diff options
author | Ted Trask <ttrask01@yahoo.com> | 2008-05-05 14:41:54 +0000 |
---|---|---|
committer | Ted Trask <ttrask01@yahoo.com> | 2008-05-05 14:41:54 +0000 |
commit | 76a118d4fe2f180badaff69dac8c6c46df991663 (patch) | |
tree | 3082be685448011e47c37d21aa5f8a1865c5164e | |
parent | 3eecd1d2d435332a27e1712cdb352391ffaa0b9d (diff) | |
download | acf-core-76a118d4fe2f180badaff69dac8c6c46df991663.tar.bz2 acf-core-76a118d4fe2f180badaff69dac8c6c46df991663.tar.xz |
Finished user and role management
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1100 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rwxr-xr-x | app/acf-util/password-status-html.lsp | 1 | ||||
-rw-r--r-- | app/acf-util/roles-controller.lua | 84 | ||||
-rw-r--r-- | app/acf-util/roles-editrole-html.lsp | 2 | ||||
-rw-r--r-- | app/acf-util/roles-model.lua | 91 | ||||
-rw-r--r-- | app/acf-util/roles-newrole-html.lsp | 23 | ||||
-rwxr-xr-x | app/acf-util/roles.menu | 2 | ||||
-rw-r--r-- | app/welcome-html.lsp | 6 | ||||
-rw-r--r-- | lib/authenticator-plaintext.lua | 2 | ||||
-rw-r--r-- | lib/roles.lua | 9 |
9 files changed, 112 insertions, 108 deletions
diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp index b7c9b05..f544884 100755 --- a/app/acf-util/password-status-html.lsp +++ b/app/acf-util/password-status-html.lsp @@ -31,6 +31,7 @@ io.write("</span>") <TD> [<A HREF='edituser?userid=<?= name ?>'>Edit this account</A>] [<A HREF='deleteuser?userid=<?= name ?>'>Delete this account</A>] + [<A HREF='<?= ENV.SCRIPT_NAME ?>/acf-util/roles/viewuserroles?userid=<?= name ?>'>View roles for this account</A>] </TD> </TR> </TABLE></DD> diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua index 1d69b8b..aa3e6bd 100644 --- a/app/acf-util/roles-controller.lua +++ b/app/acf-util/roles-controller.lua @@ -2,28 +2,6 @@ module (..., package.seeall) -auth = require("authenticator-plaintext") -roll = require("roles") - -local get_all_permissions = function(self) - -- need to get a list of all the controllers - controllers = roles.get_controllers(self) - local table_perm = {} - local array_perm = {} - for a,b in pairs(controllers) do - if nil == table_perm[b.sname] then - table_perm[b.sname] = {} - end - temp = roles.get_controllers_func(self,b) - for x,y in ipairs(temp) do - table_perm[b.sname][y] = {} - array_perm[#array_perm + 1] = b.sname .. ":" .. y - end - end - - return table_perm, array_perm -end - default_action = "read" -- Return your own roles/permissions @@ -40,9 +18,9 @@ viewuserroles = function(self) redirect(self) end userid = cfe({ value=self.clientdata.userid, label="User Id" }) - roles = cfe({ type="list", value=auth.get_userinfo_roles(self, userid.value), label="Roles" }) - permissions = cfe({ type="table", value=roll.get_roles_perm(self.conf.appdir, roles.value), label="Permissions" }) - return cfe({ type="group", value={userid=userid, roles=roles, permissions=permissions} }) + roles = self.model.get_user_roles(self, userid.value) + roles.value.userid = userid + return roles end -- Return permissions for specified role @@ -51,14 +29,13 @@ viewroleperms = function(self) redirect(self, "getlist") end role = cfe({ value=self.clientdata.role, label="Role" }) - permissions = cfe({ type="table", value=roll.get_role_perm(self.conf.appdir, role.value), label="Permissions" }) + permissions = self.model.get_role_perms(self, role.value) return cfe({ type="group", value={role=role, permissions=permissions} }) end -- Return list of all permissions getpermslist = function(self) - permissions = cfe({ type="table", value=get_all_permissions(self), label="All Permissions" }) - return cfe({ type="group", value={permissions=permissions} }) + return cfe({ type="group", value={permissions=self.model.get_perms_list()} }) end viewroles = function(self) @@ -66,52 +43,14 @@ viewroles = function(self) local cmdresult = self.sessiondata.cmdresult self.sessiondata.cmdresult = nil - local defined_roles, default_roles = roll.list_roles() - local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" }) - local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" }) - - return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe, cmdresult=cmdresult} }) -end - -local setpermissions = function(self, role, permissions, newrole) - local errtxt - local my_perms = {} - if permissions then - -- we're changing permissions - local result = true - if newrole then - -- make sure not overwriting role - for x,ro in ipairs(roles.list_roles()) do - if role==ro then - result = false - errtxt = "Role already exists" - break - end - end - end - if result==true then - result, errtxt = roles.set_role_perm(role, nil, permissions) - end - my_perms = self.clientdata.permissions - else - if role then - tmp, my_perms = roles.get_role_perm(self.conf.appdir, role) - else - role = "" - end - end - - local tmp, all_perms = get_all_permissions(self) - table.sort(all_perms) - - local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" }) - local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt }) + local roles = self.model.view_roles() + roles.value.cmdresult = cmdresult - return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} }) + return roles end newrole = function(self) - local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, true) + local form = self.model.setpermissions(self, self.clientdata.role, self.clientdata.permissions, true) form.type = "form" form.label = "Edit new role" if form.value.role.errtxt then @@ -126,7 +65,7 @@ newrole = function(self) end editrole = function(self) - local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, false) + local form = self.model.setpermissions(self, self.clientdata.role, self.clientdata.permissions, false) form.type = "form" form.label = "Edit role" if form.value.role.errtxt then @@ -141,7 +80,6 @@ editrole = function(self) end deleterole = function(self) - local result, cmdresult = roles.delete_role(self.clientdata.role) - self.sessiondata.cmdresult = cfe({ value=cmdresult }) + self.sessiondata.cmdresult = self.model.delete_role(self.clientdata.role) redirect(self, "viewroles") end diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp index bf42f28..d96ac56 100644 --- a/app/acf-util/roles-editrole-html.lsp +++ b/app/acf-util/roles-editrole-html.lsp @@ -11,7 +11,7 @@ form.action = "" form.submit = "Save" -- If editing existing role, disable role - if form.value.role and "GET" == ENV["REQUEST_METHOD"] then + if nil == string.find(ENV.PATH_INFO, "/newrole") then form.value.role.contenteditable = false end local order = { "role", "permissions" } diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index b6e95fd..4fe3cbf 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -1,20 +1,91 @@ --- Roles/Group model functions - -require ("roles") - +-- Roles/Group functions module (..., package.seeall) -getcont = function(self) - --need to get a list of all the controllers +auth = require("authenticator-plaintext") +require("roles") + +local get_all_permissions = function(self) + -- need to get a list of all the controllers controllers = roles.get_controllers(self) - local table_m = {} + local table_perm = {} + local array_perm = {} for a,b in pairs(controllers) do - table_m[b.sname] = {} + if nil == table_perm[b.sname] then + table_perm[b.sname] = {} + end temp = roles.get_controllers_func(self,b) for x,y in ipairs(temp) do - table_m[b.sname][y] = {} + table_perm[b.sname][y] = {} + array_perm[#array_perm + 1] = b.sname .. ":" .. y + end + end + + return table_perm, array_perm +end + +-- Return roles/permissions for specified user +get_user_roles = function(self, userid) + rls = cfe({ type="list", value=auth.get_userinfo_roles(self, userid), label="Roles" }) + permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" }) + return cfe({ type="group", value={roles=rls, permissions=permissions} }) +end + +-- Return permissions for specified role +get_role_perms = function(self, role) + return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" }) +end + +-- Return list of all permissions +get_perms_list = function() + return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" }) +end + +view_roles = function() + local defined_roles, default_roles = roles.list_roles() + local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" }) + local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" }) + + return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe} }) +end + +setpermissions = function(self, role, permissions, newrole) + local errtxt + local my_perms = {} + if permissions then + -- we're changing permissions + local result = true + if newrole then + -- make sure not overwriting role + for x,ro in ipairs(roles.list_roles()) do + if role==ro then + result = false + errtxt = "Role already exists" + break + end + end + end + if result==true then + result, errtxt = roles.set_role_perm(role, nil, permissions) + end + my_perms = self.clientdata.permissions + else + if role then + tmp, my_perms = roles.get_role_perm(self.conf.appdir, role) + else + role = "" end end - return cfe({ type="table", value=table_m, label="All permissions" }) + local tmp, all_perms = get_all_permissions(self) + table.sort(all_perms) + + local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" }) + local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt }) + + return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} }) +end + +delete_role = function(role) + local result, cmdresult = roles.delete_role(role) + return cfe({ value=cmdresult }) end diff --git a/app/acf-util/roles-newrole-html.lsp b/app/acf-util/roles-newrole-html.lsp index bf42f28..7de6181 100644 --- a/app/acf-util/roles-newrole-html.lsp +++ b/app/acf-util/roles-newrole-html.lsp @@ -1,20 +1,5 @@ -<? local form= ... ?> -<? --[[ - io.write(html.cfe_unpack(form)) - io.write(html.cfe_unpack(FORM)) +<? ---[[ +-- FIXME - this is temp until symlinks are fixed +local funk = haserl.loadfile("/usr/share/acf/app/acf-util/roles-editrole-html.lsp") +funk(...) --]] ?> - -<? ---[[ ?> -<H1><?= form.label ?></H1> -<? - require("viewfunctions") - form.action = "" - form.submit = "Save" - -- If editing existing role, disable role - if form.value.role and "GET" == ENV["REQUEST_METHOD"] then - form.value.role.contenteditable = false - end - local order = { "role", "permissions" } - displayform(form, order) -?> -<? --]] ?> diff --git a/app/acf-util/roles.menu b/app/acf-util/roles.menu index 7bcca30..d72e8df 100755 --- a/app/acf-util/roles.menu +++ b/app/acf-util/roles.menu @@ -1,4 +1,4 @@ #CAT GROUP/DESC TAB ACTION System 02Roles_management Administration viewroles System 02Roles_management My_Roles read - +System 02Roles_management Permissions_List getpermslist diff --git a/app/welcome-html.lsp b/app/welcome-html.lsp index 6996fb0..4cf01d9 100644 --- a/app/welcome-html.lsp +++ b/app/welcome-html.lsp @@ -2,4 +2,8 @@ <h1>Alpine Configuration Framework</h1> <p>Welcome.</p> -<? -- io.write(html.cfe_unpack(view)) ?> +<? --[[ + io.write(html.cfe_unpack(view)) + io.write(html.cfe_unpack(FORM)) + io.write(html.cfe_unpack(ENV)) +--]] ?> diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index 6c4cbbd..613eaab 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -88,6 +88,8 @@ local validate_settings = function (self, userid, username, password, password_c -- Set errormessages when entering invalid values if (#userid == 0) then errormessage.userid = "You need to enter a valid userid!" end + if string.find(userid, "[^%w_]") then errormessage.userid = "Userid can only contain letters, numbers, and '_'" end + if string.find(username, "%p") then errormessage.username = "Real name cannot contain punctuation" end if password then if (#password == 0) then errormessage.password = "Password cannot be blank!" diff --git a/lib/roles.lua b/lib/roles.lua index 53409c0..201e2a9 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -88,7 +88,7 @@ list_roles = function() -- Open the roles file and parse for defined roles f = fs.read_file_as_array(roles_file) for x,line in pairs(f) do - temprole = string.match(line,"^[%a]+") + temprole = string.match(line,"^[%w_]+") if not reverseroles[temprole] then defined_roles[#defined_roles + 1] = temprole end @@ -123,7 +123,7 @@ get_roles_perm = function(startdir,roles) for x,file in ipairs(rolesfiles) do f = fs.read_file_as_array(file) for y,line in pairs(f) do - if reverseroles[string.match(line,"^[%a]+")] then + if reverseroles[string.match(line,"^[%w_]+")] then temp = format.string_to_table(string.match(line,"[,%a:]+$"),",") for z,perm in pairs(temp) do local control,action = string.match(perm,"(%a+):(%a+)") @@ -156,7 +156,7 @@ get_role_perm = function(startdir,role) for x,file in ipairs(rolesfiles) do f = fs.read_file_as_array(file) for y,line in pairs(f) do - if role == string.match(line,"^[%a]+") then + if role == string.match(line,"^[%w_]+") then temp = format.string_to_table(string.match(line,"[,%a:]+$"),",") for z,perm in pairs(temp) do local control,action = string.match(perm,"(%a+):(%a+)") @@ -214,6 +214,9 @@ set_role_perm = function(role, permissions, permissions_array) return false, "Cannot modify default roles" end end + if string.find(role, '[^%w_]') then + return false, "Role can only contain letters, numbers, and '_'" + end if permissions and not permissions_array then permissions_array = {} for cont,actions in pairs(permissions) do |