HCoop
/
hcoop
/
domtool2.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
mysql: revoke permissions when dropping database
[hcoop/domtool2.git]
/
src
/
acl.sml
diff --git
a/src/acl.sml
b/src/acl.sml
index
6634f91
..
85287d9
100644
(file)
--- a/
src/acl.sml
+++ b/
src/acl.sml
@@
-44,6
+44,8
@@
fun queryAll user =
(class, SS.foldr (op::) [] values) :: out)
[] classes
(class, SS.foldr (op::) [] values) :: out)
[] classes
+fun users () = SM.foldri (fn (user, _, ls) => user :: ls) [] (!acl)
+
fun whoHas {class, value} =
SM.foldri (fn (user, classes, users) =>
case SM.find (classes, class) of
fun whoHas {class, value} =
SM.foldri (fn (user, classes, users) =>
case SM.find (classes, class) of
@@
-62,6
+64,10
@@
fun class {user, class} =
NONE => SS.empty
| SOME values => values
NONE => SS.empty
| SOME values => values
+fun rmuser user =
+ (acl := #1 (SM.remove (!acl, user)))
+ handle NotFound => ()
+
fun grant {user, class, value} =
let
val classes = Option.getOpt (SM.find (!acl, user), SM.empty)
fun grant {user, class, value} =
let
val classes = Option.getOpt (SM.find (!acl, user), SM.empty)
@@
-81,12
+87,28
@@
fun revoke {user, class, value} =
SS.delete (values, value)
else
values
SS.delete (values, value)
else
values
+
+ val classes = if SS.isEmpty values then
+ (#1 (SM.remove (classes, class)))
+ handle NotFound => classes
+ else
+ SM.insert (classes, class, values)
in
in
- acl := SM.insert (!acl, user,
- SM.insert (classes, class,
- values))
+ if SM.numItems classes = 0 then
+ (acl := #1 (SM.remove (!acl, user)))
+ handle NotFound => ()
+ else
+ acl := SM.insert (!acl, user, classes)
end
end
+fun revokeFromAll {class, value} =
+ acl := SM.map (fn classes =>
+ case SM.find (classes, class) of
+ NONE => classes
+ | SOME values =>
+ ((SM.insert (classes, class, SS.delete (values, value)))
+ handle NotFound => classes)) (!acl)
+
fun read fname =
let
val inf = TextIO.openIn fname
fun read fname =
let
val inf = TextIO.openIn fname
@@
-145,4
+167,16
@@
fun write fname =
TextIO.closeOut outf
end
TextIO.closeOut outf
end
+fun queryDomain {user, domain} =
+ let
+ fun trySuffix parts =
+ case parts of
+ [] => false
+ | first :: rest =>
+ query {user = user, class = "domain", value = String.concatWith "." parts}
+ orelse trySuffix rest
+ in
+ trySuffix (String.fields (fn ch => ch = #".") domain)
+ end
+
end
end