fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2010-06-15 06:15 am

[dw-free] privilege function cleanup

[commit: http://hg.dwscoalition.org/dw-free/rev/ae4f9eb44abd]

http://bugs.dwscoalition.org/show_bug.cgi?id=1525

Code modernization: move load_user_privs to the LJ::User package.

Patch by [personal profile] kareila.

Files modified:
  • cgi-bin/LJ/Support.pm
  • cgi-bin/LJ/User.pm
  • htdocs/admin/priv/index.bml
  • t/privs.t
--------------------------------------------------------------------------------
diff -r 11bd44b3cf42 -r ae4f9eb44abd cgi-bin/LJ/Support.pm
--- a/cgi-bin/LJ/Support.pm	Mon Jun 14 16:09:44 2010 -0500
+++ b/cgi-bin/LJ/Support.pm	Tue Jun 15 14:21:09 2010 +0800
@@ -89,7 +89,7 @@ sub init_remote
 {
     my $remote = shift;
     return unless $remote;
-    LJ::load_user_privs($remote, @SUPPORT_PRIVS);
+    $remote->load_user_privs( @SUPPORT_PRIVS );
 }
 
 sub has_any_support_priv {
diff -r 11bd44b3cf42 -r ae4f9eb44abd cgi-bin/LJ/User.pm
--- a/cgi-bin/LJ/User.pm	Mon Jun 14 16:09:44 2010 -0500
+++ b/cgi-bin/LJ/User.pm	Tue Jun 15 14:21:09 2010 +0800
@@ -5169,7 +5169,7 @@ sub has_priv {
     return 0 unless $priv;
 
     # load what privileges the user has, if we haven't
-    LJ::load_user_privs($u, $priv)
+    $u->load_user_privs( $priv )
         unless $u->{'_privloaded'}->{$priv};
 
     # no access if they don't have the priv
@@ -5186,8 +5186,35 @@ sub has_priv {
     return 0;
 }
 
-sub priv_args
-{
+# des: loads all of the given privs for a given user into a hashref, inside
+#      the user record.
+# args: u, priv, arg?
+# des-priv: Priv names to load (see [dbtable[priv_list]]).
+# des-arg: Optional argument.
+# returns: boolean
+sub load_user_privs {
+    my ( $remote, @privs ) = @_;
+    return unless $remote and @privs;
+
+    # return if we've already loaded these privs for this user.
+    @privs = grep { ! $remote->{'_privloaded'}->{$_} } @privs;
+    return unless @privs;
+
+    my $dbr = LJ::get_db_reader() or return;
+    $remote->{'_privloaded'}->{$_}++ foreach @privs;
+    my $bind = join ',', map { '?' } @privs;
+    my $sth = $dbr->prepare( "SELECT pl.privcode, pm.arg ".
+                             "FROM priv_map pm, priv_list pl ".
+                             "WHERE pm.prlid=pl.prlid AND ".
+                             "pm.userid=? AND pl.privcode IN ($bind)" );
+    $sth->execute( $remote->userid, @privs );
+    while ( my ($priv, $arg) = $sth->fetchrow_array ) {
+        $arg = "" unless defined $arg;  # NULL -> ""
+        $remote->{'_priv'}->{$priv}->{$arg} = 1;
+    }
+}
+
+sub priv_args {
     my ( $u, $priv ) = @_;
     return unless $priv && $u->has_priv( $priv );
     # returns hash of form { arg => 1 }
@@ -5955,7 +5982,6 @@ use Carp;
 ###  17. Interest-Related Functions
 ###  19. OpenID and Identity Functions
 ###  21. Password Functions
-###  22. Priv-Related Functions
 ###  24. Styles and S2-Related Functions
 ###  28. Userpic-Related Functions
 ###  99. Miscellaneous Legacy Items
@@ -8196,49 +8222,6 @@ sub set_password {
 
 
 ########################################################################
-###  22. Priv-Related Functions
-
-=head2 Priv-Related Functions (LJ)
-=cut
-
-# <LJFUNC>
-# name: LJ::load_user_privs
-# class:
-# des: loads all of the given privs for a given user into a hashref, inside
-#      the user record.  See also [func[LJ::check_priv]].
-# args: u, priv, arg?
-# des-priv: Priv names to load (see [dbtable[priv_list]]).
-# des-arg: Optional argument.  See also [func[LJ::check_priv]].
-# returns: boolean
-# </LJFUNC>
-sub load_user_privs
-{
-    &nodb;
-    my ( $remote, @privs ) = @_;
-    return unless $remote and @privs;
-
-    # return if we've already loaded these privs for this user.
-    @privs = grep { ! $remote->{'_privloaded'}->{$_} } @privs;
-    return unless @privs;
-
-    my $dbr = LJ::get_db_reader();
-    return unless $dbr;
-    foreach (@privs) { $remote->{'_privloaded'}->{$_}++; }
-    @privs = map { $dbr->quote($_) } @privs;
-    my $sth = $dbr->prepare( "SELECT pl.privcode, pm.arg ".
-                             "FROM priv_map pm, priv_list pl ".
-                             "WHERE pm.prlid=pl.prlid AND ".
-                             "pl.privcode IN (" . join(',',@privs) . ") ".
-                             "AND pm.userid=" . $remote->userid );
-    $sth->execute;
-    while (my ($priv, $arg) = $sth->fetchrow_array) {
-        unless (defined $arg) { $arg = ""; }  # NULL -> ""
-        $remote->{'_priv'}->{$priv}->{$arg} = 1;
-    }
-}
-
-
-########################################################################
 ###  24. Styles and S2-Related Functions
 
 =head2 Styles and S2-Related Functions (LJ)
diff -r 11bd44b3cf42 -r ae4f9eb44abd htdocs/admin/priv/index.bml
--- a/htdocs/admin/priv/index.bml	Mon Jun 14 16:09:44 2010 -0500
+++ b/htdocs/admin/priv/index.bml	Tue Jun 15 14:21:09 2010 +0800
@@ -27,7 +27,7 @@ body<=
     # for pages that require authentication
     my $remote = LJ::get_remote();
     return "<?needlogin?>" unless $remote;
-    LJ::load_user_privs($remote, 'admin');
+    $remote->load_user_privs( 'admin' );
 
     my $dbh = LJ::get_db_writer();
 
diff -r 11bd44b3cf42 -r ae4f9eb44abd t/privs.t
--- a/t/privs.t	Mon Jun 14 16:09:44 2010 -0500
+++ b/t/privs.t	Tue Jun 15 14:21:09 2010 +0800
@@ -6,7 +6,7 @@ use LJ::Console;
 use LJ::Console;
 use LJ::Test qw (temp_user);
 
-plan tests => 5;
+plan tests => 7;
 
 # check that it requires a login
 my $u = temp_user();
@@ -18,3 +18,9 @@ is($u->has_priv( "supporthelp", "*" ), 1
 
 is($u->revoke_priv("supporthelp", "*"), 1, "Revoked the priv from the user");
 is($u->has_priv( "supporthelp", "*" ), 0, "User no longer has the priv");
+
+my @privs = qw/ supporthelp supportclose /;
+
+$u->grant_priv( $_ ) foreach @privs;
+$u->load_user_privs( @privs );
+ok( $u->{'_priv'}->{$_}, "Bulk load of privs okay.") foreach @privs;
--------------------------------------------------------------------------------