From cfb758d655ec9e825cfd25c233c2c55589324236 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 17 Jul 2014 22:35:59 -0400 Subject: better hasPrivContentExposed Avoid locking down and then lossening the file mode; just use the default/current mode from the beginning. --- src/Propellor/Property/File.hs | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/Propellor/Property/File.hs b/src/Propellor/Property/File.hs index 0e738f25..07ac8c26 100644 --- a/src/Propellor/Property/File.hs +++ b/src/Propellor/Property/File.hs @@ -18,17 +18,23 @@ f `hasContent` newcontent = fileProperty ("replace " ++ f) -- The file's permissions are preserved if the file already existed. -- Otherwise, they're set to 600. hasPrivContent :: FilePath -> Context -> Property -hasPrivContent f context = withPrivData (PrivFile f) context $ \getcontent -> - property desc $ getcontent $ \privcontent -> - ensureProperty $ fileProperty' writeFileProtected desc - (\_oldcontent -> lines privcontent) f - where - desc = "privcontent " ++ f +hasPrivContent = hasPrivContent' writeFileProtected --- | Leaves the file world-readable. +-- | Leaves the file at its default or current mode, +-- allowing "private" data to be read. +-- +-- Use with caution! hasPrivContentExposed :: FilePath -> Context -> Property -hasPrivContentExposed f context = hasPrivContent f context `onChange` - mode f (combineModes (ownerWriteMode:readModes)) +hasPrivContentExposed = hasPrivContent' writeFile + +hasPrivContent' :: (String -> FilePath -> IO ()) -> FilePath -> Context -> Property +hasPrivContent' writer f context = + withPrivData (PrivFile f) context $ \getcontent -> + property desc $ getcontent $ \privcontent -> + ensureProperty $ fileProperty' writer desc + (\_oldcontent -> lines privcontent) f + where + desc = "privcontent " ++ f -- | Ensures that a line is present in a file, adding it to the end if not. containsLine :: FilePath -> Line -> Property -- cgit v1.2.3