File: | /home/mik/work/module/Tivoli/AccessManager/Admin/ACL.pm |
Coverage: | 99.7% |
line | stmt | bran | cond | sub | pod | time | code |
---|---|---|---|---|---|---|---|
1 | package Tivoli::AccessManager::Admin::ACL; | ||||||
2 | 15 15 15 | 539 65 186 | use strict; | ||||
3 | 15 15 15 | 212 60 254 | use warnings; | ||||
4 | 15 15 15 | 200 77 269 | use Carp; | ||||
5 | |||||||
6 | 15 15 15 | 289 95 379 | use Tivoli::AccessManager::Admin::Response; | ||||
7 | |||||||
8 | #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | ||||||
9 | # $Id: ACL.pm 305 2006-09-28 19:18:01Z mik $ | ||||||
10 | #-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | ||||||
11 | $Tivoli::AccessManager::Admin::ACL::VERSION = "0.04"; | ||||||
12 | 15 | 192 | use Inline( C => 'DATA', | ||||
13 | INC => '-I/opt/PolicyDirector/include', | ||||||
14 | LIBS => ' -lpthread -lpdadminapi -lstdc++', | ||||||
15 | CCFLAGS => '-Wall', | ||||||
16 | # VERSION => '0.04', | ||||||
17 | 15 15 | 281 70 | NAME => 'Tivoli::AccessManager::Admin::ACL'); | ||||
18 | |||||||
19 | sub new { | ||||||
20 | 10 | 1 | 73 | my $class = shift; | |||
21 | 10 | 30 | my $cont = shift; | ||||
22 | 10 | 59 | my $self = {}; | ||||
23 | 10 | 111 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
24 | 10 | 45 | my $name = ''; | ||||
25 | |||||||
26 | 10 | 250 | unless ( defined($cont) and UNIVERSAL::isa($cont,'Tivoli::AccessManager::Admin::Context' ) ) { | ||||
27 | 2 | 57 | warn "Incorrect syntax -- did you forget the context?\n"; | ||||
28 | 2 | 9 | return undef; | ||||
29 | } | ||||||
30 | |||||||
31 | 8 | 53 | bless $self, $class; | ||||
32 | |||||||
33 | 8 | 70 | if ( @_ == 1 ) { | ||||
34 | 4 | 23 | $name = shift; | ||||
35 | } | ||||||
36 | elsif ( @_ % 2 ) { | ||||||
37 | 1 | 24 | warn "Incorrent syntax -- too many parameters\n"; | ||||
38 | 1 | 8 | return undef; | ||||
39 | } | ||||||
40 | elsif ( @_ ) { | ||||||
41 | 2 | 17 | my %opts = @_; | ||||
42 | 2 | 54 | $name = $opts{name} || ''; | ||||
43 | } | ||||||
44 | |||||||
45 | 7 | 47 | $self->{name} = $name; | ||||
46 | 7 | 33 | $self->{context} = $cont; | ||||
47 | |||||||
48 | 7 | 39 | if ( $name ) { | ||||
49 | 5 | 245290 | $self->{exist} = $self->acl_get( $resp ); | ||||
50 | } | ||||||
51 | else { | ||||||
52 | 2 | 17 | $self->{exist} = 0; | ||||
53 | } | ||||||
54 | |||||||
55 | 7 | 92 | return $self; | ||||
56 | } | ||||||
57 | |||||||
58 | sub list { | ||||||
59 | 2 | 1 | 8 | my $class = shift; | |||
60 | 2 | 20 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
61 | 2 | 6 | my $pd; | ||||
62 | |||||||
63 | 2 | 13 | if ( ref($class) ) { | ||||
64 | 1 | 7 | $pd = $class->{context}; | ||||
65 | } | ||||||
66 | else { | ||||||
67 | 1 | 3 | $pd = shift; | ||||
68 | } | ||||||
69 | |||||||
70 | 2 | 88661 | my @acls = acl_list($pd,$resp); | ||||
71 | 2 | 41 | $resp->isok and $resp->set_value(\@acls); | ||||
72 | |||||||
73 | 2 | 14 | return $resp; | ||||
74 | } | ||||||
75 | |||||||
76 | sub find { | ||||||
77 | 1 | 1 | 34 | my $self = shift; | |||
78 | 1 | 11 | my $pd = $self->{context}; | ||||
79 | |||||||
80 | 1 | 11 | return Tivoli::AccessManager::Admin::ProtObject->find( $pd, acl => $self->name ); | ||||
81 | } | ||||||
82 | |||||||
83 | sub listgroups { | ||||||
84 | 4 | 1 | 34 | my $self = shift; | |||
85 | 4 | 27 | my ($acl, @groups); | ||||
86 | |||||||
87 | 4 | 51 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
88 | |||||||
89 | 4 | 39 | unless ( $self->exist ) { | ||||
90 | 2 | 16 | $resp->set_message($self->name . " does not exist"); | ||||
91 | 2 | 27 | $resp->set_isok(0); | ||||
92 | 2 | 23 | return $resp; | ||||
93 | } | ||||||
94 | |||||||
95 | 2 | 165 | @groups = $self->acl_listgroups(); | ||||
96 | 2 | 18 | if ( @groups ) { | ||||
97 | 1 | 16 | $resp->set_value( $groups[0],\@groups ); | ||||
98 | } | ||||||
99 | else { | ||||||
100 | 1 | 14 | $resp->set_value( 'none' ); | ||||
101 | } | ||||||
102 | 2 | 18 | return $resp; | ||||
103 | } | ||||||
104 | |||||||
105 | sub listusers { | ||||||
106 | 4 | 1 | 37 | my $self = shift; | |||
107 | 4 | 18 | my ($acl, @users); | ||||
108 | |||||||
109 | 4 | 58 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
110 | |||||||
111 | 4 | 37 | unless ( $self->exist ) { | ||||
112 | 2 | 19 | $resp->set_message($self->name . " does not exist"); | ||||
113 | 2 | 27 | $resp->set_isok(0); | ||||
114 | 2 | 19 | return $resp; | ||||
115 | } | ||||||
116 | |||||||
117 | 2 | 140 | @users = $self->acl_listusers(); | ||||
118 | 2 | 18 | if ( @users ) { | ||||
119 | 1 | 19 | $resp->set_value( $users[0], \@users ); | ||||
120 | } | ||||||
121 | else { | ||||||
122 | 1 | 10 | $resp->set_value( 'none' ); | ||||
123 | } | ||||||
124 | 2 | 22 | return $resp; | ||||
125 | } | ||||||
126 | |||||||
127 | sub create { | ||||||
128 | 6 | 1 | 46 | my $self = shift; | |||
129 | 6 | 76 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
130 | |||||||
131 | 6 | 47 | unless ( ref( $self ) ) { | ||||
132 | 3 | 25 | my $pd = shift; | ||||
133 | 3 | 83 | unless (defined($pd) and UNIVERSAL::isa($pd,'Tivoli::AccessManager::Admin::Context')){ | ||||
134 | 2 | 31 | $resp->set_message("Invalid Tivoli::AccessManager::Admin::Context object"); | ||||
135 | 2 | 30 | $resp->set_isok(0); | ||||
136 | 2 | 24 | return $resp; | ||||
137 | } | ||||||
138 | 1 | 12 | $self = $self->new( $pd, @_ ); | ||||
139 | } | ||||||
140 | |||||||
141 | 4 | 78 | if ( $self->{exist} ) { | ||||
142 | 2 | 9 | $resp->set_message( $self->name . " already exists" ); | ||||
143 | 2 | 12 | $resp->set_iswarning( 1 ); | ||||
144 | 2 | 9 | $resp->set_value( $self ); | ||||
145 | 2 | 10 | return $resp; | ||||
146 | } | ||||||
147 | |||||||
148 | 2 | 97035 | my $rc = $self->acl_create( $resp ); | ||||
149 | 2 | 67 | $self->{exist} = $resp->isok; | ||||
150 | |||||||
151 | 2 | 32 | $resp->set_value( $self ); | ||||
152 | |||||||
153 | 2 | 28 | return $resp; | ||||
154 | } | ||||||
155 | |||||||
156 | sub delete { | ||||||
157 | 3 | 1 | 24 | my $self = shift; | |||
158 | |||||||
159 | 3 | 50 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
160 | 3 | 137869 | my $rc = $self->acl_delete( $resp ); | ||||
161 | |||||||
162 | 3 | 64 | unless ( $self->exist ) { | ||||
163 | 1 | 37 | $resp->set_message($self->name . " does not exist"); | ||||
164 | 1 | 18 | $resp->set_iswarning(1); | ||||
165 | 1 | 19 | return $resp; | ||||
166 | } | ||||||
167 | |||||||
168 | 2 | 34 | $self->{exist} = 0 if $rc; | ||||
169 | 2 | 35 | $resp->set_value( $rc ); | ||||
170 | 2 | 25 | return $resp; | ||||
171 | } | ||||||
172 | |||||||
173 | sub description { | ||||||
174 | 6 | 1 | 48 | my $self = shift; | |||
175 | 6 | 31 | my $desc = ''; | ||||
176 | 6 | 25 | my ($rc,$acl); | ||||
177 | |||||||
178 | 6 | 75 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
179 | |||||||
180 | 6 | 66 | if ( @_ == 1 ) { | ||||
181 | 2 | 16 | $desc = shift; | ||||
182 | } | ||||||
183 | elsif ( @_ % 2 ) { | ||||||
184 | 1 | 11 | $resp->set_message("Invalid syntax"); | ||||
185 | 1 | 11 | $resp->set_isok(0); | ||||
186 | 1 | 5 | return $resp; | ||||
187 | } | ||||||
188 | elsif ( @_ ) { | ||||||
189 | 2 | 17 | my %opts = @_; | ||||
190 | 2 | 40 | $desc = $opts{description} || ''; | ||||
191 | } | ||||||
192 | |||||||
193 | # Set description | ||||||
194 | 5 | 32 | if ( $desc ) { | ||||
195 | 3 | 265019 | $rc = $self->acl_setdescription($resp,$desc); | ||||
196 | 3 | 161977 | $self->acl_get($resp); | ||||
197 | } | ||||||
198 | |||||||
199 | 5 | 91 | if ( $resp->isok ) { | ||||
200 | 4 | 110 | $desc = $self->acl_getdescription(); | ||||
201 | 4 | 64 | $resp->set_value( $desc || 'none' ); | ||||
202 | } | ||||||
203 | 5 | 46 | return $resp; | ||||
204 | } | ||||||
205 | |||||||
206 | sub _mod_perms { | ||||||
207 | 35 | 206 | my $self = shift; | ||||
208 | 35 | 163 | my ($rc,$string,$acl,%opts,$name); | ||||
209 | |||||||
210 | 35 | 1306 | my %dispatch = ( unauth => { remove => \&acl_removeunauth, | ||||
211 | get => \&acl_getunauth, | ||||||
212 | set => \&acl_setunauth }, | ||||||
213 | anyother => { remove => \&acl_removeanyother, | ||||||
214 | get => \&acl_getanyother, | ||||||
215 | set => \&acl_setanyother }, | ||||||
216 | group => { remove => \&acl_removegroup, | ||||||
217 | get => \&acl_getgroup, | ||||||
218 | set => \&acl_setgroup }, | ||||||
219 | user => { remove => \&acl_removeuser, | ||||||
220 | get => \&acl_getuser, | ||||||
221 | set => \&acl_setuser } | ||||||
222 | ); | ||||||
223 | |||||||
224 | |||||||
225 | 35 | 562 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
226 | |||||||
227 | 35 | 264 | if ( @_ % 2 ) { | ||||
228 | 4 | 43 | $resp->set_message("Invalid syntax"); | ||||
229 | 4 | 44 | $resp->set_isok(0); | ||||
230 | 4 | 96 | return $resp; | ||||
231 | } | ||||||
232 | |||||||
233 | 31 | 253 | unless ( $self->exist ) { | ||||
234 | 4 | 56 | $resp->set_message( $self->name . " doesn't exist"); | ||||
235 | 4 | 44 | $resp->set_isok(0); | ||||
236 | 4 | 73 | return $resp; | ||||
237 | } | ||||||
238 | |||||||
239 | 27 | 537 | %opts = @_; | ||||
240 | |||||||
241 | 27 | 532 | if ( ($opts{action} eq 'user' or $opts{action} eq 'group') and not defined($opts{name}) ) { | ||||
242 | 2 | 30 | $resp->set_message( "Syntax error. You must define the $opts{action} name"); | ||||
243 | 2 | 20 | $resp->set_isok(0); | ||||
244 | 2 | 39 | return $resp; | ||||
245 | } | ||||||
246 | |||||||
247 | 25 | 166 | if ( defined($opts{perms}) ) { | ||||
248 | 21 | 119 | if ( $opts{perms} eq 'remove' ) { | ||||
249 | 5 | 525510 | $rc = $dispatch{$opts{action}}{remove}->($self,$resp,$opts{name}); | ||||
250 | } | ||||||
251 | else { | ||||||
252 | 16 | 1650704 | $rc = $dispatch{$opts{action}}{set}->($self,$resp,$opts{perms},$opts{name}); | ||||
253 | } | ||||||
254 | } | ||||||
255 | |||||||
256 | 25 | 623 | if ( $resp->isok ) { | ||||
257 | 19 | 997939 | $self->acl_get($resp); | ||||
258 | 19 | 1154 | $string = $dispatch{$opts{action}}{get}->($self,$opts{name}); | ||||
259 | 19 | 562 | $resp->set_value( $string || ''); | ||||
260 | } | ||||||
261 | 25 | 859 | return $resp; | ||||
262 | } | ||||||
263 | |||||||
264 | 7 | 1 | 84 | sub unauth { _mod_perms(@_, action => 'unauth', name => ''); } | |||
265 | 10 | 1 | 141 | sub anyother { _mod_perms(@_, action => 'anyother', name => ''); } | |||
266 | 9 | 1 | 100 | sub group { _mod_perms(@_, action => 'group') } | |||
267 | 9 | 1 | 121 | sub user { _mod_perms(@_, action => 'user') } | |||
268 | |||||||
269 | sub _addval { | ||||||
270 | 3 | 13 | my $self = shift; | ||||
271 | 3 | 6 | my $vals = shift; | ||||
272 | |||||||
273 | 3 | 27 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
274 | 3 | 14 | my $rc; | ||||
275 | |||||||
276 | 3 3 | 12 24 | for my $key ( keys %{$vals} ) { | ||||
277 | # Loop if given an array. Don't otherwise. | ||||||
278 | 4 | 32 | if ( ref($vals->{$key} ) ) { | ||||
279 | 2 2 | 5 10 | for my $val ( @{$vals->{$key}} ) { | ||||
280 | 4 | 175443 | $rc = $self->acl_attrput( $resp, $key, $val ); | ||||
281 | 4 | 82 | return $resp unless $resp->isok; | ||||
282 | } | ||||||
283 | } | ||||||
284 | else { | ||||||
285 | 2 | 91446 | $rc = $self->acl_attrput( $resp, $key, $vals->{$key} ); | ||||
286 | } | ||||||
287 | 3 | 62 | return $resp unless $resp->isok; | ||||
288 | } | ||||||
289 | 1 | 11 | return $resp; | ||||
290 | } | ||||||
291 | |||||||
292 | sub _remvalue { | ||||||
293 | 5 | 22 | my $self = shift; | ||||
294 | 5 | 18 | my $vals = shift; | ||||
295 | |||||||
296 | 5 | 36 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
297 | |||||||
298 | 5 | 16 | my $rc; | ||||
299 | |||||||
300 | 5 5 | 11 37 | for my $key ( keys %{$vals} ) { | ||||
301 | # Loop if given an array. Don't otherwise. | ||||||
302 | 5 | 34 | if ( ref($vals->{$key}) ) { | ||||
303 | 3 3 | 11 14 | for my $val ( @{$vals->{$key}} ) { | ||||
304 | 4 | 179624 | $rc = $self->acl_attrdelval( $resp, $key, $val ); | ||||
305 | 4 | 107 | return $resp unless $resp->isok; | ||||
306 | } | ||||||
307 | } | ||||||
308 | else { | ||||||
309 | 2 | 89543 | $rc = $self->acl_attrdelval( $resp, $key, $vals->{$key} ); | ||||
310 | } | ||||||
311 | 3 | 52 | return $resp unless $resp->isok; | ||||
312 | } | ||||||
313 | 2 | 18 | return $resp; | ||||
314 | } | ||||||
315 | |||||||
316 | sub _remkey { | ||||||
317 | 2 | 12 | my $self = shift; | ||||
318 | 2 | 4 | my $keys = shift; | ||||
319 | |||||||
320 | 2 | 15 | my $resp = Tivoli::AccessManager::Admin::Response->new(); | ||||
321 | |||||||
322 | 2 | 10 | my $rc; | ||||
323 | 2 2 | 6 6 | for ( @{$keys} ) { | ||||
324 | 2 | 91755 | $rc = $self->acl_attrdelkey( $resp, $_ ); | ||||
325 | 2 | 54 | return $resp unless $resp->isok; | ||||
326 | } | ||||||
327 | 1 | 9 | return $resp; | ||||
328 | } | ||||||
329 | |||||||
330 | sub attributes { | ||||||
331 | 18 | 1 | 111 | my $self = shift; | |||
332 | 18 | 207 | my $resp = Tivoli::AccessManager::Admin::Response->new; | ||||
333 | 18 | 87 | my $rhash = {}; | ||||
334 | |||||||
335 | 18 | 220 | my %dpatch = ( remove => \&_remvalue, | ||||
336 | removekey => \&_remkey, | ||||||
337 | add => \&_addval | ||||||
338 | ); | ||||||
339 | |||||||
340 | 18 | 144 | if ( @_ % 2 ) { | ||||
341 | 1 | 13 | $resp->set_message("Invalid syntax"); | ||||
342 | 1 | 10 | $resp->set_isok(0); | ||||
343 | 1 | 11 | return $resp; | ||||
344 | } | ||||||
345 | 17 | 91 | my %opts = @_; | ||||
346 | |||||||
347 | 17 | 105 | unless ( $self->exist ) { | ||||
348 | 3 | 20 | $resp->set_message( $self->name . " doesn't exist"); | ||||
349 | 3 | 30 | $resp->set_isok(0); | ||||
350 | 3 | 45 | return $resp; | ||||
351 | } | ||||||
352 | |||||||
353 | 14 | 70 | for my $op ( qw/remove removekey add/ ) { | ||||
354 | 35 | 208 | if ( defined( $opts{$op} ) ) { | ||||
355 | 10 | 69 | $resp = $dpatch{$op}->($self, $opts{$op}); | ||||
356 | 10 | 110 | return $resp unless $resp->isok; | ||||
357 | 4 | 195964 | $self->acl_get($resp); | ||||
358 | } | ||||||
359 | } | ||||||
360 | |||||||
361 | # The "return" in the loop means I will never get here unless either the | ||||||
362 | # loop succeeded, or no parameters where sent. | ||||||
363 | 8 | 381 | for my $key ( $self->acl_attrlist ) { | ||||
364 | 10 | 311 | $rhash->{$key} = [ $self->acl_attrget($key) ]; | ||||
365 | } | ||||||
366 | 8 | 80 | $resp->set_value( $rhash ); | ||||
367 | |||||||
368 | 8 | 75 | return $resp; | ||||
369 | } | ||||||
370 | |||||||
371 | sub DESTROY { | ||||||
372 | 8 | 67 | my $self = shift; | ||||
373 | |||||||
374 | 8 | 133 | $self->_aclfree; | ||||
375 | } | ||||||
376 | |||||||
377 | 61 | 1 | 624 | sub exist { $_[0]->{exist} } | |||
378 | 17 | 1 | 278 | sub name { $_[0]->{name} } | |||
379 | |||||||
380 | 1; | ||||||
381 | |||||||
382 - 821 | =head1 NAME Tivoli::AccessManager::Admin::ACL =head1 SYNOPSIS use Tivoli::AccessManager::Admin; my $tam = Tivoli::AccessManager::Admin->new( password => 'foobar' ); my ($resp,$rc); # See what ACLs exist $resp = Tivoli::AccessManager::Admin::ACL->list($tam); print join("\n", $resp->value); # Create a new ACL my $acl = Tivoli::AccessManager::Admin::ACL->new( $tam ); $resp = $acl->create('bob') unless $acl->exist; my $name = $acl->name; # Give the group 'jon' permissions in this ACL $resp = $acl->group(name => 'jons', perms => 'Trx' ); print "The group 'jons' is granted these privileges by acl '$name':\n"; print $resp->value,"\n"; # Give the user "dave" the same access privs $resp = $acl->user(name => 'dave', perms => 'Trx' ); # Dave was a mistake, lets remove him $resp = $acl->user(name => 'dave', perms => 'remove' ); # Deny all access to anyother and unauth $resp = $acl->anyother( perms => "" ); $resp = $acl->unauth( perms => '' ); # list the users specified in the ACL $resp = $acl->listusers(); # list the groups specified in the ACL $resp = $acl->listgroups(); # Play with the attributes # well, that was fun. What's say we clean up? $resp = $acl->delete(); # Gain access to a system default ACL $acl = Tivoli::AccessManager::Admin::ACL->new($tam, 'default-webseal'); # And find out where it is attached $resp = $acl->find; =head1 DESCRIPTION L<Tivoli::AccessManager::Admin::ACL|Tivoli::AccessManager::Admin::ACL> provides the interface to the ACL portion of the TAM Admin API. =head1 CONSTRUCTOR =head2 new( PDADMIN, NAME ) Creates a blessed B<Tivoli::AccessManager::Admin::ACL> object and returns it. =head3 Parameters =over 4 =item PDADMIN An initialized L<Tivoli::AccessManager::Admin::Context|Tivoli::AccessManager::Admin::Context> object. Please note that, after the L<Tivoli::AccessManager::Admin::ACL|Tivoli::AccessManager::Admin::ACL> object is created, you cannot change the context w/o destroying the object and recreating it. =item NAME The name of the ACL to which the object refers. =back =head3 Returns A fully blessed L<Tivoli::AccessManager::Admin::ACL|Tivoli::AccessManager::Admin::ACL> object. =head2 create(PDADMIN,NAME) Creates a new ACL. This is different than L<"/new"> in that the ACL will be created in the policy database as well. =head3 Parameters =over 4 =item PDADMIN An initialized L<Tivoli::AccessManager::Admin::Context|Tivoli::AccessManager::Admin::Context> object. Please note that, after the L<Tivoli::AccessManager::Admin::ACL|Tivoli::AccessManager::Admin::ACL> object is created, you cannot change the context w/o destroying the object and recreating it. =item NAME The name of the ACL to create. This parameter is optional, if you instatiated the object with a name. Otherwise, it will croak in a most unappealing fashion. =back =head3 Returns If the operational was successful, you will get the new L<Tivoli::AccessManager::Admin::ACL|Tivoli::AccessManager::Admin::ACL> object. If it wasn't successful, you will get an error message why. If the object already exists, you will get a warning and the L<Tivoli::AccessManager::Admin::ACL|Tivoli::AccessManager::Admin::ACL> object. And all of this will be embedded in a L<Tivoli::AccessManager::Admin::Response|Tivoli::AccessManager::Admin::Response> object. =head1 CLASS METHODS Class methods behave like instance methods -- they return L<Tivoli::AccessManager::Admin::Response|Tivoli::AccessManager::Admin::Response> objects. =head2 list(PDADMIN) Lists all ACLs. =head3 Parameters =over 4 =item PDADMIN A fully blessed L<Tivoli::AccessManager::Admin::Context|Tivoli::AccessManager::Admin::Context> object. =back =head3 Returns The resulting list of ACLs. =head1 METHODS All of the methods return a L<Tam::Admin::Response|Tivoli::AccessManager::Admin::Response> object. See the documentation for that module on how to coax the values out. The methods, for the most part, follow the same pattern. If the optional parameters are sent, it has the effect of setting the attributes. All methods calls will embed the results of a 'get' in the L<Tivoli::AccessManager::Admin::Response|Tivoli::AccessManager::Admin::Response> object. =head2 list Lists all of the ACLs. =head3 Parameters none =head3 Returns A list of all the defined ACLs. =head2 listgroups Lists all the groups defined in the ACL. =head3 Parameters None =head3 Returns A list of the groups defined in the ACL. =head2 listusers Lists all the users defined in the ACL. =head3 Parameters None =head3 Returns A list of the users defined in the ACL. =head2 create([NAME]) L<"/create"> can also be used as an instance method. =head3 Parameters =over 4 =item NAME The name of the ACL to create. This parameter is optional, if you instatiated the object with a name. Otherwise, it will croak in a most unappealing fashion. =back =head3 Returns True if the create succeeded, false it failed and a warning if the ACL already existed. =head2 description([STRING]) Sets the description on the ACL =head3 Parameters =over 4 =item STRING The description to be set. This is an optional parameter =back =head3 Returns The current (possible empty) description. =head2 find Finds where in the object space the ACL has been attached. This is really just a wrapper for L<Tivoli::AccessManager::Admin::ProtObject|Tivoli::AccessManager::Admin::ProtObject>. I like an ACL object being able to tell you where it is. =head3 Parameters None =head3 Returns A possibly empty list of places the ACL is attached. =head2 delete Deletes the ACL. =head3 Parameters None =head3 Returns True if the operation succeeded, and error and message otherwise. =head2 anyother([perms =E<gt> STRING]) Sets or gets the permissions for any-other in the ACL. The ACL must exist before calling this method. =head3 Parameters =over 4 =item perms =E<gt> STRING If this parameter is set, L<"anyother"> will attempt to set the permissions for any-other to this value. If the value of this parameter is 'remove', L<"anyother"> will be removed from the ACL. =back =head3 Returns The permissions currently allowed by the ACL for any-other. =head2 unauth([perms =E<gt> STRING]) Sets or gets the permissions for unauth in the ACL. The ACL must exist before calling this method. =head3 Parameters =over 4 =item perms =E<gt> STRING If this parameter is set, L</"unauth"> will attempt to set the permissions for unauth to this value. If the value of this parameter is 'remove', L</"unauth"> will be removed from the ACL. =back =head3 Returns A list of all of the actions currently allowed by the ACL for unauthenticated users. =head2 group( name =E<gt> 'group'[, perms =E<gt> STRING ) Sets or gets the permissions for the named group in the ACL. The ACL must exist before calling this method. =head3 Parameters =over 4 =item name =E<gt> group The name of the group to which the permissions apply. This parameter is mandatory. =item perms =E<gt> STRING If this parameter is set, L</"group"> will attempt to set the permissions for the group to this value. If the value of this parameter is 'remove', the named group will be removed from the ACL. =back =head3 Returns A list of all of the actions currently allowed by the ACL for the group. =head2 user( name =E<gt> userid[, perms =E<gt> STRING ) Sets or gets the permissions for the named user in the ACL. The ACL must exist before calling this method. =head3 Parameters =over 4 =item name =E<gt> userid The user id to which the permissions apply. This parameter is mandatory. =item perms =E<gt> STRING If this parameter is set, L</"user"> will attempt to set the permissions for the user to this value. If the value of this parameter is 'remove', The user will be removed from the ACL. =back =head3 Returns A list of all of the permission currently allowed by the ACL for the user. =head2 attributes([add =E<gt> { key => [qw/value0 value1/] | 'value0' }, remove =E<gt> { key => [qw/value0 value1/] | 'value0' }, removekey =E<gt> [qw/key0 key1] ] ) Adds key/value attributes to an ACL, removes the values and removes the entire key/value pairs. I find these to be the more ... annoying functions. =head3 Parameters =over 4 =item add =E<gt> { key =E<gt> [qw/ value0 value1/] | 'value0' } Causes L</"attribute"> to add any number of key/value pairs to the ACL. As you can have multiple values associated with any given key, you can either use an array reference for multiple values, or a simple scalar if you are playing with only one. You can, obviously, add multiple keys with the same call. You can also, strangely enough, add the same value to a key multiple times. =item remove =E<gt> { key =E<gt> [qw/ value0 value1/] | 'value0' } Removes the specified value(s) from the key. This does not remove the key, simply the values from the key. You will get an error if you try to remove a value that is not defined. =item removekey =E<gt> [qw/key0 key1] Removes both the attribute and any associated values from the ACL. =back =head3 Returns A hash of lists. The hash is keyed off of the attribute names. The values for each attribute are returned as a list -- even if there is only one value. =head2 exist Lets you know if the ACL exists in the TAM database or not. =head3 Parameters None =head3 Returns 0 if the ACL does not exist, 1 if it does. =head2 name Returns the name of the ACL =head3 Parameters None =head3 Returns Uhh. The name of the ACL. =head1 ACKNOWLEDGEMENTS Please read L<Tivoli::AccessManager::Admin|Tivoli::AccessManager::Admin> for the full list of acks. I stand upon the shoulders of giants. =head1 BUGS The documentation is now horribly gobsmacked. The previous comment is really unhelpful. The permissions needs to be extended to handle things like [PDWebPI]. It would be better to extend them to be dynamically extendable. =head1 AUTHOR Mik Firestone E<lt>mikfire@gmail.comE<gt> =head1 COPYRIGHT Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself. All references to TAM, Tivoli Access Manager, etc are copyrighted, trademarked and otherwise patented by IBM. =cut | ||||||
822 |