summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--app/acf-util/roles-controller.lua6
-rw-r--r--app/acf-util/roles-model.lua20
-rw-r--r--app/acf_www-controller.lua2
-rw-r--r--lib/authenticator-plaintext.lua27
-rw-r--r--lib/authenticator.lua18
-rw-r--r--lib/roles.lua27
6 files changed, 72 insertions, 28 deletions
diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua
index 8b6717e..91d4d9c 100644
--- a/app/acf-util/roles-controller.lua
+++ b/app/acf-util/roles-controller.lua
@@ -36,11 +36,11 @@ end
-- Return list of all permissions
getpermslist = function(self)
- return cfe({ type="group", value={permissions=self.model.get_perms_list()} })
+ return cfe({ type="group", value={permissions=self.model.get_perms_list(self)} })
end
viewroles = function(self)
- return self.model.view_roles()
+ return self.model.view_roles(self)
end
newrole = function(self)
@@ -58,5 +58,5 @@ editrole = function(self)
end
deleterole = function(self)
- return self:redirect_to_referrer(self.model.delete_role(self.clientdata.role))
+ return self:redirect_to_referrer(self.model.delete_role(self, self.clientdata.role))
end
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index 9149ba2..bdfe20d 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -34,22 +34,22 @@ end
-- Return roles/permissions for specified user
get_user_roles = function(self, userid)
rls = cfe({ type="list", value=authenticator.get_userinfo_roles(self, userid).value, label="Roles" })
- permissions = cfe({ type="table", value=roles.get_roles_perm(self.conf.appdir, rls.value), label="Permissions" })
+ permissions = cfe({ type="table", value=roles.get_roles_perm(self, rls.value), label="Permissions" })
return cfe({ type="group", value={roles=rls, permissions=permissions} })
end
-- Return permissions for specified role
get_role_perms = function(self, role)
- return cfe({ type="table", value=roles.get_role_perm(self.conf.appdir, role), label="Permissions" })
+ return cfe({ type="table", value=roles.get_role_perm(self, role), label="Permissions" })
end
-- Return list of all permissions
-get_perms_list = function()
+get_perms_list = function(self)
return cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
end
-view_roles = function()
- local defined_roles, default_roles = roles.list_roles()
+view_roles = function(self)
+ local defined_roles, default_roles = roles.list_roles(self)
local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
@@ -60,7 +60,7 @@ getpermissions = function(self, role)
local my_perms = {}
if role then
- tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
+ tmp, my_perms = roles.get_role_perm(self, role)
my_perms = my_perms or {}
else
role = ""
@@ -80,7 +80,7 @@ setpermissions = function(self, permissions, newrole)
local result = true
if newrole then
-- make sure not overwriting role
- local defined_roles, default_roles = roles.list_roles()
+ local defined_roles, default_roles = roles.list_roles(self)
local reverseroles = {}
for i,role in ipairs(defined_roles) do reverseroles[role] = i end
for i,role in ipairs(default_roles) do reverseroles[role] = i end
@@ -92,7 +92,7 @@ setpermissions = function(self, permissions, newrole)
end
-- Try to set the value
if result==true then
- result, permissions.value.role.errtxt = roles.set_role_perm(permissions.value.role.value, nil, permissions.value.permissions.value)
+ result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissions.value.permissions.value)
if not result then
permissions.errtxt = "Failed to save role"
end
@@ -101,7 +101,7 @@ setpermissions = function(self, permissions, newrole)
return permissions
end
-delete_role = function(role)
- local result, cmdresult = roles.delete_role(role)
+delete_role = function(self, role)
+ local result, cmdresult = roles.delete_role(self, role)
return cfe({ value=cmdresult })
end
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua
index 3329830..b00953e 100644
--- a/app/acf_www-controller.lua
+++ b/app/acf_www-controller.lua
@@ -23,7 +23,7 @@ local function build_menus(self)
if self.sessiondata.userinfo and self.sessiondata.userinfo.roles then
roles = self.sessiondata.userinfo.roles
end
- local permissions = roll.get_roles_perm(self.conf.appdir,roles)
+ local permissions = roll.get_roles_perm(self,roles)
self.sessiondata.permissions = permissions
--Build the menu
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua
index aa3e2e3..e90520d 100644
--- a/lib/authenticator-plaintext.lua
+++ b/lib/authenticator-plaintext.lua
@@ -9,8 +9,23 @@ create a different file for each field.
module (..., package.seeall)
+list_fields = function(self, tabl)
+ if not self or not tabl or tabl == "" then
+ return {}
+ end
+
+ local fields = {}
+ for file in fs.find(".*"..tabl, self.conf.confdir) do
+ local field = string.match(file, "([^/]*)"..tabl.."$") or ""
+ if fs.is_file(file) and field ~= "" then
+ fields[#fields + 1] = field
+ end
+ end
+ return fields
+end
+
read_field = function(self, tabl, field)
- if not tabl or tabl == "" or not field then
+ if not self or not tabl or tabl == "" or not field then
return nil
end
@@ -34,7 +49,7 @@ read_field = function(self, tabl, field)
end
delete_field = function(self, tabl, field)
- if not tabl or tabl == "" or not field then
+ if not self or not tabl or tabl == "" or not field then
return false
end
local passwd_path = self.conf.confdir .. field .. tabl
@@ -95,5 +110,13 @@ delete_entry = function (self, tabl, field, id)
fs.write_file(passwd_path, table.concat(output,"\n"))
end
+ -- If deleting the main field, delete all other fields also
+ if field == "" then
+ local fields = list_fields(self, tabl)
+ for i,fld in ipairs(fields) do
+ delete_entry(self, tabl, fld, id)
+ end
+ end
+
return result
end
diff --git a/lib/authenticator.lua b/lib/authenticator.lua
index 4af5e45..857703c 100644
--- a/lib/authenticator.lua
+++ b/lib/authenticator.lua
@@ -170,7 +170,7 @@ get_userinfo_roles = function(self, userid)
end
local rol = require("roles")
if rol then
- local avail_roles = rol.list_all_roles()
+ local avail_roles = rol.list_all_roles(self)
for x,role in ipairs(avail_roles) do
if role=="ALL" then
table.remove(avail_roles,x)
@@ -251,6 +251,14 @@ delete_user = function (self, userid)
return cfe({ value=cmdresult, label="Delete user result" })
end
+list_userfields = function(self)
+ load_auth(self)
+ if auth then
+ return auth.list_fields(self, passwdtable)
+ end
+ return nil
+end
+
read_userfield = function(self, name)
load_auth(self)
if auth and name ~= "" then
@@ -291,6 +299,14 @@ delete_userentry = function (self, name, userid)
return false
end
+list_rolefields = function(self)
+ load_auth(self)
+ if auth then
+ return auth.list_fields(self, roletable)
+ end
+ return nil
+end
+
read_rolefield = function(self, name)
load_auth(self)
if auth then
diff --git a/lib/roles.lua b/lib/roles.lua
index b90ecea..1ac4ae9 100644
--- a/lib/roles.lua
+++ b/lib/roles.lua
@@ -1,6 +1,6 @@
--this module is for authorization help and group/role management
-
+require ("authenticator")
require ("posix")
require ("fs")
require ("format")
@@ -87,7 +87,7 @@ list_default_roles = function()
return default_roles
end
-list_roles = function()
+list_roles = function(self)
local defined_roles = {}
local reverseroles = {}
for x,role in ipairs(default_roles) do
@@ -106,8 +106,8 @@ list_roles = function()
return defined_roles, default_roles
end
-list_all_roles = function()
- local defined_roles, default_roles = list_roles()
+list_all_roles = function(self)
+ local defined_roles, default_roles = list_roles(self)
for x,role in ipairs(defined_roles) do
default_roles[#default_roles + 1] = role
end
@@ -115,12 +115,12 @@ list_all_roles = function()
end
-- Go through the roles files and determine the permissions for the specified roles
-get_roles_perm = function(startdir,roles)
+get_roles_perm = function(self,roles)
permissions = {}
permissions_array = {}
-- find all of the roles files and add in the master file
- local rolesfiles = get_roles_candidates(startdir)
+ local rolesfiles = get_roles_candidates(self.conf.appdir)
rolesfiles[#rolesfiles + 1] = roles_file
local reverseroles = {}
@@ -154,12 +154,12 @@ get_roles_perm = function(startdir,roles)
end
-- Go through the roles files and determine the permissions for the specified role
-get_role_perm = function(startdir,role)
+get_role_perm = function(self,role)
permissions = {}
permissions_array = {}
-- find all of the roles files and add in the master file
- local rolesfiles = get_roles_candidates(startdir)
+ local rolesfiles = get_roles_candidates(self.conf.appdir)
rolesfiles[#rolesfiles + 1] = roles_file
for x,file in ipairs(rolesfiles) do
@@ -187,7 +187,7 @@ get_role_perm = function(startdir,role)
end
-- Delete a role from role file
-delete_role = function(role)
+delete_role = function(self, role)
for x,ro in ipairs(default_roles) do
if role==ro then
return false, "Cannot delete default roles"
@@ -208,13 +208,18 @@ delete_role = function(role)
if result == true then
fs.write_file(roles_file, table.concat(output,"\n"))
+ -- also need to delete any other roles fields for this role
+ local fields = authenticator.list_rolefields(self) or {}
+ for x,field in ipairs(fields) do
+ authenticator.delete_roleentry(self, field, role)
+ end
end
return result, cmdresult
end
-- Set permissions for a role in role file
-set_role_perm = function(role, permissions, permissions_array)
+set_role_perm = function(self, role, permissions, permissions_array)
if role==nil or role=="" then
return false, "Invalid Role"
end
@@ -238,7 +243,7 @@ set_role_perm = function(role, permissions, permissions_array)
return false, "No permissions set"
end
- delete_role(role)
+ delete_role(self, role)
fs.write_line_file(roles_file, role .. "=" .. table.concat(permissions_array,","))
return true
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-14 15:59:26 +0000