diff options
-rw-r--r-- | app/acf-util/logon-model.lua | 2 | ||||
-rw-r--r-- | app/acf-util/roles-model.lua | 4 | ||||
-rw-r--r-- | app/acf-util/roles-read-html.lsp | 9 | ||||
-rw-r--r-- | lib/authenticator-plaintext.lua | 9 | ||||
-rw-r--r-- | lib/format.lua | 2 | ||||
-rw-r--r-- | lib/roles.lua | 24 |
6 files changed, 45 insertions, 5 deletions
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua index a86d361..ff5515a 100644 --- a/app/acf-util/logon-model.lua +++ b/app/acf-util/logon-model.lua @@ -5,6 +5,7 @@ module (..., package.seeall) require ("session") require ("html") require ("fs") +require ("roles") --varibles for time in case of logons,expired,lockouts minutes_expired_events=30 @@ -56,6 +57,7 @@ session.expired_events(conf.sessiondir, minutes_expired_events) local t = auth.get_userinfo (self, id_user) sessiondata.id = session.random_hash(512) sessiondata.userinfo = t or {} + sessiondata.userinfo.perm = roles.get_roles_perm(self,auth.get_userinfo_roles(self,id_user)) self.conf.prefix="/acf-util/" self.conf.action="status" self.conf.type="redir" diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index dbfff35..b4641dc 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -7,7 +7,9 @@ module (..., package.seeall) read = function(self,sessionid) useid , theroles = session.check_session(conf.sessiondir,sessionid,"roles") - return ( cfe { value=theroles,name="roles" }) +--we need to expand roles to give us real perm list + perm = roles.get_roles_perm(self,theroles) + return ( cfe { userid={value=useid,name="userid"},roles={ value=theroles,name="roles"}, perm={value=perm,name="perm"} }) end getcont = function(self) diff --git a/app/acf-util/roles-read-html.lsp b/app/acf-util/roles-read-html.lsp index ec6e965..c5ea541 100644 --- a/app/acf-util/roles-read-html.lsp +++ b/app/acf-util/roles-read-html.lsp @@ -1,8 +1,11 @@ <? local view= ... ?> <h1>Role Views</h1> +<p>Roles/Permission list for <?= view.read.userid.value ?>:<p> + <p>You are valid in these role <p> -<? for a,b in pairs(view.read.value) do ?> -<li><?= b ?><br> -<? end ?> +<? for a,b in pairs(view.read.roles.value) do +print("<li>",b) end ?> +<p>Your full permissions are<p> +<?= view.read.perm.value ?> <?= html.cfe_unpack(view) ?> diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index 57bbf35..c9d5c42 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -94,3 +94,12 @@ get_userinfo = function ( self, userid ) end end +get_userinfo_roles = function (self, userid) + local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") + if t == false then + return nil + else + temp = pvt.get_id (userid, t) + return temp.roles + end +end diff --git a/lib/format.lua b/lib/format.lua index 2865756..60fda82 100644 --- a/lib/format.lua +++ b/lib/format.lua @@ -112,7 +112,7 @@ end -- This code comes from http://lua-users.org/wiki/SplitJoin -- -- example: format.table_to_string( {"Anna", "Bob", "Charlie", "Dolores"}, ",") function table_to_string (list, delimiter) - local len = getn(list) + local len = #(list) if len == 0 then return "" end diff --git a/lib/roles.lua b/lib/roles.lua index 808aa95..bdaf635 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -2,6 +2,7 @@ require ("posix") +require ("fs") require ("format") module (..., package.seeall) @@ -55,3 +56,26 @@ end end end +get_roles_perm = function(self,roles) + --for now we are using the file static + --this will go through and search from the roles in sessionid to get the real + --permission list + local rolesfile = "/etc/acf/roles" + f = fs.read_file_as_array(rolesfile) + local temp = {} + for k,v in pairs(roles) do + for a,b in pairs(f) do + match = "^" .. v + c = string.match(b,match) + if c then + inval = string.match(b,"[,%w:]+$") + temp[#temp +1] = inval + end + end + end + temp1 = format.table_to_string(temp,",") + --we now can return the first level of roles perms. What if a role is a member of a role... + + return temp1 +end + |