235
12
220
    if ( $rc ) {
236
11
205
        $self->{exist} = 0;
237    }
238
12
244
    $resp->set_value( $rc );
239
12
124
    return $resp;
240}
241
242sub description {
243
9
1
56
    my $self = shift;
244
9
44
    my ($rc,$acl,$desc);
245
9
109
    my $resp = Tivoli::AccessManager::Admin::Response->new();
246
247
248
9
105
    if ( @_ == 1 ) {
249
2
8
        $desc = shift;
250    }
251    elsif ( @_ % 2 ) {
252
1
10
        $resp->set_message("Invalid syntax");
253
1
11
        $resp->set_isok(0);
254
1
9
        return $resp;
255    }
256    elsif ( @_ ) {
257
3
33
        my %opts = @_;
258
3
47
        $desc = $opts{description} || '';
259    }
260    else {
261
3
11
        $desc = '';
262    }
263
264
8
70
    unless ( $self->{exist} ) {
265
2
35
        $resp->set_message("Cannot describe a non-existant rule");
266
2
32
        $resp->set_isok(0);
267
2
26
        return $resp;
268    }
269    # Set description
270
6
30
    if ( $desc ) {
271
3
132931
        $rc = $self->authzrule_setdescription( $resp, $desc );
272
3
74
        $resp->set_value( $rc );
273    }
274
275
6
55
    if ( $resp->isok ) {
276
5
227323
        $self->authzrule_get($resp);
277
5
145
        $desc = $self->authzrule_getdescription();
278
5
99
        $resp->set_value( $desc || '' );
279    }
280
6
60
    return $resp;
281}
282
283sub ruletext {
284
9
1
50
    my $self = shift;
285
9
46
    my ( $rc, $text, $string );
286
9
104
    my $resp = Tivoli::AccessManager::Admin::Response->new();
287
288
9
87
    if ( @_ % 2 ) {
289
1
11
        $resp->set_message("Invalid syntax");
290
1
14
        $resp->set_isok(0);
291
1
9
        return $resp;
292    }
293
8
67
    my %opts = @_;
294
295
8
68
    unless ( $self->{exist} ) {
296
2
27
        $resp->set_message("Cannot add rule text to a non-existant rule");
297
2
29
        $resp->set_isok(0);
298
2
28
        return $resp;
299    }
300
301
6
49
    if ( defined($opts{file}) ) {
302
2
26
        _readfile( $opts{file}, $resp );
303
2
25
        if ( $resp->isok ) {
304
1
10
            $text = $resp->value;
305        }
306        else {
307
1
18
            return $resp;
308        }
309    }
310    elsif ( defined($opts{rule}) ) {
311
2
18
        $text = $opts{rule};
312    }
313
314
5
24
    if ( $text ) {
315
3
145273
        $rc = $self->authzrule_setruletext( $resp, $text );
316    }
317
318
5
101
    if ( $resp->isok ) {
319
4
180640
        $rc = $self->authzrule_get($resp);
320
4
107
        if ( $resp->isok ) {
321
4
100
            $string = $self->authzrule_getruletext();
322
4
47
            $resp->set_value( $string );
323        }
324    }
325
5
82
    return $resp;
326}
327
328sub failreason {
329
9
1
61
    my $self = shift;
330
9
42
    my $reason = '';
331
9
42
    my $rc;
332
333
9
105
    my $resp = Tivoli::AccessManager::Admin::Response->new();
334
335
9
117
    if ( @_ == 1 ) {
336
2
13
        $reason = shift;
337    }
338    elsif ( @_ % 2 ) {
339
1
13
        $resp->set_message("Invalid syntax");
340
1
17
        $resp->set_isok(0);
341
1
17
        return $resp;
342    }
343    elsif (@_) {
344
3
29
        my %opts = @_;
345
3
60
        $reason = $opts{reason} || '';
346    }
347
348
8
75
    unless ( $self->{exist} ) {
349
2
34
        $resp->set_message("Cannot get/set fail reason on a non-existant rule");
350
2
24
        $resp->set_isok(0);
351
2
21
        return $resp;
352    }
353
354    # Set the failreason
355
6
32
    if ( $reason ) {
356
3
134529
        $rc = $self->authzrule_setfailreason( $resp, $reason );
357    }
358
359
6
107
    if ( $resp->isok ) {
360
5
226686
        $self->authzrule_get($resp);
361
5
155
        $reason = $self->authzrule_getfailreason();
362
5
109
        $resp->set_value( $reason || '' );
363    }
364
6
63
    return $resp;
365}
366
367sub DESTROY {
368
12
132
    my $self = shift;
369
370
12
206
    $self->_authzrulefree;
371}
372
373
20
1
264
sub exist { $_[0]->{exist} }
374
375
10
1
188
sub name { $_[0]->{name} }
376
3771;
378
379 - 700
=head1 NAME

Tivoli::AccessManager::Admin::AuthzRule

=head1 SYNOPSIS

=head1 DESCRIPTION

=head1 CONSTRUCTOR

=head2 new( PDADMIN, NAME )

Creates a blessed B<Tivoli::AccessManager::Admin::AuthzRule> object and returns it.

=head3 Parameters

=over 4

=item PDADMIN

An initializæd L<Tivoli::AccessManager::Admin::Context> object.  You should note that, once the
B<Tivoli::AccessManager::Admin::AuthzRule> object is instantiated, you cannot change the
context.

=item NAME

The name of the authzrule to which the object refers.  This is an optional
argument.

=back

=head3 Returns

A fully blessed L<Tivoli::AccessManager::Admin::AuthzRule> object.  If you forget the
L<Tivoli::AccessManager::Admin::Context> object (which I can do with astonishing frequency),
L</new> returns undef.

=head2 create(PDADMIN, name =E<gt> NAME, rule =E<gt> TEXT | file =E<gt> "/path/to/file"[,description =E<gt> STRING][, failreason =E<gt> REASON])

create can also be used as a constructor.  

=head3 Parameters

=over 4

=item PDADMIN

As you would expect, this is a fully blessed L<Tivoli::AccessManager::Admin::Context> object.

=item name =E<gt> NAME

The name of the authzrule.  This is a required parameter when using B<create>
as a constructor.

=item rule =E<gt> TEXT

The text of the rule to be created.  You must provide either this parameter or
the file parameter.

=item file =E<gt> /path/to/file

Instead of providing the text as a string, you can specify a path that
contains the authzrule.  It is important that this file be readable by the
userid running the program.

=item description =E<gt> STRING

Some descriptive text about the authzrule.  This is optional.

=item failreason =E<gt> REASON

The fail reason.  I don't understand what this really does.  But it
seems to take any random text.  This too is optional.

=back

=head3 Returns

It returns the fully blessed L<Tivoli::AccessManager::Admin::AuthzRule> object buried in a
L<Tivoli::AccessManager::Admin::Response> object.

=head1 CLASS METHODS

Class methods behave like instance methods -- they return
L<Tivoli::AccessManager::Admin::Response> objects.

=head2 list(PDADMIN[,pattern =E<gt> STRING])

Lists some subset of the defined authzrules.  No export is available for this
method -- it must be called with the complete class name.

=head3 Parameters

=over 4

=item PDADMIN

A fully blessed L<Tivoli::AccessManager::Admin::Context> object.  Since this is a class method,
and L<Tivoli::AccessManager::Admin::Context> objects are stored in the instances, you must
provide it.

=item pattern =E<gt> STRING

The pattern to search on.  This will be interpreted as a standard perl regex
expression with two differences: * and ? will be translated to .* and .?,
respectively.  This makes it work a bit more like shell wild cards.

=back

=head3 Returns

The resulting list of authzrules.

=head1 METHODS

=head2 create(rule =E<gt> TEXT | file =E<gt> "/path/to/file"[,name =E<gt> NAME,description =E<gt> STRING][, failreason =E<gt> REASON])

create as an instance method.

=head3 Parameters

=over 4

=item rule =E<gt> TEXT

The text of the rule to be created.  You must provide either this parameter or
the file parameter.

=item file =E<gt> /path/to/file

Instead of providing the text as a string, you can specify a path that
contains the authzrule.  It is important that this file be readable by the
userid running the program.

=item name =E<gt> NAME

The name of the authzrule.  This parameter is optional if object was
constructed with the name parameter.

=item description =E<gt> STRING

Some descriptive text about the authzrule.  This is optional.

=item failreason =E<gt> REASON

The fail reason.  I really don't understand what this really does.  But it
seems to take any random text.  This too is optional.

=back

=head3 Returns

A fully blessed L<Tivoli::AccessManager::Admin::AuthzRule> object. 

=head2 delete

Deletes the authzrule.  You need to make sure this isn't attached anywhere
before calling this method -- see L</find>.

=head3 Parameters

None.

=head3 Returns

The success or failure of the operation.

=head2 description([STRING])

Gets or sets the authzrule's description.

=head3 Parameters

=over 4

=item STRING

If this parameter is present, the description will be changed to STRING.

=back

=head3 Returns

No matter how it is called, it always returns the current description
(possibly an empty string).

=head2 ruletext([STRING])

Gets or sets the authzrule's rule text.

=head3 Parameters

=over 4

=item STRING

If this parameter is present, the rule text will be changed to STRING.

=back

=head3 Returns

No matter how it is called, it always returns the current rule text.

=head2 failreason([STRING])

Gets or sets the authzrule's fail reason.  Still wish I understood this.

=head3 Parameters

=over 4

=item STRING

If this parameter is present, the rule's failreason will be set to STRING.

=back

=head3 Returns

No matter how it is called, it always returns the current failreason.

=head2 find

Finds where the authzrule is attached.

=head3 Parameters

None

=head3 Returns

A list of places in the objectspace to which this authzrule is attached.

=head2 attach( STRING[,STRING...] )

Attaches the authzrule to the named places in the object space.

=head3 Parameters

=over 4

=item STRING[, STRING...]

Where in the objectspace to attach the autzrule.  It will DWYM if you send it
an array.

=back

=head3 Returns

The list of places where the authzrule was attached.  This is useful if an
error occurs -- you can at least figure out where the work is done.

=head2 detach([STRING[,STRING...]])

Detaches the authzrule.  

=head3 Parameters

=over 4

=item STRING[,STRING...]

A list of places from which the authzrule is to be detached.  If this
parameter is empty, the authzrule will be detached from B<every> place it is
attached.

=back

=head3 Returns

The list of places from which the authzrule was detached.

=head2 exist

Returns the existence of the authzrule.

=head3 Parameters

None

=head3 Returns

1 if the object exists, 0 if it doesn't.  B<NOTE>: This return value is B<not>
buried in a L<Tivoli::AccessManager::Admin::Response> object.

=head2 name

Returns the name of the authzrule.

=head3 Parameters

None

=head3 Returns

The name of the authzrule.  B<NOTE>: This return value is B<not>
buried in a L<Tivoli::AccessManager::Admin::Response> object.

=head1 ACKNOWLEDGEMENTS

Please read L<Tivoli::AccessManager::Admin> for the full list of acks.  I stand upon the
shoulders of giants.

=head1 BUGS

=head1 AUTHOR

Mik Firestone E<lt>mikfire@gmail.comE<gt>

=head1 COPYRIGHT

Copyright (c) 2005-2012 Mik Firestone.  All rights reserved.  This program is
free software; you can redistibute it and/or modify it under the same terms as
Perl itself.

All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked
and otherwise patented by IBM.


=cut 
701