FeddDownload: grantnodetype.patch

grantnodetype

@@ -29 +29 @@
 # permission to use all of the types in that class, the class itself, and any
 # aux nodetypes for the type/class (node_types_auxtypes table). 
 #
+# The -R option removes the specified access and the -C option confirms that it
+# exists (via exit code).
+#
 sub usage()
 {
-    print STDERR "Usage: grantnodetype [-h] -p <pid> <type>\n";
+    print STDERR "Usage: grantnodetype [-RCh] -p <pid> <type>\n";
+    print STDERR "      -R   Remove access\n";
+    print STDERR "      -C   Confirm access\n";
     print STDERR "      -h   This message\n";
     exit(-1);
 }
-my $optlist  = "hp:dn";
+my $optlist  = "CRhp:dn";
 my $impotent = 0;
 my $debug    = 0;
 my %newtypes = ();
+my $operation = "add";
 my $pid;
 
 #
@@ -76 +82 @@
 # Untaint the path
 # 
 $ENV{'PATH'} = "/bin:/sbin:/usr/bin:";
+delete $ENV{'CDPATH'};
 
 #
 # Parse command arguments. Once we return from getopts, all that should be
@@ -94 +101 @@
 if (defined($options{d})) {
     $debug = 1;
 }
+if (defined($options{R})) {
+    $operation = "remove";
+}
+if (defined($options{C})) {
+    if ($operation eq "add" ) {
+        $operation = "confirm";
+    }
+    else {
+        print STDERR "Only one of -C or -R permitted\n";
+        usage();
+    }
+}
 if (defined($options{p})) {
     $pid = $options{p};
 }
@@ -176 +195 @@
 #
 # Run the queries.
 # 
+
+my $confirm = 1;
 foreach my $newtype (keys(%newtypes)) {
     print STDERR "Granting permission to use type $newtype\n"
         if ($debug);
@@ -197 +218 @@
             "    There is no '-' policy for node type $newtype! Stopping.\n");
     }
 
-    #
-    # Add generic rules that say the project is allowed to use "infinite"
-    # number of nodes of each type. 
-    # 
-    DBQueryFatal("replace into group_policies ".
-                 "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
-                 "values ($pid_idx, $pid_idx, '$pid', '$pid', ".
-                 "        'type', '$newtype', 999999)")
-        if (!$impotent);
+    if ($operation eq "add") {
+        #
+        # Add generic rules that say the project is allowed to use "infinite"
+        # number of nodes of each type. 
+        # 
+        DBQueryFatal("replace into group_policies ".
+                     "(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
+                     "values ($pid_idx, $pid_idx, '$pid', '$pid', ".
+                     "        'type', '$newtype', 999999)")
+            if (!$impotent);
+    }
+    elsif ($operation eq 'remove') {
+        #
+        # Remove rules with this pid and this type
+        # 
+        DBQueryFatal("delete from group_policies where pid='$pid' " .
+                "and auxdata='$newtype'")
+            if (!$impotent);
+    }
+    elsif ($operation eq 'confirm') {
+        #
+        # Confirm that all the table entries add would make are there.
+        # 
+        if (!$impotent) {
+            my $result  = DBQueryFatal("select pid from group_policies ".
+                "where pid='$pid' and auxdata='$newtype'");
+            if (!$result->num_rows) {
+                $confirm = 0;
+                last;
+            }
+        }
+        else {
+            next;
+        }
+    }
 }
 
+exit($confirm ? 0 : 20) if ($operation eq 'confirm');
+
 #
 # Now update the permissions table. 
 #