Modified roles and authenticator to delete all data fields when deleting a role or user. Modified all roles code to pass self for future move from text file to database. Roles cannot use authenticator unless or until roles file syntax is changed.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1382 ab2d0c66-481e-0410-8bed-d214d4d58bed

6 files changed, 72 insertions, 28 deletions

diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua
index 8b6717e..91d4d9c 100644
--- a/app/acf-util/roles-controller.lua
+++ b/app/acf-util/roles-controller.lua
@@ -36,11 +36,11 @@ end
 
 -- Return list of all permissions
 getpermslist = function(self)
-	return cfe({ type="group", value={permissions=self.model.get_perms_list()} })
+	return cfe({ type="group", value={permissions=self.model.get_perms_list(self)} })
 end
 
 viewroles = function(self)
-	return self.model.view_roles()
+	return self.model.view_roles(self)
 end
 
 newrole = function(self)
@@ -58,5 +58,5 @@ editrole = function(self)
 end
 
 deleterole = function(self)
-	return self:redirect_to_referrer(self.model.delete_role(self.clientdata.role))
+	return self:redirect_to_referrer(self.model.delete_role(self, self.clientdata.role))
 end
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index 9149ba2..bdfe20d 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -34,22 +34,22 @@ end
 -- Return roles/permissions for specified user
 get_user_roles = function(self, userid)
 	rls = cfe({ type="list", value=authenticator.get_userinfo_roles(self, userid).value, label="Roles" })
-	permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" })
+	permissions = cfe({ type="table", value=roles.get_roles_perm(self, rls.value), label="Permissions" })
 	return cfe({ type="group", value={roles=rls, permissions=permissions} })
 end
 
 -- Return permissions for specified role
 get_role_perms = function(self, role)
-	return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" })
+	return cfe({ type="table", value=roles.get_role_perm(self, role), label="Permissions" })
 end
 	
 -- Return list of all permissions
-get_perms_list = function()
+get_perms_list = function(self)
 	return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
 end
 
-view_roles = function()
-	local defined_roles, default_roles = roles.list_roles()
+view_roles = function(self)
+	local defined_roles, default_roles = roles.list_roles(self)
 	local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
 	local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
 
@@ -60,7 +60,7 @@ getpermissions = function(self, role)
 	local my_perms = {}
 
 	if role then
-		tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
+		tmp, my_perms = roles.get_role_perm(self, role)
 		my_perms = my_perms or {}
 	else
 		role = ""
@@ -80,7 +80,7 @@ setpermissions = function(self, permissions, newrole)
 	local result = true
 	if newrole then
 		-- make sure not overwriting role
-		local defined_roles, default_roles = roles.list_roles()
+		local defined_roles, default_roles = roles.list_roles(self)
 		local reverseroles = {}
 		for i,role in ipairs(defined_roles) do reverseroles[role] = i end
 		for i,role in ipairs(default_roles) do reverseroles[role] = i end
@@ -92,7 +92,7 @@ setpermissions = function(self, permissions, newrole)
 	end
 	-- Try to set the value
 	if result==true then
-		result, permissions.value.role.errtxt = roles.set_role_perm(permissions.value.role.value, nil, permissions.value.permissions.value)
+		result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissions.value.permissions.value)
 		if not result then
 			permissions.errtxt = "Failed to save role"
 		end
@@ -101,7 +101,7 @@ setpermissions = function(self, permissions, newrole)
 	return permissions
 end
 
-delete_role = function(role)
-	local result, cmdresult = roles.delete_role(role)
+delete_role = function(self, role)
+	local result, cmdresult = roles.delete_role(self, role)
 	return cfe({ value=cmdresult })
 end
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua
index 3329830..b00953e 100644
--- a/app/acf_www-controller.lua
+++ b/app/acf_www-controller.lua
@@ -23,7 +23,7 @@ local function build_menus(self)
 	if self.sessiondata.userinfo and self.sessiondata.userinfo.roles then
 		roles = self.sessiondata.userinfo.roles
 	end
-	local permissions = roll.get_roles_perm(self.conf.appdir,roles)
+	local permissions = roll.get_roles_perm(self,roles)
 	self.sessiondata.permissions = permissions
 	
 	--Build the menu
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index aa3e2e3..e90520d 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -9,8 +9,23 @@ create a different file for each field.
 
 module (..., package.seeall)
 
+list_fields = function(self, tabl)
+	if not self or not tabl or tabl == "" then
+		return {}
+	end
+
+	local fields = {}
+	for file in fs.find(".*"..tabl, self.conf.confdir) do
+		local field = string.match(file, "([^/]*)"..tabl.."$") or ""
+		if fs.is_file(file) and field ~= "" then
+			fields[#fields + 1] = field
+		end
+	end
+	return fields
+end
+
 read_field = function(self, tabl, field)
-	if not tabl or tabl == "" or not field then
+	if not self or not tabl or tabl == "" or not field then
 		return nil
 	end
 
@@ -34,7 +49,7 @@ read_field = function(self, tabl, field)
 end
 
 delete_field = function(self, tabl, field)
-	if not tabl or tabl == "" or not field then
+	if not self or not tabl or tabl == "" or not field then
 		return false
 	end
 	local passwd_path = self.conf.confdir .. field .. tabl
@@ -95,5 +110,13 @@ delete_entry = function (self, tabl, field, id)
 		fs.write_file(passwd_path, table.concat(output,"\n"))
 	end
 
+	-- If deleting the main field, delete all other fields also
+	if field == "" then
+		local fields = list_fields(self, tabl)
+		for i,fld in ipairs(fields) do
+			delete_entry(self, tabl, fld, id)
+		end
+	end
+
 	return result
 end
diff --git a/lib/authenticator.lua b/lib/authenticator.lua
index 4af5e45..857703c 100644
--- a/lib/authenticator.lua
+++ b/lib/authenticator.lua
@@ -170,7 +170,7 @@ get_userinfo_roles = function(self, userid)
 	end
 	local rol = require("roles")
 	if rol then
-		local avail_roles = rol.list_all_roles()
+		local avail_roles = rol.list_all_roles(self)
 		for x,role in ipairs(avail_roles) do
 			if role=="ALL" then
 				table.remove(avail_roles,x)
@@ -251,6 +251,14 @@ delete_user = function (self, userid)
 	return cfe({ value=cmdresult, label="Delete user result" })
 end
 
+list_userfields = function(self)
+	load_auth(self)
+	if auth then
+		return auth.list_fields(self, passwdtable)
+	end
+	return nil
+end
+
 read_userfield = function(self, name)
 	load_auth(self)
 	if auth and name ~= "" then
@@ -291,6 +299,14 @@ delete_userentry = function (self, name, userid)
 	return false
 end
 
+list_rolefields = function(self)
+	load_auth(self)
+	if auth then
+		return auth.list_fields(self, roletable)
+	end
+	return nil
+end
+
 read_rolefield = function(self, name)
 	load_auth(self)
 	if auth then
diff --git a/lib/roles.lua b/lib/roles.lua
index b90ecea..1ac4ae9 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -1,6 +1,6 @@
 --this module is for authorization help and group/role management
 
-
+require ("authenticator")
 require ("posix")
 require ("fs")
 require ("format")
@@ -87,7 +87,7 @@ list_default_roles = function()
 	return default_roles
 end
 
-list_roles = function()
+list_roles = function(self)
 	local defined_roles = {}
 	local reverseroles = {}
 	for x,role in ipairs(default_roles) do
@@ -106,8 +106,8 @@ list_roles = function()
 	return defined_roles, default_roles
 end
 
-list_all_roles = function()
-	local defined_roles, default_roles = list_roles()
+list_all_roles = function(self)
+	local defined_roles, default_roles = list_roles(self)
 	for x,role in ipairs(defined_roles) do
 		default_roles[#default_roles + 1] = role
 	end
@@ -115,12 +115,12 @@ list_all_roles = function()
 end	
 
 -- Go through the roles files and determine the permissions for the specified roles
-get_roles_perm = function(startdir,roles)
+get_roles_perm = function(self,roles)
 	permissions = {}
 	permissions_array = {}
 
 	-- find all of the roles files and add in the master file
-	local rolesfiles = get_roles_candidates(startdir)
+	local rolesfiles = get_roles_candidates(self.conf.appdir)
 	rolesfiles[#rolesfiles + 1]  = roles_file
 
 	local reverseroles = {}
@@ -154,12 +154,12 @@ get_roles_perm = function(startdir,roles)
 end
 
 -- Go through the roles files and determine the permissions for the specified role
-get_role_perm = function(startdir,role)
+get_role_perm = function(self,role)
 	permissions = {}
 	permissions_array = {}
 
 	-- find all of the roles files and add in the master file
-	local rolesfiles = get_roles_candidates(startdir)
+	local rolesfiles = get_roles_candidates(self.conf.appdir)
 	rolesfiles[#rolesfiles + 1]  = roles_file
 
 	for x,file in ipairs(rolesfiles) do
@@ -187,7 +187,7 @@ get_role_perm = function(startdir,role)
 end
 
 -- Delete a role from role file
-delete_role = function(role)
+delete_role = function(self, role)
 	for x,ro in ipairs(default_roles) do
 		if role==ro then
 			return false, "Cannot delete default roles"
@@ -208,13 +208,18 @@ delete_role = function(role)
 
 	if result == true then
 		fs.write_file(roles_file, table.concat(output,"\n"))
+		-- also need to delete any other roles fields for this role
+		local fields = authenticator.list_rolefields(self) or {}
+		for x,field in ipairs(fields) do
+			authenticator.delete_roleentry(self, field, role)
+		end
 	end
 
 	return result, cmdresult
 end
 
 -- Set permissions for a role in role file
-set_role_perm = function(role, permissions, permissions_array)
+set_role_perm = function(self, role, permissions, permissions_array)
 	if role==nil or role=="" then
 		return false, "Invalid Role"
 	end
@@ -238,7 +243,7 @@ set_role_perm = function(role, permissions, permissions_array)
 		return false, "No permissions set"
 	end
 
-	delete_role(role)
+	delete_role(self, role)
 	fs.write_line_file(roles_file, role .. "=" .. table.concat(permissions_array,","))
 	return true
 end