#!/usr/bin/perl
package Apache::Sling::AuthzUtil;
use 5.008001;
use strict;
use warnings;
use Carp;
require Exporter;
use base qw(Exporter);
our @EXPORT_OK = ();
our $VERSION = '0.27';
#{{{imports
use strict;
use lib qw ( .. );
#}}}
#{{{sub get_acl_setup
=pod
=head2 get_acl_setup
Returns a textual representation of the request needed to retrieve the ACL for
a node in JSON format.
=cut
sub get_acl_setup {
my ( $base_url, $remote_dest ) = @_;
croak "No base url defined!" unless defined $base_url;
croak "No destination to view ACL for defined!" unless defined $remote_dest;
return "get $base_url/$remote_dest.acl.json";
}
#}}}
#{{{sub get_acl_eval
=pod
=head2 get_acl_eval
Inspects the result returned from issuing the request generated in
get_acl_setup returning true if the result indicates the node ACL was returned
successfully, else false.
=cut
sub get_acl_eval {
my ($res) = @_;
return ( $$res->code =~ /^200$/x );
}
#}}}
#{{{sub delete_setup
=pod
=head2 delete_setup
Returns a textual representation of the request needed to retrieve the ACL for
a node in JSON format.
=cut
sub delete_setup {
my ( $base_url, $remote_dest, $principal ) = @_;
croak "No base url defined!" unless defined $base_url;
croak "No destination to delete ACL for defined!"
unless defined $remote_dest;
croak "No principal to delete ACL for defined!" unless defined $principal;
my $post_variables = "\$post_variables = [':applyTo','$principal']";
return "post $base_url/$remote_dest.deleteAce.html $post_variables";
}
#}}}
#{{{sub delete_eval
=pod
=head2 delete_eval
Inspects the result returned from issuing the request generated in delete_setup
returning true if the result indicates the node ACL was deleted successfully,
else false.
=cut
sub delete_eval {
my ($res) = @_;
return ( $$res->code =~ /^200$/x );
}
#}}}
#{{{sub modify_privilege_setup
=pod
=head2 modify_privilege_setup
Returns a textual representation of the request needed to modify the privileges
on a node for a specific principal.
=cut
sub modify_privilege_setup {
my ( $base_url, $remote_dest, $principal, $grant_privileges,
$deny_privileges )
= @_;
croak "No base url defined!" unless defined $base_url;
croak "No destination to modify privilege for defined!"
unless defined $remote_dest;
croak "No principal to modify privilege for defined!"
unless defined $principal;
my %privileges = (
'read', 1, 'modifyProperties', 1,
'addChildNodes', 1, 'removeNode', 1,
'removeChildNodes', 1, 'write', 1,
'readAccessControl', 1, 'modifyAccessControl', 1,
'lockManagement', 1, 'versionManagement', 1,
'nodeTypeManagement', 1, 'retentionManagement', 1,
'lifecycleManagement', 1, 'all', 1
);
my $post_variables = "\$post_variables = ['principalId','$principal',";
foreach my $grant ( @{$grant_privileges} ) {
if ( $privileges{$grant} ) {
$post_variables .= "'privilege\@jcr:$grant','granted',";
}
else {
croak "Unsupported grant privilege: \"$grant\" supplied!\n";
}
}
foreach my $deny ( @{$deny_privileges} ) {
if ( $privileges{$deny} ) {
$post_variables .= "'privilege\@jcr:$deny','denied',";
}
else {
croak "Unsupported deny privilege: \"$deny\" supplied!\n";
}
}
$post_variables =~ s/,$/]/x;
return "post $base_url/$remote_dest.modifyAce.html $post_variables";
}
#}}}
#{{{sub modify_privilege_eval
=pod
=head2 modify_privilege_eval
Inspects the result returned from issuing the request generated in
modify_privilege_setup returning true if the result indicates the privileges
were modified successfully, else false.
=cut
sub modify_privilege_eval {
my ($res) = @_;
return ( $$res->code =~ /^200$/x );
}
#}}}
1;
__END__
=head1 NAME
AuthzUtil - Utility library returning strings representing queries that perform
authz operations in the system.
=head1 ABSTRACT
AuthzUtil perl library essentially provides the request strings needed to
interact with authz functionality exposed over the system interfaces.
Each interaction has a setup and eval method. setup provides the request,
whilst eval interprets the response to give further information about the
result of performing the request.
=cut