From 88408f13dc1ebcde320748f82d766ad2847f3adc Mon Sep 17 00:00:00 2001
From: Malefitz <michael.gusek@pro-direct-finance.de>
Date: Mon, 26 May 2014 09:50:33 +0200
Subject: [PATCH] Add ability for handling more than one 'Allow from'-directive
 in _directories.erb

---
 README.md                        |  2 +-
 spec/acceptance/vhost_spec.rb    | 13 ++++++++++++-
 templates/vhost/_directories.erb |  6 ++++++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index fd5cb87dc..648823cd4 100644
--- a/README.md
+++ b/README.md
@@ -1135,7 +1135,7 @@ Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhand
 
 ######`allow`
 
-Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. 
+Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
 
 ```puppet
     apache::vhost { 'sample.example.net':
diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb
index 2a55a5d13..c43d3f9e9 100644
--- a/spec/acceptance/vhost_spec.rb
+++ b/spec/acceptance/vhost_spec.rb
@@ -214,7 +214,10 @@ class { 'apache': }
           if versioncmp($apache::apache_version, '2.4') >= 0 {
             $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' }
           } else {
-            $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' }
+            $_files_match_directory = [ 
+              { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' },
+              { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] },
+            ]
           }
 
           $_directories = [
@@ -238,6 +241,13 @@ class { 'apache': }
             ensure  => file,
             content => "Hello World\\n",
           }
+          file { '/var/www/files/bar':
+            ensure => directory,
+          }
+          file { '/var/www/files/bar/bar.html':
+            ensure  => file,
+            content => "Hello Bar\\n",
+          }
           host { 'files.example.net': ip => '127.0.0.1', }
         EOS
         apply_manifest(pp, :catch_failures => true)
@@ -252,6 +262,7 @@ class { 'apache': }
         shell("/usr/bin/curl -sSf files.example.net:80/").stdout.should eq("Hello World\n")
         shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout.should eq("Hello Foo\n")
         shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 403/)
+        shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout.should eq("Hello Bar\n")
       end
     end
 
diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb
index 71c61a02c..5a719e093 100644
--- a/templates/vhost/_directories.erb
+++ b/templates/vhost/_directories.erb
@@ -50,7 +50,13 @@
     Deny <%= directory['deny'] %>
       <%- end -%>
       <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%>
+        <%- if directory['allow'].kind_of?(Array) -%>
+          <%- Array(directory['allow']).each do |access| -%>
+    Allow <%=  access %>
+        <%- end -%>
+      <%- else -%>
     Allow <%= directory['allow'] %>
+      <%- end -%>
       <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%>
       <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%>
     Deny from all