Finished user and role management

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1100 ab2d0c66-481e-0410-8bed-d214d4d58bed

9 files changed, 112 insertions, 108 deletions

diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp
index b7c9b05..f544884 100755
--- a/app/acf-util/password-status-html.lsp
+++ b/app/acf-util/password-status-html.lsp
@@ -31,6 +31,7 @@ io.write("</span>")
 			<TD>
 			[<A HREF='edituser?userid=<?= name ?>'>Edit this account</A>]
 			[<A HREF='deleteuser?userid=<?= name ?>'>Delete this account</A>]
+			[<A HREF='<?= ENV.SCRIPT_NAME ?>/acf-util/roles/viewuserroles?userid=<?= name ?>'>View roles for this account</A>]
 			</TD>
 		</TR>
 	</TABLE></DD>
diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua
index 1d69b8b..aa3e6bd 100644
--- a/app/acf-util/roles-controller.lua
+++ b/app/acf-util/roles-controller.lua
@@ -2,28 +2,6 @@
 
 module (..., package.seeall)
 
-auth = require("authenticator-plaintext")
-roll = require("roles")
-
-local get_all_permissions = function(self)
-	-- need to get a list of all the controllers
-	controllers = roles.get_controllers(self)
-	local table_perm = {}
-	local array_perm = {}
-	for a,b in pairs(controllers) do
-		if nil == table_perm[b.sname] then
-			table_perm[b.sname] = {}
-		end
-		temp = roles.get_controllers_func(self,b)
-		for x,y in ipairs(temp) do
-			table_perm[b.sname][y] = {}
-			array_perm[#array_perm + 1] = b.sname .. ":" .. y
-		end
-	end
-
-	return table_perm, array_perm
-end
-
 default_action = "read"
 
 -- Return your own roles/permissions
@@ -40,9 +18,9 @@ viewuserroles = function(self)
 		redirect(self)
 	end
 	userid = cfe({ value=self.clientdata.userid, label="User Id" })
-	roles = cfe({ type="list", value=auth.get_userinfo_roles(self, userid.value), label="Roles" })
-	permissions = cfe({ type="table", value=roll.get_roles_perm(self.conf.appdir, roles.value), label="Permissions" })
-	return cfe({ type="group", value={userid=userid, roles=roles, permissions=permissions} })
+	roles = self.model.get_user_roles(self, userid.value)
+	roles.value.userid = userid
+	return roles
 end
 
 -- Return permissions for specified role
@@ -51,14 +29,13 @@ viewroleperms = function(self)
 		redirect(self, "getlist")
 	end
 	role = cfe({ value=self.clientdata.role, label="Role" })
-	permissions = cfe({ type="table", value=roll.get_role_perm(self.conf.appdir, role.value), label="Permissions" })
+	permissions = self.model.get_role_perms(self, role.value)
 	return cfe({ type="group", value={role=role, permissions=permissions} })
 end
 
 -- Return list of all permissions
 getpermslist = function(self)
-	permissions = cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
-	return cfe({ type="group", value={permissions=permissions} })
+	return cfe({ type="group", value={permissions=self.model.get_perms_list()} })
 end
 
 viewroles = function(self)
@@ -66,52 +43,14 @@ viewroles = function(self)
 	local cmdresult = self.sessiondata.cmdresult
 	self.sessiondata.cmdresult = nil
 
-	local defined_roles, default_roles = roll.list_roles()
-	local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
-	local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
-
-	return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe, cmdresult=cmdresult} })
-end
-
-local setpermissions = function(self, role, permissions, newrole)
-	local errtxt
-	local my_perms = {}
-	if permissions then
-		-- we're changing permissions
-		local result = true
-		if newrole then
-			-- make sure not overwriting role
-			for x,ro in ipairs(roles.list_roles()) do
-				if role==ro then
-					result = false
-					errtxt = "Role already exists"
-					break
-				end
-			end
-		end
-		if result==true then
-			result, errtxt = roles.set_role_perm(role, nil, permissions)
-		end
-		my_perms = self.clientdata.permissions
-	else
-		if role then
-			tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
-		else
-			role = ""
-		end
-	end
-
-	local tmp, all_perms = get_all_permissions(self)
-	table.sort(all_perms)
-	
-	local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" })
-	local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt })
+	local roles = self.model.view_roles()
+	roles.value.cmdresult = cmdresult
 
-	return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} })
+	return roles
 end
 
 newrole = function(self)
-	local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, true)
+	local form = self.model.setpermissions(self, self.clientdata.role, self.clientdata.permissions, true)
 	form.type = "form"
 	form.label = "Edit new role"
 	if form.value.role.errtxt then
@@ -126,7 +65,7 @@ newrole = function(self)
 end
 
 editrole = function(self)
-	local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, false)
+	local form = self.model.setpermissions(self, self.clientdata.role, self.clientdata.permissions, false)
 	form.type = "form"
 	form.label = "Edit role"
 	if form.value.role.errtxt then
@@ -141,7 +80,6 @@ editrole = function(self)
 end
 
 deleterole = function(self)
-	local result, cmdresult = roles.delete_role(self.clientdata.role)
-	self.sessiondata.cmdresult = cfe({ value=cmdresult })
+	self.sessiondata.cmdresult = self.model.delete_role(self.clientdata.role)
 	redirect(self, "viewroles")
 end
diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp
index bf42f28..d96ac56 100644
--- a/app/acf-util/roles-editrole-html.lsp
+++ b/app/acf-util/roles-editrole-html.lsp
@@ -11,7 +11,7 @@
 	form.action = ""
 	form.submit = "Save"
 	-- If editing existing role, disable role
-	if form.value.role and "GET" == ENV["REQUEST_METHOD"] then
+	if nil == string.find(ENV.PATH_INFO, "/newrole") then
 		form.value.role.contenteditable = false
 	end
 	local order = { "role", "permissions" }
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index b6e95fd..4fe3cbf 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -1,20 +1,91 @@
--- Roles/Group  model functions
-
-require ("roles")
-
+-- Roles/Group functions
 module (..., package.seeall)
 
-getcont = function(self)
-	--need to get a list of all the controllers
+auth = require("authenticator-plaintext")
+require("roles")
+
+local get_all_permissions = function(self)
+	-- need to get a list of all the controllers
 	controllers = roles.get_controllers(self)
-	local table_m = {}
+	local table_perm = {}
+	local array_perm = {}
 	for a,b in pairs(controllers) do
-		table_m[b.sname] = {}
+		if nil == table_perm[b.sname] then
+			table_perm[b.sname] = {}
+		end
 		temp = roles.get_controllers_func(self,b)
 		for x,y in ipairs(temp) do
-			table_m[b.sname][y] = {}
+			table_perm[b.sname][y] = {}
+			array_perm[#array_perm + 1] = b.sname .. ":" .. y
+		end
+	end
+
+	return table_perm, array_perm
+end
+
+-- Return roles/permissions for specified user
+get_user_roles = function(self, userid)
+	rls = cfe({ type="list", value=auth.get_userinfo_roles(self, userid), label="Roles" })
+	permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" })
+	return cfe({ type="group", value={roles=rls, permissions=permissions} })
+end
+
+-- Return permissions for specified role
+get_role_perms = function(self, role)
+	return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" })
+end
+	
+-- Return list of all permissions
+get_perms_list = function()
+	return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
+end
+
+view_roles = function()
+	local defined_roles, default_roles = roles.list_roles()
+	local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
+	local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
+
+	return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe} })
+end
+
+setpermissions = function(self, role, permissions, newrole)
+	local errtxt
+	local my_perms = {}
+	if permissions then
+		-- we're changing permissions
+		local result = true
+		if newrole then
+			-- make sure not overwriting role
+			for x,ro in ipairs(roles.list_roles()) do
+				if role==ro then
+					result = false
+					errtxt = "Role already exists"
+					break
+				end
+			end
+		end
+		if result==true then
+			result, errtxt = roles.set_role_perm(role, nil, permissions)
+		end
+		my_perms = self.clientdata.permissions
+	else
+		if role then
+			tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
+		else
+			role = ""
 		end
 	end
 
-	return cfe({ type="table", value=table_m, label="All permissions" })
+	local tmp, all_perms = get_all_permissions(self)
+	table.sort(all_perms)
+	
+	local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" })
+	local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt })
+
+	return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} })
+end
+
+delete_role = function(role)
+	local result, cmdresult = roles.delete_role(role)
+	return cfe({ value=cmdresult })
 end
diff --git a/app/acf-util/roles-newrole-html.lsp b/app/acf-util/roles-newrole-html.lsp
index bf42f28..7de6181 100644
--- a/app/acf-util/roles-newrole-html.lsp
+++ b/app/acf-util/roles-newrole-html.lsp
@@ -1,20 +1,5 @@
-<? local form= ... ?> 
-<? --[[
-	io.write(html.cfe_unpack(form))
-	io.write(html.cfe_unpack(FORM))
+<? ---[[
+-- FIXME - this is temp until symlinks are fixed
+local funk = haserl.loadfile("/usr/share/acf/app/acf-util/roles-editrole-html.lsp")
+funk(...)
 --]] ?>
-
-<? ---[[ ?>
-<H1><?= form.label ?></H1>
-<?
-	require("viewfunctions")
-	form.action = ""
-	form.submit = "Save"
-	-- If editing existing role, disable role
-	if form.value.role and "GET" == ENV["REQUEST_METHOD"] then
-		form.value.role.contenteditable = false
-	end
-	local order = { "role", "permissions" }
-	displayform(form, order)
-?>
-<? --]] ?>
diff --git a/app/acf-util/roles.menu b/app/acf-util/roles.menu
index 7bcca30..d72e8df 100755
--- a/app/acf-util/roles.menu
+++ b/app/acf-util/roles.menu
@@ -1,4 +1,4 @@
 #CAT  		GROUP/DESC		TAB		ACTION
 System		02Roles_management		Administration	viewroles
 System		02Roles_management		My_Roles	read
-
+System		02Roles_management		Permissions_List	getpermslist
diff --git a/app/welcome-html.lsp b/app/welcome-html.lsp
index 6996fb0..4cf01d9 100644
--- a/app/welcome-html.lsp
+++ b/app/welcome-html.lsp
@@ -2,4 +2,8 @@
 <h1>Alpine Configuration Framework</h1>
 <p>Welcome.</p>
 
-<? -- io.write(html.cfe_unpack(view)) ?>
+<? --[[
+	io.write(html.cfe_unpack(view))
+	io.write(html.cfe_unpack(FORM))
+	io.write(html.cfe_unpack(ENV))
+--]] ?>
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index 6c4cbbd..613eaab 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -88,6 +88,8 @@ local validate_settings = function (self, userid, username, password, password_c
 
 	-- Set errormessages when entering invalid values
 	if (#userid == 0) then errormessage.userid = "You need to enter a valid userid!" end
+	if string.find(userid, "[^%w_]") then errormessage.userid = "Userid can only contain letters, numbers, and '_'" end
+	if string.find(username, "%p") then errormessage.username = "Real name cannot contain punctuation" end
 	if password then
 		if (#password == 0) then
 			errormessage.password = "Password cannot be blank!"
diff --git a/lib/roles.lua b/lib/roles.lua
index 53409c0..201e2a9 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -88,7 +88,7 @@ list_roles = function()
 	-- Open the roles file and parse for defined roles
 	f = fs.read_file_as_array(roles_file)
 	for x,line in pairs(f) do
-		temprole = string.match(line,"^[%a]+")
+		temprole = string.match(line,"^[%w_]+")
 		if not reverseroles[temprole] then
 			defined_roles[#defined_roles + 1] = temprole
 		end
@@ -123,7 +123,7 @@ get_roles_perm = function(startdir,roles)
 	for x,file in ipairs(rolesfiles) do
 		f = fs.read_file_as_array(file)
 		for y,line in pairs(f) do
-			if reverseroles[string.match(line,"^[%a]+")] then
+			if reverseroles[string.match(line,"^[%w_]+")] then
 				temp = format.string_to_table(string.match(line,"[,%a:]+$"),",")
 				for z,perm in pairs(temp) do
 					local control,action = string.match(perm,"(%a+):(%a+)")
@@ -156,7 +156,7 @@ get_role_perm = function(startdir,role)
 	for x,file in ipairs(rolesfiles) do
 		f = fs.read_file_as_array(file)
 		for y,line in pairs(f) do
-			if role == string.match(line,"^[%a]+") then
+			if role == string.match(line,"^[%w_]+") then
 				temp = format.string_to_table(string.match(line,"[,%a:]+$"),",")
 				for z,perm in pairs(temp) do
 					local control,action = string.match(perm,"(%a+):(%a+)")
@@ -214,6 +214,9 @@ set_role_perm = function(role, permissions, permissions_array)
 			return false, "Cannot modify default roles"
 		end
 	end
+	if string.find(role, '[^%w_]') then
+		return false, "Role can only contain letters, numbers, and '_'"
+	end
 	if permissions and not permissions_array then
 		permissions_array = {}
 		for cont,actions in pairs(permissions) do