Apache-iNcom
2 results

 view release on metacpan or  search on metacpan

lib/DBIx/UserDB.pm  view on Meta::CPAN 


sub group_remove_user {
    my ( $self, $group, $user ) = @_;

    my $DB = $self->{DB};
    $DB->sql_insert( q{ DELETE FROM groupmembers WHERE gid = ? AND uid = ?) },
		     $group->{gid}, $user->{uid} );

    $group->{members} = [ grep { $_ != $user->{uid} } @{$group->{members} } ];

}

=pod

=head1 ACL METHODS

Here are the methods to access the ACL information :

=head2 grant ( \%user_or_group, $target, $privilege )

Grant the specified I<privilege> on I<target> to that group or user.
If you want to set the default policy regarding that target and privilege,
use undef as the user parameter.

=cut

sub grant {
    $_[0]->update_acl( @_, 1 );
}

=pod

=head2 deny ( \%user_or_group, $target, $privilege )

Deny the specific I<privilege> on I<target> to that group or user. Use undef
if you want the default policy to be deny.

=cut

sub deny {
    $_[0]->update_acl( @_, 0 );
}

sub update_acl {
    my ( $self, $whom, $target, $priv, $negated ) = @_;

    my $DB = $self->{DB};

    # Try to update privilege first in case it was set and not revoked
    my $rv;
    if ( not ref $whom) {
	$rv = $DB->sql_update( q{ UPDATE default_acl SET negated = ?
				  WHERE target = ? AND privilege = ? },
			       $negated, $target, $priv );
    } elsif ( exists $whom->{uid} ) {
	$rv = $DB->sql_update( q{ UPDATE user_acl SET negated = ?
				  WHERE uid = ? AND target = ?
					AND privilege = ? },
			       $negated, $whom->{uid}, $target, $priv );
    } else {
	$rv = $DB->sql_updated( q{ UPDATED group_acl SET negated = ?
				   WHERE gid = ? AND target = ?
					 AND privilege = ? },
			 $negated, $whom->{gid}, $target, $priv );
    }
    unless ( $rv ) {
	if ( not ref $whom) {
	    $DB->sql_insert( q{ INSERT INTO default_acl
				    (target,privilege,negated)
				    VALUES (?,?,?) },
			     $target, $priv, $negated );
	} elsif ( exists $whom->{uid} ) {
	    $DB->sql_insert( q{ INSERT INTO user_acl
				(uid,target,privilege,negated)
				VALUES (?,?,?,?) },
			     $whom->{uid}, $target, $priv, $negated );
	} else {
	    $DB->sql_insert( q{ INSERT INTO group_acl
				(gid,target,privilege,negated)
				VALUES (?,?,?,?) },
			     $whom->{gid}, $target, $priv, $negated );
	}
    }
}

=pod

=head2 revoke ( \%user_or_group, $target, $privilege )

Removes the specified I<privilege> on I<target> associated with user
or group. If you want to remove the default policy, use undef as the
user parameter.

NOTE: Revoking is not the same as denying. Revoking removes the entry
from the ACL which means that the resulting policy will be determined
by other entry in the ACL (i.e: group or default). When using deny,
you are explicitely determining the level of access.

=cut

sub revoke {
    my ( $self, $whom, $target, $priv ) = @_;

    my $DB = $self->{DB};
    if ( not ref $whom) {
	$DB->sql_delete( q{ DELETE FROM default_acl
			    WHERE target = ? AND privilege = ? },
			 $target, $priv );
    } elsif ( exists $whom->{uid} ) {
	$DB->sql_delete( q{ DELETE FROM user_acl
			    WHERE uid = ? AND target = ? AND privilege = ? },
			 $whom->{uid}, $target, $priv );
    } else {
	$DB->sql_delete( q{ DELETE FROM group_acl
			    WHERE gid = ? AND target = ? AND privilege = ? },
			 $whom->{gid}, $target, $priv );
    }
}

=pod



( run in 2.401 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )