summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTed Trask <ttrask01@yahoo.com>2008-05-05 14:41:54 +0000
committerTed Trask <ttrask01@yahoo.com>2008-05-05 14:41:54 +0000
commit76a118d4fe2f180badaff69dac8c6c46df991663 (patch)
tree3082be685448011e47c37d21aa5f8a1865c5164e
parent3eecd1d2d435332a27e1712cdb352391ffaa0b9d (diff)
downloadacf-core-76a118d4fe2f180badaff69dac8c6c46df991663.tar.bz2
acf-core-76a118d4fe2f180badaff69dac8c6c46df991663.tar.xz
Finished user and role management
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1100 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rwxr-xr-xapp/acf-util/password-status-html.lsp1
-rw-r--r--app/acf-util/roles-controller.lua84
-rw-r--r--app/acf-util/roles-editrole-html.lsp2
-rw-r--r--app/acf-util/roles-model.lua91
-rw-r--r--app/acf-util/roles-newrole-html.lsp23
-rwxr-xr-xapp/acf-util/roles.menu2
-rw-r--r--app/welcome-html.lsp6
-rw-r--r--lib/authenticator-plaintext.lua2
-rw-r--r--lib/roles.lua9
9 files changed, 112 insertions, 108 deletions
diff --git a/app/acf-util/password-status-html.lsp b/app/acf-util/password-status-html.lsp
index b7c9b05..f544884 100755
--- a/app/acf-util/password-status-html.lsp
+++ b/app/acf-util/password-status-html.lsp
@@ -31,6 +31,7 @@ io.write("</span>")
<TD>
[<A HREF='edituser?userid=<?= name ?>'>Edit this account</A>]
[<A HREF='deleteuser?userid=<?= name ?>'>Delete this account</A>]
+ [<A HREF='<?= ENV.SCRIPT_NAME ?>/acf-util/roles/viewuserroles?userid=<?= name ?>'>View roles for this account</A>]
</TD>
</TR>
</TABLE></DD>
diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua
index 1d69b8b..aa3e6bd 100644
--- a/app/acf-util/roles-controller.lua
+++ b/app/acf-util/roles-controller.lua
@@ -2,28 +2,6 @@
module (..., package.seeall)
-auth = require("authenticator-plaintext")
-roll = require("roles")
-
-local get_all_permissions = function(self)
- -- need to get a list of all the controllers
- controllers = roles.get_controllers(self)
- local table_perm = {}
- local array_perm = {}
- for a,b in pairs(controllers) do
- if nil == table_perm[b.sname] then
- table_perm[b.sname] = {}
- end
- temp = roles.get_controllers_func(self,b)
- for x,y in ipairs(temp) do
- table_perm[b.sname][y] = {}
- array_perm[#array_perm + 1] = b.sname .. ":" .. y
- end
- end
-
- return table_perm, array_perm
-end
-
default_action = "read"
-- Return your own roles/permissions
@@ -40,9 +18,9 @@ viewuserroles = function(self)
redirect(self)
end
userid = cfe({ value=self.clientdata.userid, label="User Id" })
- roles = cfe({ type="list", value=auth.get_userinfo_roles(self, userid.value), label="Roles" })
- permissions = cfe({ type="table", value=roll.get_roles_perm(self.conf.appdir, roles.value), label="Permissions" })
- return cfe({ type="group", value={userid=userid, roles=roles, permissions=permissions} })
+ roles = self.model.get_user_roles(self, userid.value)
+ roles.value.userid = userid
+ return roles
end
-- Return permissions for specified role
@@ -51,14 +29,13 @@ viewroleperms = function(self)
redirect(self, "getlist")
end
role = cfe({ value=self.clientdata.role, label="Role" })
- permissions = cfe({ type="table", value=roll.get_role_perm(self.conf.appdir, role.value), label="Permissions" })
+ permissions = self.model.get_role_perms(self, role.value)
return cfe({ type="group", value={role=role, permissions=permissions} })
end
-- Return list of all permissions
getpermslist = function(self)
- permissions = cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
- return cfe({ type="group", value={permissions=permissions} })
+ return cfe({ type="group", value={permissions=self.model.get_perms_list()} })
end
viewroles = function(self)
@@ -66,52 +43,14 @@ viewroles = function(self)
local cmdresult = self.sessiondata.cmdresult
self.sessiondata.cmdresult = nil
- local defined_roles, default_roles = roll.list_roles()
- local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
- local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
-
- return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe, cmdresult=cmdresult} })
-end
-
-local setpermissions = function(self, role, permissions, newrole)
- local errtxt
- local my_perms = {}
- if permissions then
- -- we're changing permissions
- local result = true
- if newrole then
- -- make sure not overwriting role
- for x,ro in ipairs(roles.list_roles()) do
- if role==ro then
- result = false
- errtxt = "Role already exists"
- break
- end
- end
- end
- if result==true then
- result, errtxt = roles.set_role_perm(role, nil, permissions)
- end
- my_perms = self.clientdata.permissions
- else
- if role then
- tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
- else
- role = ""
- end
- end
-
- local tmp, all_perms = get_all_permissions(self)
- table.sort(all_perms)
-
- local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" })
- local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt })
+ local roles = self.model.view_roles()
+ roles.value.cmdresult = cmdresult
- return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} })
+ return roles
end
newrole = function(self)
- local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, true)
+ local form = self.model.setpermissions(self, self.clientdata.role, self.clientdata.permissions, true)
form.type = "form"
form.label = "Edit new role"
if form.value.role.errtxt then
@@ -126,7 +65,7 @@ newrole = function(self)
end
editrole = function(self)
- local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, false)
+ local form = self.model.setpermissions(self, self.clientdata.role, self.clientdata.permissions, false)
form.type = "form"
form.label = "Edit role"
if form.value.role.errtxt then
@@ -141,7 +80,6 @@ editrole = function(self)
end
deleterole = function(self)
- local result, cmdresult = roles.delete_role(self.clientdata.role)
- self.sessiondata.cmdresult = cfe({ value=cmdresult })
+ self.sessiondata.cmdresult = self.model.delete_role(self.clientdata.role)
redirect(self, "viewroles")
end
diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp
index bf42f28..d96ac56 100644
--- a/app/acf-util/roles-editrole-html.lsp
+++ b/app/acf-util/roles-editrole-html.lsp
@@ -11,7 +11,7 @@
form.action = ""
form.submit = "Save"
-- If editing existing role, disable role
- if form.value.role and "GET" == ENV["REQUEST_METHOD"] then
+ if nil == string.find(ENV.PATH_INFO, "/newrole") then
form.value.role.contenteditable = false
end
local order = { "role", "permissions" }
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index b6e95fd..4fe3cbf 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -1,20 +1,91 @@
--- Roles/Group model functions
-
-require ("roles")
-
+-- Roles/Group functions
module (..., package.seeall)
-getcont = function(self)
- --need to get a list of all the controllers
+auth = require("authenticator-plaintext")
+require("roles")
+
+local get_all_permissions = function(self)
+ -- need to get a list of all the controllers
controllers = roles.get_controllers(self)
- local table_m = {}
+ local table_perm = {}
+ local array_perm = {}
for a,b in pairs(controllers) do
- table_m[b.sname] = {}
+ if nil == table_perm[b.sname] then
+ table_perm[b.sname] = {}
+ end
temp = roles.get_controllers_func(self,b)
for x,y in ipairs(temp) do
- table_m[b.sname][y] = {}
+ table_perm[b.sname][y] = {}
+ array_perm[#array_perm + 1] = b.sname .. ":" .. y
+ end
+ end
+
+ return table_perm, array_perm
+end
+
+-- Return roles/permissions for specified user
+get_user_roles = function(self, userid)
+ rls = cfe({ type="list", value=auth.get_userinfo_roles(self, userid), label="Roles" })
+ permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" })
+ return cfe({ type="group", value={roles=rls, permissions=permissions} })
+end
+
+-- Return permissions for specified role
+get_role_perms = function(self, role)
+ return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" })
+end
+
+-- Return list of all permissions
+get_perms_list = function()
+ return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
+end
+
+view_roles = function()
+ local defined_roles, default_roles = roles.list_roles()
+ local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
+ local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
+
+ return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe} })
+end
+
+setpermissions = function(self, role, permissions, newrole)
+ local errtxt
+ local my_perms = {}
+ if permissions then
+ -- we're changing permissions
+ local result = true
+ if newrole then
+ -- make sure not overwriting role
+ for x,ro in ipairs(roles.list_roles()) do
+ if role==ro then
+ result = false
+ errtxt = "Role already exists"
+ break
+ end
+ end
+ end
+ if result==true then
+ result, errtxt = roles.set_role_perm(role, nil, permissions)
+ end
+ my_perms = self.clientdata.permissions
+ else
+ if role then
+ tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
+ else
+ role = ""
end
end
- return cfe({ type="table", value=table_m, label="All permissions" })
+ local tmp, all_perms = get_all_permissions(self)
+ table.sort(all_perms)
+
+ local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" })
+ local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt })
+
+ return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} })
+end
+
+delete_role = function(role)
+ local result, cmdresult = roles.delete_role(role)
+ return cfe({ value=cmdresult })
end
diff --git a/app/acf-util/roles-newrole-html.lsp b/app/acf-util/roles-newrole-html.lsp
index bf42f28..7de6181 100644
--- a/app/acf-util/roles-newrole-html.lsp
+++ b/app/acf-util/roles-newrole-html.lsp
@@ -1,20 +1,5 @@
-<? local form= ... ?>
-<? --[[
- io.write(html.cfe_unpack(form))
- io.write(html.cfe_unpack(FORM))
+<? ---[[
+-- FIXME - this is temp until symlinks are fixed
+local funk = haserl.loadfile("/usr/share/acf/app/acf-util/roles-editrole-html.lsp")
+funk(...)
--]] ?>
-
-<? ---[[ ?>
-<H1><?= form.label ?></H1>
-<?
- require("viewfunctions")
- form.action = ""
- form.submit = "Save"
- -- If editing existing role, disable role
- if form.value.role and "GET" == ENV["REQUEST_METHOD"] then
- form.value.role.contenteditable = false
- end
- local order = { "role", "permissions" }
- displayform(form, order)
-?>
-<? --]] ?>
diff --git a/app/acf-util/roles.menu b/app/acf-util/roles.menu
index 7bcca30..d72e8df 100755
--- a/app/acf-util/roles.menu
+++ b/app/acf-util/roles.menu
@@ -1,4 +1,4 @@
#CAT GROUP/DESC TAB ACTION
System 02Roles_management Administration viewroles
System 02Roles_management My_Roles read
-
+System 02Roles_management Permissions_List getpermslist
diff --git a/app/welcome-html.lsp b/app/welcome-html.lsp
index 6996fb0..4cf01d9 100644
--- a/app/welcome-html.lsp
+++ b/app/welcome-html.lsp
@@ -2,4 +2,8 @@
<h1>Alpine Configuration Framework</h1>
<p>Welcome.</p>
-<? -- io.write(html.cfe_unpack(view)) ?>
+<? --[[
+ io.write(html.cfe_unpack(view))
+ io.write(html.cfe_unpack(FORM))
+ io.write(html.cfe_unpack(ENV))
+--]] ?>
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index 6c4cbbd..613eaab 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -88,6 +88,8 @@ local validate_settings = function (self, userid, username, password, password_c
-- Set errormessages when entering invalid values
if (#userid == 0) then errormessage.userid = "You need to enter a valid userid!" end
+ if string.find(userid, "[^%w_]") then errormessage.userid = "Userid can only contain letters, numbers, and '_'" end
+ if string.find(username, "%p") then errormessage.username = "Real name cannot contain punctuation" end
if password then
if (#password == 0) then
errormessage.password = "Password cannot be blank!"
diff --git a/lib/roles.lua b/lib/roles.lua
index 53409c0..201e2a9 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -88,7 +88,7 @@ list_roles = function()
-- Open the roles file and parse for defined roles
f = fs.read_file_as_array(roles_file)
for x,line in pairs(f) do
- temprole = string.match(line,"^[%a]+")
+ temprole = string.match(line,"^[%w_]+")
if not reverseroles[temprole] then
defined_roles[#defined_roles + 1] = temprole
end
@@ -123,7 +123,7 @@ get_roles_perm = function(startdir,roles)
for x,file in ipairs(rolesfiles) do
f = fs.read_file_as_array(file)
for y,line in pairs(f) do
- if reverseroles[string.match(line,"^[%a]+")] then
+ if reverseroles[string.match(line,"^[%w_]+")] then
temp = format.string_to_table(string.match(line,"[,%a:]+$"),",")
for z,perm in pairs(temp) do
local control,action = string.match(perm,"(%a+):(%a+)")
@@ -156,7 +156,7 @@ get_role_perm = function(startdir,role)
for x,file in ipairs(rolesfiles) do
f = fs.read_file_as_array(file)
for y,line in pairs(f) do
- if role == string.match(line,"^[%a]+") then
+ if role == string.match(line,"^[%w_]+") then
temp = format.string_to_table(string.match(line,"[,%a:]+$"),",")
for z,perm in pairs(temp) do
local control,action = string.match(perm,"(%a+):(%a+)")
@@ -214,6 +214,9 @@ set_role_perm = function(role, permissions, permissions_array)
return false, "Cannot modify default roles"
end
end
+ if string.find(role, '[^%w_]') then
+ return false, "Role can only contain letters, numbers, and '_'"
+ end
if permissions and not permissions_array then
permissions_array = {}
for cont,actions in pairs(permissions) do