Modified roles and authenticator to delete all data fields when deleting a role or user. Modified all roles code to pass self for future move from text file to database. Roles cannot use authenticator unless or until roles file syntax is changed.

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1382 ab2d0c66-481e-0410-8bed-d214d4d58bed

3 files changed, 58 insertions, 14 deletions

diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index aa3e2e3..e90520d 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -9,8 +9,23 @@ create a different file for each field.
 
 module (..., package.seeall)
 
+list_fields = function(self, tabl)
+	if not self or not tabl or tabl == "" then
+		return {}
+	end
+
+	local fields = {}
+	for file in fs.find(".*"..tabl, self.conf.confdir) do
+		local field = string.match(file, "([^/]*)"..tabl.."$") or ""
+		if fs.is_file(file) and field ~= "" then
+			fields[#fields + 1] = field
+		end
+	end
+	return fields
+end
+
 read_field = function(self, tabl, field)
-	if not tabl or tabl == "" or not field then
+	if not self or not tabl or tabl == "" or not field then
 		return nil
 	end
 
@@ -34,7 +49,7 @@ read_field = function(self, tabl, field)
 end
 
 delete_field = function(self, tabl, field)
-	if not tabl or tabl == "" or not field then
+	if not self or not tabl or tabl == "" or not field then
 		return false
 	end
 	local passwd_path = self.conf.confdir .. field .. tabl
@@ -95,5 +110,13 @@ delete_entry = function (self, tabl, field, id)
 		fs.write_file(passwd_path, table.concat(output,"\n"))
 	end
 
+	-- If deleting the main field, delete all other fields also
+	if field == "" then
+		local fields = list_fields(self, tabl)
+		for i,fld in ipairs(fields) do
+			delete_entry(self, tabl, fld, id)
+		end
+	end
+
 	return result
 end
diff --git a/lib/authenticator.lua b/lib/authenticator.lua
index 4af5e45..857703c 100644
--- a/lib/authenticator.lua
+++ b/lib/authenticator.lua
@@ -170,7 +170,7 @@ get_userinfo_roles = function(self, userid)
 	end
 	local rol = require("roles")
 	if rol then
-		local avail_roles = rol.list_all_roles()
+		local avail_roles = rol.list_all_roles(self)
 		for x,role in ipairs(avail_roles) do
 			if role=="ALL" then
 				table.remove(avail_roles,x)
@@ -251,6 +251,14 @@ delete_user = function (self, userid)
 	return cfe({ value=cmdresult, label="Delete user result" })
 end
 
+list_userfields = function(self)
+	load_auth(self)
+	if auth then
+		return auth.list_fields(self, passwdtable)
+	end
+	return nil
+end
+
 read_userfield = function(self, name)
 	load_auth(self)
 	if auth and name ~= "" then
@@ -291,6 +299,14 @@ delete_userentry = function (self, name, userid)
 	return false
 end
 
+list_rolefields = function(self)
+	load_auth(self)
+	if auth then
+		return auth.list_fields(self, roletable)
+	end
+	return nil
+end
+
 read_rolefield = function(self, name)
 	load_auth(self)
 	if auth then
diff --git a/lib/roles.lua b/lib/roles.lua
index b90ecea..1ac4ae9 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -1,6 +1,6 @@
 --this module is for authorization help and group/role management
 
-
+require ("authenticator")
 require ("posix")
 require ("fs")
 require ("format")
@@ -87,7 +87,7 @@ list_default_roles = function()
 	return default_roles
 end
 
-list_roles = function()
+list_roles = function(self)
 	local defined_roles = {}
 	local reverseroles = {}
 	for x,role in ipairs(default_roles) do
@@ -106,8 +106,8 @@ list_roles = function()
 	return defined_roles, default_roles
 end
 
-list_all_roles = function()
-	local defined_roles, default_roles = list_roles()
+list_all_roles = function(self)
+	local defined_roles, default_roles = list_roles(self)
 	for x,role in ipairs(defined_roles) do
 		default_roles[#default_roles + 1] = role
 	end
@@ -115,12 +115,12 @@ list_all_roles = function()
 end	
 
 -- Go through the roles files and determine the permissions for the specified roles
-get_roles_perm = function(startdir,roles)
+get_roles_perm = function(self,roles)
 	permissions = {}
 	permissions_array = {}
 
 	-- find all of the roles files and add in the master file
-	local rolesfiles = get_roles_candidates(startdir)
+	local rolesfiles = get_roles_candidates(self.conf.appdir)
 	rolesfiles[#rolesfiles + 1]  = roles_file
 
 	local reverseroles = {}
@@ -154,12 +154,12 @@ get_roles_perm = function(startdir,roles)
 end
 
 -- Go through the roles files and determine the permissions for the specified role
-get_role_perm = function(startdir,role)
+get_role_perm = function(self,role)
 	permissions = {}
 	permissions_array = {}
 
 	-- find all of the roles files and add in the master file
-	local rolesfiles = get_roles_candidates(startdir)
+	local rolesfiles = get_roles_candidates(self.conf.appdir)
 	rolesfiles[#rolesfiles + 1]  = roles_file
 
 	for x,file in ipairs(rolesfiles) do
@@ -187,7 +187,7 @@ get_role_perm = function(startdir,role)
 end
 
 -- Delete a role from role file
-delete_role = function(role)
+delete_role = function(self, role)
 	for x,ro in ipairs(default_roles) do
 		if role==ro then
 			return false, "Cannot delete default roles"
@@ -208,13 +208,18 @@ delete_role = function(role)
 
 	if result == true then
 		fs.write_file(roles_file, table.concat(output,"\n"))
+		-- also need to delete any other roles fields for this role
+		local fields = authenticator.list_rolefields(self) or {}
+		for x,field in ipairs(fields) do
+			authenticator.delete_roleentry(self, field, role)
+		end
 	end
 
 	return result, cmdresult
 end
 
 -- Set permissions for a role in role file
-set_role_perm = function(role, permissions, permissions_array)
+set_role_perm = function(self, role, permissions, permissions_array)
 	if role==nil or role=="" then
 		return false, "Invalid Role"
 	end
@@ -238,7 +243,7 @@ set_role_perm = function(role, permissions, permissions_array)
 		return false, "No permissions set"
 	end
 
-	delete_role(role)
+	delete_role(self, role)
 	fs.write_line_file(roles_file, role .. "=" .. table.concat(permissions_array,","))
 	return true
 end