Added the full roles to the sessiondata.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@696 ab2d0c66-481e-0410-8bed-d214d4d58bed

6 files changed, 45 insertions, 5 deletions

diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index a86d361..ff5515a 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -5,6 +5,7 @@ module (..., package.seeall)
 require ("session")
 require ("html")
 require ("fs")
+require ("roles")
 
 --varibles for time in case of logons,expired,lockouts
 minutes_expired_events=30
@@ -56,6 +57,7 @@ session.expired_events(conf.sessiondir, minutes_expired_events)
 			local t = auth.get_userinfo (self, id_user)
 			sessiondata.id = session.random_hash(512)
 			sessiondata.userinfo = t or {}
+			sessiondata.userinfo.perm = roles.get_roles_perm(self,auth.get_userinfo_roles(self,id_user))
 			self.conf.prefix="/acf-util/"
 			self.conf.action="status"
 			self.conf.type="redir"
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index dbfff35..b4641dc 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -7,7 +7,9 @@ module (..., package.seeall)
 
 read = function(self,sessionid)
 	useid , theroles = session.check_session(conf.sessiondir,sessionid,"roles")
-	return ( cfe { value=theroles,name="roles" })	
+--we need to expand roles to give us real perm list
+	perm = roles.get_roles_perm(self,theroles)
+	return ( cfe { userid={value=useid,name="userid"},roles={ value=theroles,name="roles"}, perm={value=perm,name="perm"}  })	
 end
 
 getcont = function(self)
diff --git a/app/acf-util/roles-read-html.lsp b/app/acf-util/roles-read-html.lsp
index ec6e965..c5ea541 100644
--- a/app/acf-util/roles-read-html.lsp
+++ b/app/acf-util/roles-read-html.lsp
@@ -1,8 +1,11 @@
 <? local view= ... ?> 
 <h1>Role Views</h1>
+<p>Roles/Permission list for <?= view.read.userid.value ?>:<p>
+
 <p>You are valid in these role <p>
-<? for a,b in pairs(view.read.value) do ?>
-<li><?= b ?><br>
-<? end ?>
+<? for a,b in pairs(view.read.roles.value) do 
+print("<li>",b) end ?>
 
+<p>Your full permissions are<p>
+<?= view.read.perm.value ?>
 <?= html.cfe_unpack(view) ?>
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index 57bbf35..c9d5c42 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -94,3 +94,12 @@ get_userinfo = function ( self, userid )
 	end
 end
 
+get_userinfo_roles = function (self, userid)
+	local t = pvt.parse_authfile(self.conf.confdir .. "/passwd")
+	if t == false then
+		return nil
+	else
+		temp = pvt.get_id (userid, t)
+		return temp.roles
+	end
+end
diff --git a/lib/format.lua b/lib/format.lua
index 2865756..60fda82 100644
--- a/lib/format.lua
+++ b/lib/format.lua
@@ -112,7 +112,7 @@ end
 -- This code comes from http://lua-users.org/wiki/SplitJoin
 -- -- example: format.table_to_string( {"Anna", "Bob", "Charlie", "Dolores"}, ",")
 function table_to_string (list, delimiter)
-	local len = getn(list)
+	local len = #(list)
 	if len == 0 then 
 		return "" 
 	end
diff --git a/lib/roles.lua b/lib/roles.lua
index 808aa95..bdaf635 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -2,6 +2,7 @@
 
 
 require ("posix")
+require ("fs")
 require ("format")
 
 module (..., package.seeall)
@@ -55,3 +56,26 @@ end
 	end
 end
 
+get_roles_perm = function(self,roles)
+	--for now we are using the file static
+	--this will go through and search from the roles in sessionid to get the real
+	--permission list
+	local rolesfile = "/etc/acf/roles"
+	f = fs.read_file_as_array(rolesfile)
+	local temp = {}
+	for k,v in pairs(roles) do
+		for a,b in pairs(f) do
+		match = "^" .. v
+		c = string.match(b,match)
+		if c then 
+		inval = string.match(b,"[,%w:]+$")
+		temp[#temp +1] = inval
+		end
+		end
+	end
+	temp1 = format.table_to_string(temp,",")
+	--we now can return the first level of roles perms. What if a role is a member of a role...
+	
+	return temp1
+end
+