diff --git a/Changes b/Changes index bcc6ca6e..1b280044 100644 --- a/Changes +++ b/Changes @@ -1,4 +1,8 @@ -2.036001 - TESTING +2.036002 - TESTING + + [ENHANCEMENTS] + + * #319 better fix for acceping ACL names or values in check_acl_* [BUG FIXES] diff --git a/lib/App/Netdisco/Util/Permission.pm b/lib/App/Netdisco/Util/Permission.pm index 5d87a7fc..19f21f47 100644 --- a/lib/App/Netdisco/Util/Permission.pm +++ b/lib/App/Netdisco/Util/Permission.pm @@ -26,31 +26,39 @@ subroutines. =head1 EXPORT_OK -=head2 check_acl_no( $ip | $instance, $setting_name ) +=head2 check_acl_no( $ip | $instance, $setting_name | $acl_entry | \@acl ) Given an IP address or object instance, returns true if the configuration setting C<$setting_name> matches, else returns false. If the setting is undefined or empty, then C also returns false. -See L for details of what -C<$setting_name> can contain. +If C<$setting_name> is a valid setting, then it will be resolved to the access +control list, else we assume you passed an ACL entry or ACL. + +See L for details of what C<$acl> may +contain. =cut sub check_acl_no { my ($thing, $setting_name) = @_; return 1 unless $thing and $setting_name; - return check_acl($thing, (setting($setting_name) || $setting_name)); + my $config = (exists config->{"$setting_name"} ? setting($setting_name) + : $setting_name); + return check_acl($thing, $config); } -=head2 check_acl_only( $ip | $instance, $setting_name ) +=head2 check_acl_only( $ip | $instance, $setting_name | $acl_entry | \@acl ) Given an IP address or object instance, returns true if the configuration setting C<$setting_name> matches, else returns false. If the setting is undefined or empty, then C also returns true. -See L for details of what -C<$setting_name> can contain. +If C<$setting_name> is a valid setting, then it will be resolved to the access +control list, else we assume you passed an ACL entry or ACL. + +See L for details of what C<$acl> may +contain. =cut @@ -58,22 +66,23 @@ sub check_acl_only { my ($thing, $setting_name) = @_; return 0 unless $thing and $setting_name; # logic to make an empty config be equivalent to 'any' (i.e. a match) - my $config = (setting($setting_name) || $setting_name); + my $config = (exists config->{"$setting_name"} ? setting($setting_name) + : $setting_name); return 1 if not $config # undef or empty string or ((ref [] eq ref $config) and not scalar @$config); return check_acl($thing, $config); } -=head2 check_acl( $ip | $instance, $configitem | \@config ) +=head2 check_acl( $ip | $instance, $acl_entry | \@acl ) -Given an IP address or object instance, compares it to the items in C<< -\@config >> then returns true or false. You can control whether any item must -match or all must match, and items can be negated to invert the match logic. +Given an IP address or object instance, compares it to the items in C<< \@acl +>> then returns true or false. You can control whether any item must match or +all must match, and items can be negated to invert the match logic. Accepts instances of classes representing Netdisco Devices, Netdisco Device IPs, and L family objects. -There are several options for what C<< \@config >> can contain. See +There are several options for what C<< \@acl >> may contain. See L for the details. =cut