diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-08-16 15:21:41 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-08-16 15:21:41 +0000 |
commit | 29de360eb486521a4e65d6e1452a8c623201c945 (patch) | |
tree | 9dc5a39aa85b0a9a5a211d43b104633d35b51d87 | |
parent | e552a644c3930f4bffe2ff17c331c0a035d02531 (diff) | |
download | acf-core-29de360eb486521a4e65d6e1452a8c623201c945.tar.bz2 acf-core-29de360eb486521a4e65d6e1452a8c623201c945.tar.xz |
Modified roles and authenticator to delete all data fields when deleting a role or user. Modified all roles code to pass self for future move from text file to database. Roles cannot use authenticator unless or until roles file syntax is changed.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1382 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | app/acf-util/roles-controller.lua | 6 | ||||
-rw-r--r-- | app/acf-util/roles-model.lua | 20 | ||||
-rw-r--r-- | app/acf_www-controller.lua | 2 | ||||
-rw-r--r-- | lib/authenticator-plaintext.lua | 27 | ||||
-rw-r--r-- | lib/authenticator.lua | 18 | ||||
-rw-r--r-- | lib/roles.lua | 27 |
6 files changed, 72 insertions, 28 deletions
diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua index 8b6717e..91d4d9c 100644 --- a/app/acf-util/roles-controller.lua +++ b/app/acf-util/roles-controller.lua @@ -36,11 +36,11 @@ end -- Return list of all permissions getpermslist = function(self) - return cfe({ type="group", value={permissions=self.model.get_perms_list()} }) + return cfe({ type="group", value={permissions=self.model.get_perms_list(self)} }) end viewroles = function(self) - return self.model.view_roles() + return self.model.view_roles(self) end newrole = function(self) @@ -58,5 +58,5 @@ editrole = function(self) end deleterole = function(self) - return self:redirect_to_referrer(self.model.delete_role(self.clientdata.role)) + return self:redirect_to_referrer(self.model.delete_role(self, self.clientdata.role)) end diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index 9149ba2..bdfe20d 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -34,22 +34,22 @@ end -- Return roles/permissions for specified user get_user_roles = function(self, userid) rls = cfe({ type="list", value=authenticator.get_userinfo_roles(self, userid).value, label="Roles" }) - permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" }) + permissions = cfe({ type="table", value=roles.get_roles_perm(self, rls.value), label="Permissions" }) return cfe({ type="group", value={roles=rls, permissions=permissions} }) end -- Return permissions for specified role get_role_perms = function(self, role) - return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" }) + return cfe({ type="table", value=roles.get_role_perm(self, role), label="Permissions" }) end -- Return list of all permissions -get_perms_list = function() +get_perms_list = function(self) return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" }) end -view_roles = function() - local defined_roles, default_roles = roles.list_roles() +view_roles = function(self) + local defined_roles, default_roles = roles.list_roles(self) local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" }) local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" }) @@ -60,7 +60,7 @@ getpermissions = function(self, role) local my_perms = {} if role then - tmp, my_perms = roles.get_role_perm(self.conf.appdir, role) + tmp, my_perms = roles.get_role_perm(self, role) my_perms = my_perms or {} else role = "" @@ -80,7 +80,7 @@ setpermissions = function(self, permissions, newrole) local result = true if newrole then -- make sure not overwriting role - local defined_roles, default_roles = roles.list_roles() + local defined_roles, default_roles = roles.list_roles(self) local reverseroles = {} for i,role in ipairs(defined_roles) do reverseroles[role] = i end for i,role in ipairs(default_roles) do reverseroles[role] = i end @@ -92,7 +92,7 @@ setpermissions = function(self, permissions, newrole) end -- Try to set the value if result==true then - result, permissions.value.role.errtxt = roles.set_role_perm(permissions.value.role.value, nil, permissions.value.permissions.value) + result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissions.value.permissions.value) if not result then permissions.errtxt = "Failed to save role" end @@ -101,7 +101,7 @@ setpermissions = function(self, permissions, newrole) return permissions end -delete_role = function(role) - local result, cmdresult = roles.delete_role(role) +delete_role = function(self, role) + local result, cmdresult = roles.delete_role(self, role) return cfe({ value=cmdresult }) end diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index 3329830..b00953e 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -23,7 +23,7 @@ local function build_menus(self) if self.sessiondata.userinfo and self.sessiondata.userinfo.roles then roles = self.sessiondata.userinfo.roles end - local permissions = roll.get_roles_perm(self.conf.appdir,roles) + local permissions = roll.get_roles_perm(self,roles) self.sessiondata.permissions = permissions --Build the menu diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index aa3e2e3..e90520d 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -9,8 +9,23 @@ create a different file for each field. module (..., package.seeall) +list_fields = function(self, tabl) + if not self or not tabl or tabl == "" then + return {} + end + + local fields = {} + for file in fs.find(".*"..tabl, self.conf.confdir) do + local field = string.match(file, "([^/]*)"..tabl.."$") or "" + if fs.is_file(file) and field ~= "" then + fields[#fields + 1] = field + end + end + return fields +end + read_field = function(self, tabl, field) - if not tabl or tabl == "" or not field then + if not self or not tabl or tabl == "" or not field then return nil end @@ -34,7 +49,7 @@ read_field = function(self, tabl, field) end delete_field = function(self, tabl, field) - if not tabl or tabl == "" or not field then + if not self or not tabl or tabl == "" or not field then return false end local passwd_path = self.conf.confdir .. field .. tabl @@ -95,5 +110,13 @@ delete_entry = function (self, tabl, field, id) fs.write_file(passwd_path, table.concat(output,"\n")) end + -- If deleting the main field, delete all other fields also + if field == "" then + local fields = list_fields(self, tabl) + for i,fld in ipairs(fields) do + delete_entry(self, tabl, fld, id) + end + end + return result end diff --git a/lib/authenticator.lua b/lib/authenticator.lua index 4af5e45..857703c 100644 --- a/lib/authenticator.lua +++ b/lib/authenticator.lua @@ -170,7 +170,7 @@ get_userinfo_roles = function(self, userid) end local rol = require("roles") if rol then - local avail_roles = rol.list_all_roles() + local avail_roles = rol.list_all_roles(self) for x,role in ipairs(avail_roles) do if role=="ALL" then table.remove(avail_roles,x) @@ -251,6 +251,14 @@ delete_user = function (self, userid) return cfe({ value=cmdresult, label="Delete user result" }) end +list_userfields = function(self) + load_auth(self) + if auth then + return auth.list_fields(self, passwdtable) + end + return nil +end + read_userfield = function(self, name) load_auth(self) if auth and name ~= "" then @@ -291,6 +299,14 @@ delete_userentry = function (self, name, userid) return false end +list_rolefields = function(self) + load_auth(self) + if auth then + return auth.list_fields(self, roletable) + end + return nil +end + read_rolefield = function(self, name) load_auth(self) if auth then diff --git a/lib/roles.lua b/lib/roles.lua index b90ecea..1ac4ae9 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -1,6 +1,6 @@ --this module is for authorization help and group/role management - +require ("authenticator") require ("posix") require ("fs") require ("format") @@ -87,7 +87,7 @@ list_default_roles = function() return default_roles end -list_roles = function() +list_roles = function(self) local defined_roles = {} local reverseroles = {} for x,role in ipairs(default_roles) do @@ -106,8 +106,8 @@ list_roles = function() return defined_roles, default_roles end -list_all_roles = function() - local defined_roles, default_roles = list_roles() +list_all_roles = function(self) + local defined_roles, default_roles = list_roles(self) for x,role in ipairs(defined_roles) do default_roles[#default_roles + 1] = role end @@ -115,12 +115,12 @@ list_all_roles = function() end -- Go through the roles files and determine the permissions for the specified roles -get_roles_perm = function(startdir,roles) +get_roles_perm = function(self,roles) permissions = {} permissions_array = {} -- find all of the roles files and add in the master file - local rolesfiles = get_roles_candidates(startdir) + local rolesfiles = get_roles_candidates(self.conf.appdir) rolesfiles[#rolesfiles + 1] = roles_file local reverseroles = {} @@ -154,12 +154,12 @@ get_roles_perm = function(startdir,roles) end -- Go through the roles files and determine the permissions for the specified role -get_role_perm = function(startdir,role) +get_role_perm = function(self,role) permissions = {} permissions_array = {} -- find all of the roles files and add in the master file - local rolesfiles = get_roles_candidates(startdir) + local rolesfiles = get_roles_candidates(self.conf.appdir) rolesfiles[#rolesfiles + 1] = roles_file for x,file in ipairs(rolesfiles) do @@ -187,7 +187,7 @@ get_role_perm = function(startdir,role) end -- Delete a role from role file -delete_role = function(role) +delete_role = function(self, role) for x,ro in ipairs(default_roles) do if role==ro then return false, "Cannot delete default roles" @@ -208,13 +208,18 @@ delete_role = function(role) if result == true then fs.write_file(roles_file, table.concat(output,"\n")) + -- also need to delete any other roles fields for this role + local fields = authenticator.list_rolefields(self) or {} + for x,field in ipairs(fields) do + authenticator.delete_roleentry(self, field, role) + end end return result, cmdresult end -- Set permissions for a role in role file -set_role_perm = function(role, permissions, permissions_array) +set_role_perm = function(self, role, permissions, permissions_array) if role==nil or role=="" then return false, "Invalid Role" end @@ -238,7 +243,7 @@ set_role_perm = function(role, permissions, permissions_array) return false, "No permissions set" end - delete_role(role) + delete_role(self, role) fs.write_line_file(roles_file, role .. "=" .. table.concat(permissions_array,",")) return true end |