summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2008-08-16 15:21:41 +0000
committerTed Trask <ttrask01@yahoo.com>2008-08-16 15:21:41 +0000
commit29de360eb486521a4e65d6e1452a8c623201c945 (patch)
tree9dc5a39aa85b0a9a5a211d43b104633d35b51d87
parente552a644c3930f4bffe2ff17c331c0a035d02531 (diff)
downloadacf-core-29de360eb486521a4e65d6e1452a8c623201c945.tar.bz2
acf-core-29de360eb486521a4e65d6e1452a8c623201c945.tar.xz
Modified roles and authenticator to delete all data fields when deleting a role or user. Modified all roles code to pass self for future move from text file to database. Roles cannot use authenticator unless or until roles file syntax is changed.
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1382 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r--app/acf-util/roles-controller.lua6
-rw-r--r--app/acf-util/roles-model.lua20
-rw-r--r--app/acf_www-controller.lua2
-rw-r--r--lib/authenticator-plaintext.lua27
-rw-r--r--lib/authenticator.lua18
-rw-r--r--lib/roles.lua27
6 files changed, 72 insertions, 28 deletions
diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua
index 8b6717e..91d4d9c 100644
--- a/app/acf-util/roles-controller.lua
+++ b/app/acf-util/roles-controller.lua
@@ -36,11 +36,11 @@ end
-- Return list of all permissions
getpermslist = function(self)
- return cfe({ type="group", value={permissions=self.model.get_perms_list()} })
+ return cfe({ type="group", value={permissions=self.model.get_perms_list(self)} })
end
viewroles = function(self)
- return self.model.view_roles()
+ return self.model.view_roles(self)
end
newrole = function(self)
@@ -58,5 +58,5 @@ editrole = function(self)
end
deleterole = function(self)
- return self:redirect_to_referrer(self.model.delete_role(self.clientdata.role))
+ return self:redirect_to_referrer(self.model.delete_role(self, self.clientdata.role))
end
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index 9149ba2..bdfe20d 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -34,22 +34,22 @@ end
-- Return roles/permissions for specified user
get_user_roles = function(self, userid)
rls = cfe({ type="list", value=authenticator.get_userinfo_roles(self, userid).value, label="Roles" })
- permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" })
+ permissions = cfe({ type="table", value=roles.get_roles_perm(self, rls.value), label="Permissions" })
return cfe({ type="group", value={roles=rls, permissions=permissions} })
end
-- Return permissions for specified role
get_role_perms = function(self, role)
- return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" })
+ return cfe({ type="table", value=roles.get_role_perm(self, role), label="Permissions" })
end
-- Return list of all permissions
-get_perms_list = function()
+get_perms_list = function(self)
return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
end
-view_roles = function()
- local defined_roles, default_roles = roles.list_roles()
+view_roles = function(self)
+ local defined_roles, default_roles = roles.list_roles(self)
local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
@@ -60,7 +60,7 @@ getpermissions = function(self, role)
local my_perms = {}
if role then
- tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
+ tmp, my_perms = roles.get_role_perm(self, role)
my_perms = my_perms or {}
else
role = ""
@@ -80,7 +80,7 @@ setpermissions = function(self, permissions, newrole)
local result = true
if newrole then
-- make sure not overwriting role
- local defined_roles, default_roles = roles.list_roles()
+ local defined_roles, default_roles = roles.list_roles(self)
local reverseroles = {}
for i,role in ipairs(defined_roles) do reverseroles[role] = i end
for i,role in ipairs(default_roles) do reverseroles[role] = i end
@@ -92,7 +92,7 @@ setpermissions = function(self, permissions, newrole)
end
-- Try to set the value
if result==true then
- result, permissions.value.role.errtxt = roles.set_role_perm(permissions.value.role.value, nil, permissions.value.permissions.value)
+ result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissions.value.permissions.value)
if not result then
permissions.errtxt = "Failed to save role"
end
@@ -101,7 +101,7 @@ setpermissions = function(self, permissions, newrole)
return permissions
end
-delete_role = function(role)
- local result, cmdresult = roles.delete_role(role)
+delete_role = function(self, role)
+ local result, cmdresult = roles.delete_role(self, role)
return cfe({ value=cmdresult })
end
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua
index 3329830..b00953e 100644
--- a/app/acf_www-controller.lua
+++ b/app/acf_www-controller.lua
@@ -23,7 +23,7 @@ local function build_menus(self)
if self.sessiondata.userinfo and self.sessiondata.userinfo.roles then
roles = self.sessiondata.userinfo.roles
end
- local permissions = roll.get_roles_perm(self.conf.appdir,roles)
+ local permissions = roll.get_roles_perm(self,roles)
self.sessiondata.permissions = permissions
--Build the menu
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index aa3e2e3..e90520d 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -9,8 +9,23 @@ create a different file for each field.
module (..., package.seeall)
+list_fields = function(self, tabl)
+ if not self or not tabl or tabl == "" then
+ return {}
+ end
+
+ local fields = {}
+ for file in fs.find(".*"..tabl, self.conf.confdir) do
+ local field = string.match(file, "([^/]*)"..tabl.."$") or ""
+ if fs.is_file(file) and field ~= "" then
+ fields[#fields + 1] = field
+ end
+ end
+ return fields
+end
+
read_field = function(self, tabl, field)
- if not tabl or tabl == "" or not field then
+ if not self or not tabl or tabl == "" or not field then
return nil
end
@@ -34,7 +49,7 @@ read_field = function(self, tabl, field)
end
delete_field = function(self, tabl, field)
- if not tabl or tabl == "" or not field then
+ if not self or not tabl or tabl == "" or not field then
return false
end
local passwd_path = self.conf.confdir .. field .. tabl
@@ -95,5 +110,13 @@ delete_entry = function (self, tabl, field, id)
fs.write_file(passwd_path, table.concat(output,"\n"))
end
+ -- If deleting the main field, delete all other fields also
+ if field == "" then
+ local fields = list_fields(self, tabl)
+ for i,fld in ipairs(fields) do
+ delete_entry(self, tabl, fld, id)
+ end
+ end
+
return result
end
diff --git a/lib/authenticator.lua b/lib/authenticator.lua
index 4af5e45..857703c 100644
--- a/lib/authenticator.lua
+++ b/lib/authenticator.lua
@@ -170,7 +170,7 @@ get_userinfo_roles = function(self, userid)
end
local rol = require("roles")
if rol then
- local avail_roles = rol.list_all_roles()
+ local avail_roles = rol.list_all_roles(self)
for x,role in ipairs(avail_roles) do
if role=="ALL" then
table.remove(avail_roles,x)
@@ -251,6 +251,14 @@ delete_user = function (self, userid)
return cfe({ value=cmdresult, label="Delete user result" })
end
+list_userfields = function(self)
+ load_auth(self)
+ if auth then
+ return auth.list_fields(self, passwdtable)
+ end
+ return nil
+end
+
read_userfield = function(self, name)
load_auth(self)
if auth and name ~= "" then
@@ -291,6 +299,14 @@ delete_userentry = function (self, name, userid)
return false
end
+list_rolefields = function(self)
+ load_auth(self)
+ if auth then
+ return auth.list_fields(self, roletable)
+ end
+ return nil
+end
+
read_rolefield = function(self, name)
load_auth(self)
if auth then
diff --git a/lib/roles.lua b/lib/roles.lua
index b90ecea..1ac4ae9 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -1,6 +1,6 @@
--this module is for authorization help and group/role management
-
+require ("authenticator")
require ("posix")
require ("fs")
require ("format")
@@ -87,7 +87,7 @@ list_default_roles = function()
return default_roles
end
-list_roles = function()
+list_roles = function(self)
local defined_roles = {}
local reverseroles = {}
for x,role in ipairs(default_roles) do
@@ -106,8 +106,8 @@ list_roles = function()
return defined_roles, default_roles
end
-list_all_roles = function()
- local defined_roles, default_roles = list_roles()
+list_all_roles = function(self)
+ local defined_roles, default_roles = list_roles(self)
for x,role in ipairs(defined_roles) do
default_roles[#default_roles + 1] = role
end
@@ -115,12 +115,12 @@ list_all_roles = function()
end
-- Go through the roles files and determine the permissions for the specified roles
-get_roles_perm = function(startdir,roles)
+get_roles_perm = function(self,roles)
permissions = {}
permissions_array = {}
-- find all of the roles files and add in the master file
- local rolesfiles = get_roles_candidates(startdir)
+ local rolesfiles = get_roles_candidates(self.conf.appdir)
rolesfiles[#rolesfiles + 1] = roles_file
local reverseroles = {}
@@ -154,12 +154,12 @@ get_roles_perm = function(startdir,roles)
end
-- Go through the roles files and determine the permissions for the specified role
-get_role_perm = function(startdir,role)
+get_role_perm = function(self,role)
permissions = {}
permissions_array = {}
-- find all of the roles files and add in the master file
- local rolesfiles = get_roles_candidates(startdir)
+ local rolesfiles = get_roles_candidates(self.conf.appdir)
rolesfiles[#rolesfiles + 1] = roles_file
for x,file in ipairs(rolesfiles) do
@@ -187,7 +187,7 @@ get_role_perm = function(startdir,role)
end
-- Delete a role from role file
-delete_role = function(role)
+delete_role = function(self, role)
for x,ro in ipairs(default_roles) do
if role==ro then
return false, "Cannot delete default roles"
@@ -208,13 +208,18 @@ delete_role = function(role)
if result == true then
fs.write_file(roles_file, table.concat(output,"\n"))
+ -- also need to delete any other roles fields for this role
+ local fields = authenticator.list_rolefields(self) or {}
+ for x,field in ipairs(fields) do
+ authenticator.delete_roleentry(self, field, role)
+ end
end
return result, cmdresult
end
-- Set permissions for a role in role file
-set_role_perm = function(role, permissions, permissions_array)
+set_role_perm = function(self, role, permissions, permissions_array)
if role==nil or role=="" then
return false, "Invalid Role"
end
@@ -238,7 +243,7 @@ set_role_perm = function(role, permissions, permissions_array)
return false, "No permissions set"
end
- delete_role(role)
+ delete_role(self, role)
fs.write_line_file(roles_file, role .. "=" .. table.concat(permissions_array,","))
return true
end