Refactored ACL support with multi-object compare

Squashed commit of the following: commit 4081e22202693bd7c4ea00e95daad8e628c6fd5a Author: Oliver Gorwits <oliver@cpan.org> Date: Mon May 29 21:02:07 2023 +0100 large rename of check_acl* to acl_matches* commit 3cfa284ddd24d68765c255578cc5c184afbdcd83 Author: Oliver Gorwits <oliver@cpan.org> Date: Fri May 19 20:39:03 2023 +0100 update permission doc commit 8c7bb93cc5e9fafb770f98f446e45cbd94b14894 Author: Oliver Gorwits <oliver@cpan.org> Date: Wed May 17 21:50:07 2023 +0100 migrate most check_acl_only to acl_matches_only commit c47f699f2a22f08f2f3e093ed0f24c891e6f9a82 Author: Oliver Gorwits <oliver@cpan.org> Date: Wed May 17 21:39:19 2023 +0100 rename check_acl* to be acl_matches* commit a884a22c3ab1f3262118c3a47ed8e25b0b0a7336 Author: Oliver Gorwits <oliver@cpan.org> Date: Sun May 14 16:50:42 2023 +0100 update macsuck_no_deviceports to use acl_matches commit 8c256af728721329b64d071fa529dfc844073ac6 Author: Oliver Gorwits <oliver@cpan.org> Date: Sun May 7 22:54:33 2023 +0100 update hide_deviceports to use acl_matches multi @things commit cd5d9978aba1da459be4fed4500f395df13f7784 Author: Oliver Gorwits <oliver@cpan.org> Date: Sun May 7 22:53:38 2023 +0100 check_acl fix to allow all @things to offer a property before fallback to missing as empty string commit 1a3ab9a7646e9f994f03126d45fc36e9e5a13ed5 Author: Oliver Gorwits <oliver@cpan.org> Date: Tue May 2 15:31:17 2023 +0100 add ignore_deviceports to portproperties discover; improve comments commit 51385ce89458dc939587dae902fda431719c22c9 Merge: b97c07d2 3f8ffe78 Author: Oliver Gorwits <oliver@cpan.org> Date: Tue May 2 15:21:48 2023 +0100 Merge branch 'master' into og-acl_multidict commit b97c07d237d750c1d9eb3095d8ff3908512eac2a Author: Oliver Gorwits <oliver@cpan.org> Date: Sat Mar 25 14:37:53 2023 +0000 add support for arrayref of items, and unblessed hash, to check_acl
2023-05-29 21:32:07 +01:00
parent 3f8ffe787f
commit 9355f5c2b9
27 changed files with 463 additions and 335 deletions
--- a/lib/App/Netdisco/Web/Plugin/Device/Neighbors.pm
+++ b/lib/App/Netdisco/Web/Plugin/Device/Neighbors.pm
@@ -7,7 +7,7 @@ use Dancer::Plugin::Auth::Extensible;

 use List::Util 'first';
 use List::MoreUtils ();
-use App::Netdisco::Util::Permission 'check_acl_only';
+use App::Netdisco::Util::Permission 'acl_matches';
 use App::Netdisco::Web::Plugin;

 register_device_tab({ tag => 'netmap', label => 'Neighbors' });
@@ -228,11 +228,11 @@ ajax '/ajax/data/device/netmap' => require_login sub {

      # if host groups picked then use ACLs to filter
      my $first_hgrp =
-        first { check_acl_only($device, setting('host_groups')->{$_}) } @hgrplist;
+        first { acl_matches($device, setting('host_groups')->{$_}) } @hgrplist;
      next DEVICE if ((scalar @hgrplist) and (not $first_hgrp));

      # now reset first_hgroup to be the group matching the device, if any
-      $first_hgrp = first { check_acl_only($device, setting('host_groups')->{$_}) }
+      $first_hgrp = first { acl_matches($device, setting('host_groups')->{$_}) }
                          keys %{ setting('host_group_displaynames') || {} };

      ++$logvals{ $device->get_column('log') || 1 };
--- a/lib/App/Netdisco/Web/Plugin/Device/Ports.pm
+++ b/lib/App/Netdisco/Web/Plugin/Device/Ports.pm
@@ -4,7 +4,7 @@ use Dancer ':syntax';
 use Dancer::Plugin::DBIC;
 use Dancer::Plugin::Auth::Extensible;

-use App::Netdisco::Util::Permission 'check_acl_no';
+use App::Netdisco::Util::Permission 'acl_matches';
 use App::Netdisco::Util::Port 'port_reconfig_check';
 use App::Netdisco::Util::Web (); # for sort_port
 use App::Netdisco::Web::Plugin;
@@ -217,31 +217,33 @@ get '/ajax/content/device/ports' => require_login sub {

    # filter out hidden ones
    if (not param('p_include_hidden')) {
-        my $device_ips = {};
-        map  { push @{ $device_ips->{$_->port} }, $_ }
-             $device->device_ips(undef, {prefetch => 'device_port'})->all;
+        my $port_map = {};
+        my %to_hide  = ();

-        map  { push @{ $device_ips->{$_->port} }, $_ }
-        grep { ! exists $device_ips->{$_->port} }
+        map { push @{ $port_map->{$_->port} }, $_ }
+             grep { $_->port }
             @results;

+        map { push @{ $port_map->{$_->port} }, $_ }
+            grep { $_->port }
+            $device->device_ips()->all;
+
        foreach my $map (@{ setting('hide_deviceports')}) {
            next unless ref {} eq ref $map;

            foreach my $key (sort keys %$map) {
                # lhs matches device, rhs matches port
-                next unless check_acl_no($device, $key);
+                next unless $key and $map->{$key};
+                next unless acl_matches($device, $key);

-                PORT: foreach my $port (sort keys %$device_ips) {
-                    foreach my $thing (@{ $device_ips->{$port} }) {
-                        next unless check_acl_no($thing, $map->{$key});
-
-                        @results = grep { $_->port ne $port } @results;
-                        next PORT;
-                    }
+                foreach my $port (sort keys %$port_map) {
+                    next unless acl_matches($port_map->{$port}, $map->{$key});
+                    ++$to_hide{$port};
                }
            }
        }
+
+        @results = grep { ! exists $to_hide{$_->port} } @results;
    }

    # sort ports