Updated roles

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1099 ab2d0c66-481e-0410-8bed-d214d4d58bed

3 files changed, 119 insertions, 18 deletions

diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index c68ec2b..6c4cbbd 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -12,6 +12,7 @@ userid:password:username:role1[,role2...]
 module (..., package.seeall)
 
 local sess = require ("session")
+require("roles")
 
 local pvt={}
 
@@ -181,8 +182,15 @@ list_users = function (self)
 end
 
 list_roles = function (self)
-	local output = {"CREATE","UPDATE","DELETE","READ"}
-	return output
+	-- Get list of available roles (everything except ALL)
+	local avail_roles = roles.list_all_roles()
+	for x,role in ipairs(avail_roles) do
+		if role=="ALL" then
+			table.remove(avail_roles,x)
+			break
+		end
+	end
+	return avail_roles
 end
 
 change_setting = function (self, userid, parameter, value) 
diff --git a/lib/roles.lua b/lib/roles.lua
index 768e96f..53409c0 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -7,12 +7,28 @@ require ("format")
 
 module (..., package.seeall)
 
+local roles_file = "/etc/acf/roles"
+local default_roles = { "CREATE", "UPDATE", "DELETE", "READ", "ALL" }
+
+-- returns a table of the *.roles files
+-- startdir should be the app dir
+local get_roles_candidates = function (startdir)
+	local t = {}
+	local fh = io.popen('find ' .. startdir .. ' -name "*.roles"')
+	for x in fh:lines() do
+		t[#t + 1] = x
+	end
+	return t
+end
+
 -- Return a list of *controller.lua files
 list_controllers = function(self)
 	local list = {}
 	local f = io.popen("/usr/bin/find /usr/share/acf/ |/bin/grep \"controller.lua$\" ")
 	for a in f:lines() do
-		list[#list + 1 ] = a
+		if not string.find(a, "acf_") then
+			list[#list + 1 ] = a
+		end
 	end
 	f:close()
 	return list
@@ -58,24 +74,45 @@ get_controllers_func = function(self,controller_info)
 	end
 end
 
--- returns a table of the *.roles files
--- startdir should be the app dir
-local get_roles_candidates = function (startdir)
-	local t = {}
-	local fh = io.popen('find ' .. startdir .. ' -name "*.roles"')
-	for x in fh:lines() do
-		t[#t + 1] = x
+list_default_roles = function()
+	return default_roles
+end
+
+list_roles = function()
+	local defined_roles = {}
+	local reverseroles = {}
+	for x,role in ipairs(default_roles) do
+		reverseroles[role] = x
 	end
-	return t
+
+	-- Open the roles file and parse for defined roles
+	f = fs.read_file_as_array(roles_file)
+	for x,line in pairs(f) do
+		temprole = string.match(line,"^[%a]+")
+		if not reverseroles[temprole] then
+			defined_roles[#defined_roles + 1] = temprole
+		end
+	end
+
+	return defined_roles, default_roles
 end
 
+list_all_roles = function()
+	local defined_roles, default_roles = list_roles()
+	for x,role in ipairs(defined_roles) do
+		default_roles[#default_roles + 1] = role
+	end
+	return default_roles
+end	
+
 -- Go through the roles files and determine the permissions for the specified roles
 get_roles_perm = function(startdir,roles)
 	permissions = {}
+	permissions_array = {}
 
 	-- find all of the roles files and add in the master file
 	local rolesfiles = get_roles_candidates(startdir)
-	rolesfiles[#rolesfiles + 1]  = "/etc/acf/roles"
+	rolesfiles[#rolesfiles + 1]  = roles_file
 
 	local reverseroles = {}
 	for x,role in ipairs(roles) do
@@ -94,8 +131,9 @@ get_roles_perm = function(startdir,roles)
 						if nil == permissions[control] then
 							permissions[control] = {}
 						end
-						if action and nil == permissions[control][action] then
+						if action then
 							permissions[control][action] = {}
+							permissions_array[#permissions_array + 1] = control .. ":" .. action
 						end
 					end
 				end
@@ -103,16 +141,17 @@ get_roles_perm = function(startdir,roles)
 		end
 	end
 	
-	return permissions
+	return permissions, permissions_array
 end
 
 -- Go through the roles files and determine the permissions for the specified role
 get_role_perm = function(startdir,role)
 	permissions = {}
+	permissions_array = {}
 
 	-- find all of the roles files and add in the master file
 	local rolesfiles = get_roles_candidates(startdir)
-	rolesfiles[#rolesfiles + 1]  = "/etc/acf/roles"
+	rolesfiles[#rolesfiles + 1]  = roles_file
 
 	for x,file in ipairs(rolesfiles) do
 		f = fs.read_file_as_array(file)
@@ -125,8 +164,9 @@ get_role_perm = function(startdir,role)
 						if nil == permissions[control] then
 							permissions[control] = {}
 						end
-						if action and nil == permissions[control][action] then
+						if action then
 							permissions[control][action] = {}
+							permissions_array[#permissions_array + 1] = control .. ":" .. action
 						end
 					end
 				end
@@ -134,6 +174,59 @@ get_role_perm = function(startdir,role)
 		end
 	end
 	
-	return permissions
+	return permissions, permissions_array
+end
+
+-- Delete a role from role file
+delete_role = function(role)
+	for x,ro in ipairs(default_roles) do
+		if role==ro then
+			return false, "Cannot delete default roles"
+		end
+	end
+	local rolecontent = fs.read_file_as_array(roles_file)
+	local output = {}
+	local result = false
+	local cmdresult = "Role entry not found"
+	for x,line in pairs(rolecontent) do
+		if not string.match(line, "^" .. role .. "=") then
+			table.insert(output,line)
+		else
+			result = true
+			cmdresult = "Role deleted"
+		end
+	end
+
+	if result == true then
+		fs.write_file(roles_file, table.concat(output,"\n"))
+	end
+
+	return result, cmdresult
 end
 
+-- Set permissions for a role in role file
+set_role_perm = function(role, permissions, permissions_array)
+	if role==nil or role=="" then
+		return false, "Invalid Role"
+	end
+	for x,ro in ipairs(default_roles) do
+		if role==ro then
+			return false, "Cannot modify default roles"
+		end
+	end
+	if permissions and not permissions_array then
+		permissions_array = {}
+		for cont,actions in pairs(permissions) do
+			for action in pairs(actions) do
+				permissions_array[#permissions_array + 1] = cont .. ":" .. action
+			end
+		end
+	end
+	if permissions_array==nil or #permissions_array==0 then
+		return false, "No permissions set"
+	end
+
+	delete_role(role)
+	fs.write_line_file(roles_file, role .. "=" .. table.concat(permissions_array,","))
+	return true
+end
diff --git a/lib/viewfunctions.lua b/lib/viewfunctions.lua
index c7aa53f..5080a34 100644
--- a/lib/viewfunctions.lua
+++ b/lib/viewfunctions.lua
@@ -99,7 +99,7 @@ function displayitem(myitem, viewtype)
 		for x,val in ipairs(myitem.option) do
 			myitem.value = val
 			myitem.checked = reverseval[val]
-			myitem.name = tempname .. "." .. val
+			myitem.name = tempname .. "." .. x
 			io.write(html.form.checkbox(myitem) .. val .. "<br>\n")
 		end
 		myitem.name = tempname