diff options
author | Ted Trask <ttrask01@yahoo.com> | 2009-12-21 16:46:20 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2009-12-21 16:46:20 +0000 |
commit | 4ebeb9d3bc2f123f93338bcc8b15ef1723d4eb35 (patch) | |
tree | c6eeb6038a2dfb3b6dbbae2dbd96852e9653755c | |
parent | b5b8c138deb5d4b4216c9186e3d528792edc70b2 (diff) | |
download | acf-core-4ebeb9d3bc2f123f93338bcc8b15ef1723d4eb35.tar.bz2 acf-core-4ebeb9d3bc2f123f93338bcc8b15ef1723d4eb35.tar.xz |
Modified permissions from controller:action to prefix/controller/action.
Had to move welcome to the acf-util prefix.
Changed format of roles files: old ACF format will still work, but authenticator format won't.
-rw-r--r-- | app/Makefile | 4 | ||||
-rw-r--r-- | app/acf-util/acf-util.roles | 6 | ||||
-rw-r--r-- | app/acf-util/logon-controller.lua | 8 | ||||
-rw-r--r-- | app/acf-util/roles-editrole-html.lsp | 4 | ||||
-rw-r--r-- | app/acf-util/roles-html.lsp | 57 | ||||
-rw-r--r-- | app/acf-util/roles-model.lua | 17 | ||||
-rw-r--r-- | app/acf-util/roles-viewroles-html.lsp | 10 | ||||
-rw-r--r-- | app/acf-util/welcome-controller.lua (renamed from app/welcome-controller.lua) | 0 | ||||
-rw-r--r-- | app/acf-util/welcome-html.lsp (renamed from app/welcome-html.lsp) | 0 | ||||
-rw-r--r-- | app/acf_cli-controller.lua | 1 | ||||
-rw-r--r-- | app/acf_www-controller.lua | 24 | ||||
-rw-r--r-- | app/template-html.lsp | 4 | ||||
-rw-r--r-- | lib/menubuilder.lua | 2 | ||||
-rw-r--r-- | lib/roles.lua | 107 |
14 files changed, 107 insertions, 137 deletions
diff --git a/app/Makefile b/app/Makefile index ba4258a..4c5a7aa 100644 --- a/app/Makefile +++ b/app/Makefile @@ -18,13 +18,13 @@ APP_DIST= \ acf-util/password-model.lua \ acf-util/password-status-html.lsp \ acf-util/password.menu \ + acf-util/welcome-controller.lua\ + acf-util/welcome-html.lsp\ acf_www-controller.lua\ acf_cli-controller.lua\ menuhints.menu\ template-html.lsp\ template-stream.lsp\ - welcome-controller.lua\ - welcome-html.lsp\ dispatcherror-html.lsp\ exception-html.lsp\ status-html.lsp\ diff --git a/app/acf-util/acf-util.roles b/app/acf-util/acf-util.roles index b31297c..7433fcc 100644 --- a/app/acf-util/acf-util.roles +++ b/app/acf-util/acf-util.roles @@ -1,4 +1,4 @@ -GUEST=logon:logon,logon:logout,logon:status,welcome:read -USER=password:editme,roles:read +GUEST=logon/logon,logon/logout,logon/status,welcome/read +USER=password/editme,roles/read EXPERT= -ADMIN=logon:logon,logon:logout,logon:status,password:editme,password:status,password:edituser,password:newuser,password:deleteuser,roles:read,roles:getpermslist,roles:viewuserroles,roles:viewroleperms,roles:viewroles,roles:editrole,roles:deleterole,roles:newrole,welcome:read,password:status,password:edituser,password:newuser,password:deleteuser,roles:getpermslist,roles:viewuserroles,roles:viewroleperms,roles:viewroles,roles:editrole,roles:deleterole,roles:newrole +ADMIN=logon/logon,logon/logout,logon/status,password/editme,password/status,password/edituser,password/newuser,password/deleteuser,roles/read,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,welcome/read,password/status,password/edituser,password/newuser,password/deleteuser,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua index d71d257..f1fa93d 100644 --- a/app/acf-util/logon-controller.lua +++ b/app/acf-util/logon-controller.lua @@ -9,17 +9,17 @@ logon = function(self) -- If there are no users defined, add privileges and dispatch password/newuser local users = self.model:list_users() if #users.value == 0 then - self.sessiondata.permissions.password = {} - self.sessiondata.permissions.password.newuser = {"temp"} + self.sessiondata.permissions[self.conf.prefix].password = {} + self.sessiondata.permissions[self.conf.prefix].password.newuser = {"temp"} self:dispatch(self.conf.prefix, "password", "newuser") - self.sessiondata.permissions.password = nil + self.sessiondata.permissions[self.conf.prefix].password = nil self.conf.suppress_view = true return end local userid = cfe({ value=clientdata.userid or "", label="User ID" }) local password = cfe({ label="Password" }) - local redir = cfe({ value=clientdata.redir or "/welcome/read", label="" }) + local redir = cfe({ value=clientdata.redir or "welcome/read", label="" }) local cmdresult = cfe({ type="form", value={userid=userid, password=password, redir=redir}, label="Logon", option="Logon" }) if clientdata.Logon then local logonredirect = self.sessiondata.logonredirect diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp index cec9af0..5d1582f 100644 --- a/app/acf-util/roles-editrole-html.lsp +++ b/app/acf-util/roles-editrole-html.lsp @@ -1,10 +1,6 @@ <% local form, viewtable, page_info = ... %> <% require("viewfunctions") %> -<% --[[ - io.write(html.cfe_unpack(form)) ---]] %> - <H1><%= html.html_escape(form.label) %></H1> <% displayformstart(form, page_info) diff --git a/app/acf-util/roles-html.lsp b/app/acf-util/roles-html.lsp index 090421f..32000af 100644 --- a/app/acf-util/roles-html.lsp +++ b/app/acf-util/roles-html.lsp @@ -1,9 +1,5 @@ <% local view= ... %> -<% --[[ - io.write(html.cfe_unpack(view)) ---]] %> -<% ---[[ %> <% if view.value.userid then %> <H1>Roles/Permission list for <%= html.html_escape(view.value.userid.value) %>:</H1> <% elseif view.value.role then %> @@ -20,9 +16,7 @@ end %> </DL> <% end %> -<% --]] %> -<% ---[[ %> <% if view.value.permissions then %> <% if view.value.userid then %> <H2><%= html.html_escape(view.value.userid.value) %>'s full permissions are</H2> @@ -30,29 +24,36 @@ <H2><%= html.html_escape(view.value.role.value) %>'s full permissions are</H2> <% end %> <DL> - <% local controllers = {} - -- It's nice to have it in alphabetical order - for cont in pairs(view.value.permissions.value) do - controllers[#controllers + 1] = cont - end - table.sort(controllers) - io.write("<TABLE>") - io.write("<TR><TD CLASS='header'>Controller</TD><TD CLASS='header'>Action(s)</TD>") - for x,cont in ipairs(controllers) do - print("<TR><TD STYLE='font-weight:bold;'>",html.html_escape(cont),"</TD><TD>") - -- Again, alphabetical order - local actions = {} - for act in pairs(view.value.permissions.value[cont]) do - actions[#actions + 1] = act + <TABLE> + <TR><TD CLASS='header'>Controller</TD><TD CLASS='header'>Action(s)</TD></TR> + <% local prefixes = {} + -- It's nice to have it in alphabetical order + for pref in pairs(view.value.permissions.value) do + prefixes[#prefixes + 1] = pref end - table.sort(actions) - for y,act in pairs(actions) do - print((html.html_escape(act))) + table.sort(prefixes) + for w,pref in ipairs(prefixes) do + local controllers = {} + -- Again, alphabetical order + for cont in pairs(view.value.permissions.value[pref]) do + controllers[#controllers + 1] = cont + end + table.sort(controllers) + for x,cont in ipairs(controllers) do + print("<TR><TD STYLE='font-weight:bold;'>",html.html_escape(pref..cont),"</TD><TD>") + -- Again, alphabetical order + local actions = {} + for act in pairs(view.value.permissions.value[pref][cont]) do + actions[#actions + 1] = act + end + table.sort(actions) + for y,act in pairs(actions) do + print((html.html_escape(act))) + end + io.write("<TD></TR>") + end end - io.write("<TD></TR>") - end - io.write("</TABLE>") - %> + %> + </TABLE> </DL> <% end %> -<% --]] %> diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index 79c1b14..6b12dd9 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -11,19 +11,22 @@ local get_all_permissions = function(self) local table_perm = {} local array_perm = {} for a,b in pairs(controllers) do - if nil == table_perm[b.sname] then - table_perm[b.sname] = {} + if nil == table_perm[b.prefix] then + table_perm[b.prefix] = {} + end + if nil == table_perm[b.prefix][b.sname] then + table_perm[b.prefix][b.sname] = {} end local temp = roles.get_controllers_func(self,b) for x,y in ipairs(temp) do - table_perm[b.sname][y] = {} - array_perm[#array_perm + 1] = b.sname .. ":" .. y + table_perm[b.prefix][b.sname][y] = {} + array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y end temp = roles.get_controllers_view(self,b) for x,y in ipairs(temp) do - if not table_perm[b.sname][y] then - table_perm[b.sname][y] = {} - array_perm[#array_perm + 1] = b.sname .. ":" .. y + if not table_perm[b.prefix][b.sname][y] then + table_perm[b.prefix][b.sname][y] = {} + array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y end end end diff --git a/app/acf-util/roles-viewroles-html.lsp b/app/acf-util/roles-viewroles-html.lsp index 3e818fb..68aac01 100644 --- a/app/acf-util/roles-viewroles-html.lsp +++ b/app/acf-util/roles-viewroles-html.lsp @@ -16,24 +16,26 @@ <H2>Existing roles</H2> <DL> +<TABLE> <% if view.value.default_roles then %> <% for x,role in pairs(view.value.default_roles.value) do %> - <dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= html.html_escape(role) %></dt> + <TR><TD><dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= html.html_escape(role) %></dt> <dd> [<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>] [<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>] - </dd> + </dd></TD></TR> <% end %> <% end %> <% if view.value.defined_roles then %> <% table.sort(view.value.defined_roles.value) %> <% for x,role in pairs(view.value.defined_roles.value) do %> - <dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= html.html_escape(role) %></dt> + <TR><TD><dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= html.html_escape(role) %></dt> <dd> [<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>] [<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>] [<a href='deleterole?role=<%= html.html_escape(role) %>'>Delete this role</a>] - </dd> + </dd></TD></TR> <% end %> <% end %> +</TABLE> </DL> diff --git a/app/welcome-controller.lua b/app/acf-util/welcome-controller.lua index 77735ec..77735ec 100644 --- a/app/welcome-controller.lua +++ b/app/acf-util/welcome-controller.lua diff --git a/app/welcome-html.lsp b/app/acf-util/welcome-html.lsp index 88bc934..88bc934 100644 --- a/app/welcome-html.lsp +++ b/app/acf-util/welcome-html.lsp diff --git a/app/acf_cli-controller.lua b/app/acf_cli-controller.lua index e3f160d..d2b57e2 100644 --- a/app/acf_cli-controller.lua +++ b/app/acf_cli-controller.lua @@ -9,6 +9,7 @@ mvc.on_load = function (self, parent) self.conf.libdir = self.conf.libdir or ( self.conf.appdir .. "/lib/" ) self.conf.sessiondir = self.conf.sessiondir or "/tmp/" self.conf.script = "" + self.conf.default_prefix = "/acf-util/" self.conf.default_controller = "welcome" parent_exception_handler = parent.exception_handler diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index e71ba4f..12a7a43 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -34,12 +34,12 @@ local function build_menus(self) local cat = cats[x] for y = #cat.groups,1,-1 do local group = cat.groups[y] - if nil == permissions[group.controller] then + if nil == permissions[group.prefix] or nil == permissions[group.prefix][group.controller] then table.remove(cat.groups, y) else for z = #group.tabs,1,-1 do local tab = group.tabs[z] - if nil == permissions[group.controller][tab.action] then + if nil == permissions[group.prefix][group.controller][tab.action] then table.remove(group.tabs, z) end end @@ -59,12 +59,12 @@ local function build_menus(self) self.sessiondata.menu.timestamp = {tab="Menu_created: " .. os.date(),action="Menu_created: " .. os.date(),} end -local check_permission = function(self, controller, action) - --logevent("Trying " .. (controller or "nil") .. ":" .. (action or "nil")) +local check_permission = function(self, prefix, controller, action) + --logevent("Trying "..(prefix or "/")..(controller or "nil").."/"..(action or "nil")) if nil == self.sessiondata.permissions then return false end - if controller then - if nil == self.sessiondata.permissions[controller] then return false end - if action and nil == self.sessiondata.permissions[controller][action] then return false end + if prefix and controller then + if nil == self.sessiondata.permissions[prefix] or nil == self.sessiondata.permissions[prefix][controller] then return false end + if action and nil == self.sessiondata.permissions[prefix][controller][action] then return false end end return true end @@ -77,7 +77,7 @@ local check_permission_string = function (self, str) if "" == action then action = rawget(self.worker, "default_action") or "" end - return check_permission(self, controller, action) + return check_permission(self, prefix, controller, action) end -- look for a template @@ -231,7 +231,7 @@ mvc.on_load = function (self, parent) self.conf.libdir = self.conf.libdir or ( self.conf.appdir .. "/lib/" ) self.conf.sessiondir = self.conf.sessiondir or "/tmp/" self.conf.script = ENV.SCRIPT_NAME - self.conf.default_prefix = "/" + self.conf.default_prefix = "/acf-util/" self.conf.default_controller = self.conf.default_controller or "welcome" self.clientdata = FORM self.conf.clientip = ENV.REMOTE_ADDR @@ -394,7 +394,7 @@ dispatch = function (self, userprefix, userctlr, useraction) end if "" ~= self.conf.controller then -- We now know the controller / action combo, check if we're allowed to do it - local perm = check_permission(self, self.conf.controller) + local perm = check_permission(self, self.conf.prefix, self.conf.controller) local worker_loaded = false if perm then @@ -404,7 +404,7 @@ dispatch = function (self, userprefix, userctlr, useraction) local default_action = rawget(controller.worker, "default_action") or "" if self.conf.action == "" then self.conf.action = default_action end if "" ~= self.conf.action then - local perm = check_permission(controller, self.conf.controller, self.conf.action) + local perm = check_permission(controller, self.conf.prefix, self.conf.controller, self.conf.action) -- Because of the inheritance, normally the -- controller.worker.action will flow up, so that all children have -- actions of all parents. We use rawget to make sure that only @@ -428,7 +428,7 @@ dispatch = function (self, userprefix, userctlr, useraction) -- If the controller or action are missing, display an error view if nil == controller then -- If we have a view w/o an action, just display the view (passing in the clientdata) - if (not self.conf.suppress_view) and has_view(self) and check_permission(self, self.conf.controller, self.conf.action) then + if (not self.conf.suppress_view) and has_view(self) and check_permission(self, self.conf.prefix, self.conf.controller, self.conf.action) then viewtable = self.clientdata else origconf.type = "dispatch" diff --git a/app/template-html.lsp b/app/template-html.lsp index 5af16c7..c1aeafd 100644 --- a/app/template-html.lsp +++ b/app/template-html.lsp @@ -74,13 +74,13 @@ end for x,cat in ipairs(session.menu.cats) do io.write (string.format("\n\t\t\t\t<li>%s\n\t\t\t\t\t<ul>\n", html.html_escape(cat.name))) --start row for y,group in ipairs(cat.groups) do - if pageinfo.prefix == group.prefix .. '/' and pageinfo.controller == group.controller then + if pageinfo.prefix == group.prefix and pageinfo.controller == group.controller then class="class='selected'" tabs = group.tabs else class="" end - io.write (string.format("\t\t\t\t\t\t<li %s><a href=\"%s%s/%s/%s\">%s</a></li>\n", + io.write (string.format("\t\t\t\t\t\t<li %s><a href=\"%s%s%s/%s\">%s</a></li>\n", class,html.html_escape(pageinfo.script),html.html_escape(group.prefix), html.html_escape(group.controller), html.html_escape(group.tabs[1].action), html.html_escape(group.name) )) end io.write ( "\t\t\t\t\t</ul>" ) diff --git a/lib/menubuilder.lua b/lib/menubuilder.lua index 5b9509b..975c31a 100644 --- a/lib/menubuilder.lua +++ b/lib/menubuilder.lua @@ -64,7 +64,7 @@ get_menuitems = function (startdir) startdir = (string.gsub(startdir, "/$", "")) --remove trailing / for k,filename in pairs(get_candidates(startdir)) do local controller = mvc.basename(filename, ".menu") - local prefix = (string.gsub(mvc.dirname(filename), startdir, "")) + local prefix = (string.gsub(mvc.dirname(filename), startdir, "")).."/" -- open the menu file, and parse the contents local handle = io.open(filename) diff --git a/lib/roles.lua b/lib/roles.lua index 1ca8ae2..b554aea 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -34,10 +34,11 @@ get_controllers = function(self,controller) local temp = {} for k,v in pairs(list) do path = string.match(v,"[/%w_-]+/") + prefix = string.match(path,"/[^/]+/$") filename = string.match(v,"[^/]*.lua") name = string.match(filename,"[^.]*") sname = string.match(filename,"[^-]*") - temp[sname] = {path=path,filename=filename,name=name,sname=sname} + temp[sname] = {path=path,prefix=prefix,filename=filename,name=name,sname=sname} end if controller then return temp[controller] @@ -118,34 +119,38 @@ list_all_roles = function(self) return default_roles end --- Go through the roles files and determine the permissions for the specified list of roles (including guest) -get_roles_perm = function(self,roles) - permissions = {} - permissions_array = {} +-- Go through the roles files and determine the permissions for the specified list of roles +local determine_perms = function(self,roles) + local permissions = {} + local permissions_array = {} + local default_permissions_array = {} local reverseroles = {} for x,role in ipairs(roles) do reverseroles[role] = x end - reverseroles[guest_role] = 0 -- always include guest role -- find all of the default roles files and parse them local rolesfiles = get_roles_candidates(self.conf.appdir) for x,file in ipairs(rolesfiles) do + local prefix = string.match(file, "(/[^/]+/)[^/]+$") or "/" + permissions[prefix] = permissions[prefix] or {} f = fs.read_file_as_array(file) or {} for y,line in pairs(f) do if reverseroles[string.match(line,"^[%w_]+")] then - temp = format.string_to_table(string.match(line,"[,%w_:]+$"),",") + temp = format.string_to_table(string.match(line,"[,%w_:/]+$"),",") for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") + -- we'll allow for : or / to not break old format + local control,action = string.match(perm,"([%w_]+)[:/]([%w_]+)") if control then - if nil == permissions[control] then - permissions[control] = {} + if nil == permissions[prefix][control] then + permissions[prefix][control] = {} end if action then - permissions[control][action] = {file} - permissions_array[#permissions_array + 1] = control .. ":" .. action + permissions[prefix][control][action] = {file} + permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action + default_permissions_array[#default_permissions_array + 1] = prefix .. control .. "/" .. action end end end @@ -159,73 +164,33 @@ get_roles_perm = function(self,roles) if reverseroles[entry.id] then temp = format.string_to_table(entry.entry, ",") for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") + local prefix,control,action = mvc.parse_path_info(perm) if control then - if nil == permissions[control] then - permissions[control] = {} + if nil == permissions[prefix] then + permissions[prefix] = {} end - if action then - permissions[control][action] = {} - permissions_array[#permissions_array + 1] = control .. ":" .. action + if nil == permissions[prefix][control] then + permissions[prefix][control] = {} end + permissions[prefix][control][action] = {} + permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action end end end end - return permissions, permissions_array + return permissions, permissions_array, default_permissions_array +end + +-- Go through the roles files and determine the permissions for the specified list of roles (including guest) +get_roles_perm = function(self,roles) + roles[#roles+1] = guest_role + return determine_perms(self, roles) end -- Go through the roles files and determine the permissions for the specified role get_role_perm = function(self,role) - permissions = {} - permissions_array = {} - default_permissions_array = {} - - -- find all of the default roles files and parse them - local rolesfiles = get_roles_candidates(self.conf.appdir) - - for x,file in ipairs(rolesfiles) do - f = fs.read_file_as_array(file) or {} - for y,line in pairs(f) do - if role == string.match(line,"^[%w_]+") then - temp = format.string_to_table(string.match(line,"[,%w_:]+$"),",") - for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") - if control then - if nil == permissions[control] then - permissions[control] = {} - end - if action then - permissions[control][action] = {file} - permissions_array[#permissions_array + 1] = control .. ":" .. action - default_permissions_array[#default_permissions_array + 1] = control .. ":" .. action - end - end - end - end - end - end - - -- then look in the user-editable roles - local entry = authenticator.auth.read_entry(self, authenticator.roletable, "", role) - if entry then - temp = format.string_to_table(entry, ",") - for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") - if control then - if nil == permissions[control] then - permissions[control] = {} - end - if action then - permissions[control][action] = {} - permissions_array[#permissions_array + 1] = control .. ":" .. action - end - end - end - end - - return permissions, permissions_array, default_permissions_array + return determine_perms(self, {role}) end -- Delete a role from role file @@ -247,9 +212,11 @@ set_role_perm = function(self, role, permissions, permissions_array) end if permissions and not permissions_array then permissions_array = {} - for cont,actions in pairs(permissions) do - for action in pairs(actions) do - permissions_array[#permissions_array + 1] = cont .. ":" .. action + for prefix,contrllrs in pairs(permissions) do + for cont,actions in pairs(contrllrs) do + for action in pairs(actions) do + permissions_array[#permissions_array + 1] = prefix .. cont .. "/" .. action + end end end end |