Now, in our system we have various usertypes. Every user has at least one assigned to him/her, and it's common to have more. There are three primary groups I'm concerned with: programmers, editors, and consultants. Programmers ought to be able to do whatever they want; editors are a highly trusted bunch, but still ought to have some restrictions; consultants are at the outskirts of the organization and have a high turnover rate, and so, while allowed to have some access to this system, need to have some heavy restrictions placed upon them. Furthermore, these usertypes may be modified by the attributes 'former' or 'admin' or 'trainee' (more precisely: ('former) || ('admin' || 'trainee')). Thus, we have things like 'former consultant', 'editor admin', 'programmer trainee', etc. I for example am a former editor and a programmer. What I want to do is limit the sorts of code that a user can run by tying particular opsets to trust levels assigned by usertype. This is accomplished using the Safe module. In my case, the fact that I'm a former editor should win me no trust, however the fact that I'm a programmer should enable me to do whatever I want. So, the assignment has to be smart enough to give trust where and only where it's due, and take it away in the same manner.
That said, here's the code:
sub _permittedOps() { my ($this) = @_; # Hashes for mapping in order to avoid if-else chaining my (%attr_value, %high_type, %trust_level); # A map associating opcode sets with trust levels. %trust_level = (full => full_opset(), strong => opset(qw/:default :filesys_read :sys_db :filesys_open :filesys_write :ownproc +ess :subprocess/), normal => opset(qw/:default/), weak => opset(qw/:base_core :base_mem :base_loop :base_io :base_orig/), none => opset(qw/:base_core :base_loop/) ); # A map associating usertype attributes with positive/negative val +ues # affecting the level of trust assigned to the user. %attr_value = (admin => 1, consultant => -1, editor => 0, former = +> -2, other => -2, programmer => 2, trainee => -1); # Run through all of the assigned usertypes, adjusting the trust l +evel in %high_type # granted the user for each particular usertype. $1, if defined wi +ll be # 'former', $2 will be either 'consultant', 'editor', or 'programm +er'. # $3, if defined, will be either 'admin' or 'trainee'. foreach my $type (@usertypes) { # @usertypes is defined in the rea +l code, don't worry :) if ($type =~ /^(former)?\s?(consultant|editor|programmer)\s? (admin|trainee)?$/ix) { unless ($1) { # Look up the appropriate usertype and attribute values. $high_type{$2} += $attr_value{$2}; $high_type{$2} += $attr_value{$3} if $3; } else { $high_type{$2} += $attr_value{$1} } } else { $high_type{other} += $attr_value{other}; } } # Take the maximum trust available. my $max = pop(@{[sort values %high_type]}); # Return the appropriate opset. ($max > 1) and return $trust_level{full}; ($max == 1) and return $trust_level{strong}; ($max == 0) and return $trust_level{normal}; ($max == -1) and return $trust_level{weak}; ($max < -1) and return $trust_level{none}; }
What I'd like is some feedback on a few separate issues:
Many thanks in advance, fever. Oh and it's my birthday so be nice :^P
In reply to Assigning Opsets by User Type by djantzen
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |