Go some work started on developing authorization, but I have made little progress. I might wait on this for the next point release.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1127 980ebf18-57e1-0310-9a29-db15c13687c0

3 files changed, 98 insertions, 18 deletions

diff --git a/lib/puppet/server/pelement.rb b/lib/puppet/server/pelement.rb
index 7c4ee7fb3..9799a36af 100755
--- a/lib/puppet/server/pelement.rb
+++ b/lib/puppet/server/pelement.rb
@@ -3,12 +3,13 @@ require 'puppet/server'
 
 module Puppet
 
-class Server::PElementServer
+# Serve Puppet elements.  Useful for querying, copying, and, um, other stuff.
+class Server::PElement < Server::Handler
     attr_accessor :local
 
-    @interface = XMLRPC::Service::Interface.new("fileserver") { |iface|
+    @interface = XMLRPC::Service::Interface.new("pelementserver") { |iface|
         iface.add_method("string describe(string, string, array, array)")
-        iface.add_method("string list(string, string, boolean, array)")
+        iface.add_method("string list(string, array, string)")
     }
 
     # Describe a given object.  This returns the 'is' values for every state
@@ -76,6 +77,7 @@ class Server::PElementServer
         end
     end
 
+    # List all of the elements of a given type.
     def list(type, ignore = [], base = nil, client = nil, clientip = nil)
         @local = true unless client
         typeklass = nil
@@ -83,15 +85,31 @@ class Server::PElementServer
             raise Puppet::Error, "Puppet type %s is unsupported" % type
         end
 
+        ignore = [ignore] unless ignore.is_a? Array
         bucket = TransBucket.new
         bucket.type = typeklass.name
 
         typeklass.list.each do |obj|
+            next if ignore.include? obj.name
+
             object = TransObject.new(obj.name, typeklass.name)
             bucket << object
         end
 
-        bucket
+        if @local
+            return bucket
+        else
+            str = nil
+            case format
+            when "yaml":
+                str = YAML.dump(bucket)
+            else
+                raise XMLRPC::FaultException.new(
+                    1, "Unavailable config format %s" % format
+                )
+            end
+            return CGI.escape(str)
+        end
     end
 
     private
diff --git a/lib/puppet/server/rights.rb b/lib/puppet/server/rights.rb
new file mode 100755
index 000000000..cd4b4b978
--- /dev/null
+++ b/lib/puppet/server/rights.rb
@@ -0,0 +1,63 @@
+require 'ipaddr'
+require 'puppet/server/authstore'
+
+module Puppet
+class Server
+    # Define a set of rights and who has access to them.
+    class Rights
+        # We basically just proxy directly to our rights.  Each Right stores
+        # its own auth abilities.
+        [:allow, :allowed?, :deny].each do |method|
+            define_method(method) do |name, *args|
+                if obj = right(name)
+                    obj.send(method, *args)
+                else
+                    raise ArgumentError, "Unknown right '%s'" % name
+                end
+            end
+        end
+
+        def initialize
+            @rights = {}
+        end
+
+        # Define a new right to which access can be provided.
+        def newright(name)
+            name = name.intern if name.is_a? String
+            shortname = Right.shortname(name)
+            if @rights.include? shortname
+                raise ArgumentError, "Right '%s' is already defined" % name
+            else
+                @rights[shortname] = Right.new(name, shortname)
+            end
+        end
+
+        private
+
+        # Retrieve a right by name.
+        def right(name)
+            @rights[Right.shortname(name)]
+        end
+
+        # A right.
+        class Right < AuthStore
+            attr_accessor :name, :shortname
+
+            def self.shortname(name)
+                name.to_s[0..0]
+            end
+
+            def initialize(name, shortname = nil)
+                @name = name
+                @shortname = shortname
+                unless @shortname
+                    @shortname = Right.shortname(name)
+                end
+                super()
+            end
+        end
+    end
+end
+end
+#
+# $Id$
diff --git a/lib/puppet/type/cron.rb b/lib/puppet/type/cron.rb
index 3351e47b7..fdaadb55b 100755
--- a/lib/puppet/type/cron.rb
+++ b/lib/puppet/type/cron.rb
@@ -27,7 +27,11 @@ module Puppet
                 if self.class.name == :command
                     return super
                 else
-                    return @is == @should
+                    if @is.is_a? Array
+                        return @is == @should
+                    else
+                        return @is == @should[0]
+                    end
                 end
             end
 
@@ -206,18 +210,14 @@ module Puppet
 
             defaultto { ENV["USER"] }
 
-#            validate do |user|
-#                require 'etc'
-#
-#                begin
-#                    parent.uid = Puppet::Util.uid(user)
-#                    #obj = Etc.getpwnam(user)
-#                rescue ArgumentError
-#                    self.fail "User %s not found" % user
-#                end
-#
-#                user
-#            end
+            def value=(value)
+                super
+
+                # Make sure the user is not an array
+                if @value.is_a? Array
+                    @value = @value[0]
+                end
+            end
         end
 
         @doc = "Installs and manages cron jobs.  All fields except the command 
@@ -496,7 +496,6 @@ module Puppet
 
         def create
             # nothing
-            self.info "creating"
             self.store
         end