From 4ebeb9d3bc2f123f93338bcc8b15ef1723d4eb35 Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Mon, 21 Dec 2009 16:46:20 +0000 Subject: Modified permissions from controller:action to prefix/controller/action. Had to move welcome to the acf-util prefix. Changed format of roles files: old ACF format will still work, but authenticator format won't. --- app/Makefile | 4 +- app/acf-util/acf-util.roles | 6 +- app/acf-util/logon-controller.lua | 8 +-- app/acf-util/roles-editrole-html.lsp | 4 -- app/acf-util/roles-html.lsp | 57 +++++++++--------- app/acf-util/roles-model.lua | 17 +++--- app/acf-util/roles-viewroles-html.lsp | 10 ++-- app/acf-util/welcome-controller.lua | 10 ++++ app/acf-util/welcome-html.lsp | 9 +++ app/acf_cli-controller.lua | 1 + app/acf_www-controller.lua | 24 ++++---- app/template-html.lsp | 4 +- app/welcome-controller.lua | 10 ---- app/welcome-html.lsp | 9 --- lib/menubuilder.lua | 2 +- lib/roles.lua | 107 ++++++++++++---------------------- 16 files changed, 126 insertions(+), 156 deletions(-) create mode 100644 app/acf-util/welcome-controller.lua create mode 100644 app/acf-util/welcome-html.lsp delete mode 100644 app/welcome-controller.lua delete mode 100644 app/welcome-html.lsp diff --git a/app/Makefile b/app/Makefile index ba4258a..4c5a7aa 100644 --- a/app/Makefile +++ b/app/Makefile @@ -18,13 +18,13 @@ APP_DIST= \ acf-util/password-model.lua \ acf-util/password-status-html.lsp \ acf-util/password.menu \ + acf-util/welcome-controller.lua\ + acf-util/welcome-html.lsp\ acf_www-controller.lua\ acf_cli-controller.lua\ menuhints.menu\ template-html.lsp\ template-stream.lsp\ - welcome-controller.lua\ - welcome-html.lsp\ dispatcherror-html.lsp\ exception-html.lsp\ status-html.lsp\ diff --git a/app/acf-util/acf-util.roles b/app/acf-util/acf-util.roles index b31297c..7433fcc 100644 --- a/app/acf-util/acf-util.roles +++ b/app/acf-util/acf-util.roles @@ -1,4 +1,4 @@ -GUEST=logon:logon,logon:logout,logon:status,welcome:read -USER=password:editme,roles:read +GUEST=logon/logon,logon/logout,logon/status,welcome/read +USER=password/editme,roles/read EXPERT= -ADMIN=logon:logon,logon:logout,logon:status,password:editme,password:status,password:edituser,password:newuser,password:deleteuser,roles:read,roles:getpermslist,roles:viewuserroles,roles:viewroleperms,roles:viewroles,roles:editrole,roles:deleterole,roles:newrole,welcome:read,password:status,password:edituser,password:newuser,password:deleteuser,roles:getpermslist,roles:viewuserroles,roles:viewroleperms,roles:viewroles,roles:editrole,roles:deleterole,roles:newrole +ADMIN=logon/logon,logon/logout,logon/status,password/editme,password/status,password/edituser,password/newuser,password/deleteuser,roles/read,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,welcome/read,password/status,password/edituser,password/newuser,password/deleteuser,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua index d71d257..f1fa93d 100644 --- a/app/acf-util/logon-controller.lua +++ b/app/acf-util/logon-controller.lua @@ -9,17 +9,17 @@ logon = function(self) -- If there are no users defined, add privileges and dispatch password/newuser local users = self.model:list_users() if #users.value == 0 then - self.sessiondata.permissions.password = {} - self.sessiondata.permissions.password.newuser = {"temp"} + self.sessiondata.permissions[self.conf.prefix].password = {} + self.sessiondata.permissions[self.conf.prefix].password.newuser = {"temp"} self:dispatch(self.conf.prefix, "password", "newuser") - self.sessiondata.permissions.password = nil + self.sessiondata.permissions[self.conf.prefix].password = nil self.conf.suppress_view = true return end local userid = cfe({ value=clientdata.userid or "", label="User ID" }) local password = cfe({ label="Password" }) - local redir = cfe({ value=clientdata.redir or "/welcome/read", label="" }) + local redir = cfe({ value=clientdata.redir or "welcome/read", label="" }) local cmdresult = cfe({ type="form", value={userid=userid, password=password, redir=redir}, label="Logon", option="Logon" }) if clientdata.Logon then local logonredirect = self.sessiondata.logonredirect diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp index cec9af0..5d1582f 100644 --- a/app/acf-util/roles-editrole-html.lsp +++ b/app/acf-util/roles-editrole-html.lsp @@ -1,10 +1,6 @@ <% local form, viewtable, page_info = ... %> <% require("viewfunctions") %> -<% --[[ - io.write(html.cfe_unpack(form)) ---]] %> -

<%= html.html_escape(form.label) %>

<% displayformstart(form, page_info) diff --git a/app/acf-util/roles-html.lsp b/app/acf-util/roles-html.lsp index 090421f..32000af 100644 --- a/app/acf-util/roles-html.lsp +++ b/app/acf-util/roles-html.lsp @@ -1,9 +1,5 @@ <% local view= ... %> -<% --[[ - io.write(html.cfe_unpack(view)) ---]] %> -<% ---[[ %> <% if view.value.userid then %>

Roles/Permission list for <%= html.html_escape(view.value.userid.value) %>:

<% elseif view.value.role then %> @@ -20,9 +16,7 @@ end %> <% end %> -<% --]] %> -<% ---[[ %> <% if view.value.permissions then %> <% if view.value.userid then %>

<%= html.html_escape(view.value.userid.value) %>'s full permissions are

@@ -30,29 +24,36 @@

<%= html.html_escape(view.value.role.value) %>'s full permissions are

<% end %>
- <% local controllers = {} - -- It's nice to have it in alphabetical order - for cont in pairs(view.value.permissions.value) do - controllers[#controllers + 1] = cont - end - table.sort(controllers) - io.write("") - io.write("") - for x,cont in ipairs(controllers) do - print("
ControllerAction(s)
",html.html_escape(cont),"") - -- Again, alphabetical order - local actions = {} - for act in pairs(view.value.permissions.value[cont]) do - actions[#actions + 1] = act + + + <% local prefixes = {} + -- It's nice to have it in alphabetical order + for pref in pairs(view.value.permissions.value) do + prefixes[#prefixes + 1] = pref end - table.sort(actions) - for y,act in pairs(actions) do - print((html.html_escape(act))) + table.sort(prefixes) + for w,pref in ipairs(prefixes) do + local controllers = {} + -- Again, alphabetical order + for cont in pairs(view.value.permissions.value[pref]) do + controllers[#controllers + 1] = cont + end + table.sort(controllers) + for x,cont in ipairs(controllers) do + print("") + end end - io.write("") - end - io.write("
ControllerAction(s)
",html.html_escape(pref..cont),"") + -- Again, alphabetical order + local actions = {} + for act in pairs(view.value.permissions.value[pref][cont]) do + actions[#actions + 1] = act + end + table.sort(actions) + for y,act in pairs(actions) do + print((html.html_escape(act))) + end + io.write("
") - %> + %> +
<% end %> -<% --]] %> diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua index 79c1b14..6b12dd9 100644 --- a/app/acf-util/roles-model.lua +++ b/app/acf-util/roles-model.lua @@ -11,19 +11,22 @@ local get_all_permissions = function(self) local table_perm = {} local array_perm = {} for a,b in pairs(controllers) do - if nil == table_perm[b.sname] then - table_perm[b.sname] = {} + if nil == table_perm[b.prefix] then + table_perm[b.prefix] = {} + end + if nil == table_perm[b.prefix][b.sname] then + table_perm[b.prefix][b.sname] = {} end local temp = roles.get_controllers_func(self,b) for x,y in ipairs(temp) do - table_perm[b.sname][y] = {} - array_perm[#array_perm + 1] = b.sname .. ":" .. y + table_perm[b.prefix][b.sname][y] = {} + array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y end temp = roles.get_controllers_view(self,b) for x,y in ipairs(temp) do - if not table_perm[b.sname][y] then - table_perm[b.sname][y] = {} - array_perm[#array_perm + 1] = b.sname .. ":" .. y + if not table_perm[b.prefix][b.sname][y] then + table_perm[b.prefix][b.sname][y] = {} + array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y end end end diff --git a/app/acf-util/roles-viewroles-html.lsp b/app/acf-util/roles-viewroles-html.lsp index 3e818fb..68aac01 100644 --- a/app/acf-util/roles-viewroles-html.lsp +++ b/app/acf-util/roles-viewroles-html.lsp @@ -16,24 +16,26 @@

Existing roles

+ <% if view.value.default_roles then %> <% for x,role in pairs(view.value.default_roles.value) do %> -
<%= html.html_escape(role) %>
+ <% end %> <% end %> <% if view.value.defined_roles then %> <% table.sort(view.value.defined_roles.value) %> <% for x,role in pairs(view.value.defined_roles.value) do %> -
<%= html.html_escape(role) %>
+ <% end %> <% end %> +
<%= html.html_escape(role) %>
[View this role] [Edit this role] -
+
<%= html.html_escape(role) %>
[View this role] [Edit this role] [Delete this role] -
+
diff --git a/app/acf-util/welcome-controller.lua b/app/acf-util/welcome-controller.lua new file mode 100644 index 0000000..77735ec --- /dev/null +++ b/app/acf-util/welcome-controller.lua @@ -0,0 +1,10 @@ +-- A standin controller for testing +module (..., package.seeall) + +default_action = "read" + +read = function (self ) + return ( {self = self} ) +end + + diff --git a/app/acf-util/welcome-html.lsp b/app/acf-util/welcome-html.lsp new file mode 100644 index 0000000..88bc934 --- /dev/null +++ b/app/acf-util/welcome-html.lsp @@ -0,0 +1,9 @@ +<% view = ... %> +

Alpine Configuration Framework

+

Welcome.

+ +<% --[[ + io.write(html.cfe_unpack(view)) + io.write(html.cfe_unpack(FORM)) + io.write(html.cfe_unpack(ENV)) +--]] %> diff --git a/app/acf_cli-controller.lua b/app/acf_cli-controller.lua index e3f160d..d2b57e2 100644 --- a/app/acf_cli-controller.lua +++ b/app/acf_cli-controller.lua @@ -9,6 +9,7 @@ mvc.on_load = function (self, parent) self.conf.libdir = self.conf.libdir or ( self.conf.appdir .. "/lib/" ) self.conf.sessiondir = self.conf.sessiondir or "/tmp/" self.conf.script = "" + self.conf.default_prefix = "/acf-util/" self.conf.default_controller = "welcome" parent_exception_handler = parent.exception_handler diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua index e71ba4f..12a7a43 100644 --- a/app/acf_www-controller.lua +++ b/app/acf_www-controller.lua @@ -34,12 +34,12 @@ local function build_menus(self) local cat = cats[x] for y = #cat.groups,1,-1 do local group = cat.groups[y] - if nil == permissions[group.controller] then + if nil == permissions[group.prefix] or nil == permissions[group.prefix][group.controller] then table.remove(cat.groups, y) else for z = #group.tabs,1,-1 do local tab = group.tabs[z] - if nil == permissions[group.controller][tab.action] then + if nil == permissions[group.prefix][group.controller][tab.action] then table.remove(group.tabs, z) end end @@ -59,12 +59,12 @@ local function build_menus(self) self.sessiondata.menu.timestamp = {tab="Menu_created: " .. os.date(),action="Menu_created: " .. os.date(),} end -local check_permission = function(self, controller, action) - --logevent("Trying " .. (controller or "nil") .. ":" .. (action or "nil")) +local check_permission = function(self, prefix, controller, action) + --logevent("Trying "..(prefix or "/")..(controller or "nil").."/"..(action or "nil")) if nil == self.sessiondata.permissions then return false end - if controller then - if nil == self.sessiondata.permissions[controller] then return false end - if action and nil == self.sessiondata.permissions[controller][action] then return false end + if prefix and controller then + if nil == self.sessiondata.permissions[prefix] or nil == self.sessiondata.permissions[prefix][controller] then return false end + if action and nil == self.sessiondata.permissions[prefix][controller][action] then return false end end return true end @@ -77,7 +77,7 @@ local check_permission_string = function (self, str) if "" == action then action = rawget(self.worker, "default_action") or "" end - return check_permission(self, controller, action) + return check_permission(self, prefix, controller, action) end -- look for a template @@ -231,7 +231,7 @@ mvc.on_load = function (self, parent) self.conf.libdir = self.conf.libdir or ( self.conf.appdir .. "/lib/" ) self.conf.sessiondir = self.conf.sessiondir or "/tmp/" self.conf.script = ENV.SCRIPT_NAME - self.conf.default_prefix = "/" + self.conf.default_prefix = "/acf-util/" self.conf.default_controller = self.conf.default_controller or "welcome" self.clientdata = FORM self.conf.clientip = ENV.REMOTE_ADDR @@ -394,7 +394,7 @@ dispatch = function (self, userprefix, userctlr, useraction) end if "" ~= self.conf.controller then -- We now know the controller / action combo, check if we're allowed to do it - local perm = check_permission(self, self.conf.controller) + local perm = check_permission(self, self.conf.prefix, self.conf.controller) local worker_loaded = false if perm then @@ -404,7 +404,7 @@ dispatch = function (self, userprefix, userctlr, useraction) local default_action = rawget(controller.worker, "default_action") or "" if self.conf.action == "" then self.conf.action = default_action end if "" ~= self.conf.action then - local perm = check_permission(controller, self.conf.controller, self.conf.action) + local perm = check_permission(controller, self.conf.prefix, self.conf.controller, self.conf.action) -- Because of the inheritance, normally the -- controller.worker.action will flow up, so that all children have -- actions of all parents. We use rawget to make sure that only @@ -428,7 +428,7 @@ dispatch = function (self, userprefix, userctlr, useraction) -- If the controller or action are missing, display an error view if nil == controller then -- If we have a view w/o an action, just display the view (passing in the clientdata) - if (not self.conf.suppress_view) and has_view(self) and check_permission(self, self.conf.controller, self.conf.action) then + if (not self.conf.suppress_view) and has_view(self) and check_permission(self, self.conf.prefix, self.conf.controller, self.conf.action) then viewtable = self.clientdata else origconf.type = "dispatch" diff --git a/app/template-html.lsp b/app/template-html.lsp index 5af16c7..c1aeafd 100644 --- a/app/template-html.lsp +++ b/app/template-html.lsp @@ -74,13 +74,13 @@ end for x,cat in ipairs(session.menu.cats) do io.write (string.format("\n\t\t\t\t
  • %s\n\t\t\t\t\t" ) diff --git a/app/welcome-controller.lua b/app/welcome-controller.lua deleted file mode 100644 index 77735ec..0000000 --- a/app/welcome-controller.lua +++ /dev/null @@ -1,10 +0,0 @@ --- A standin controller for testing -module (..., package.seeall) - -default_action = "read" - -read = function (self ) - return ( {self = self} ) -end - - diff --git a/app/welcome-html.lsp b/app/welcome-html.lsp deleted file mode 100644 index 88bc934..0000000 --- a/app/welcome-html.lsp +++ /dev/null @@ -1,9 +0,0 @@ -<% view = ... %> -

    Alpine Configuration Framework

    -

    Welcome.

    - -<% --[[ - io.write(html.cfe_unpack(view)) - io.write(html.cfe_unpack(FORM)) - io.write(html.cfe_unpack(ENV)) ---]] %> diff --git a/lib/menubuilder.lua b/lib/menubuilder.lua index 5b9509b..975c31a 100644 --- a/lib/menubuilder.lua +++ b/lib/menubuilder.lua @@ -64,7 +64,7 @@ get_menuitems = function (startdir) startdir = (string.gsub(startdir, "/$", "")) --remove trailing / for k,filename in pairs(get_candidates(startdir)) do local controller = mvc.basename(filename, ".menu") - local prefix = (string.gsub(mvc.dirname(filename), startdir, "")) + local prefix = (string.gsub(mvc.dirname(filename), startdir, "")).."/" -- open the menu file, and parse the contents local handle = io.open(filename) diff --git a/lib/roles.lua b/lib/roles.lua index 1ca8ae2..b554aea 100644 --- a/lib/roles.lua +++ b/lib/roles.lua @@ -34,10 +34,11 @@ get_controllers = function(self,controller) local temp = {} for k,v in pairs(list) do path = string.match(v,"[/%w_-]+/") + prefix = string.match(path,"/[^/]+/$") filename = string.match(v,"[^/]*.lua") name = string.match(filename,"[^.]*") sname = string.match(filename,"[^-]*") - temp[sname] = {path=path,filename=filename,name=name,sname=sname} + temp[sname] = {path=path,prefix=prefix,filename=filename,name=name,sname=sname} end if controller then return temp[controller] @@ -118,34 +119,38 @@ list_all_roles = function(self) return default_roles end --- Go through the roles files and determine the permissions for the specified list of roles (including guest) -get_roles_perm = function(self,roles) - permissions = {} - permissions_array = {} +-- Go through the roles files and determine the permissions for the specified list of roles +local determine_perms = function(self,roles) + local permissions = {} + local permissions_array = {} + local default_permissions_array = {} local reverseroles = {} for x,role in ipairs(roles) do reverseroles[role] = x end - reverseroles[guest_role] = 0 -- always include guest role -- find all of the default roles files and parse them local rolesfiles = get_roles_candidates(self.conf.appdir) for x,file in ipairs(rolesfiles) do + local prefix = string.match(file, "(/[^/]+/)[^/]+$") or "/" + permissions[prefix] = permissions[prefix] or {} f = fs.read_file_as_array(file) or {} for y,line in pairs(f) do if reverseroles[string.match(line,"^[%w_]+")] then - temp = format.string_to_table(string.match(line,"[,%w_:]+$"),",") + temp = format.string_to_table(string.match(line,"[,%w_:/]+$"),",") for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") + -- we'll allow for : or / to not break old format + local control,action = string.match(perm,"([%w_]+)[:/]([%w_]+)") if control then - if nil == permissions[control] then - permissions[control] = {} + if nil == permissions[prefix][control] then + permissions[prefix][control] = {} end if action then - permissions[control][action] = {file} - permissions_array[#permissions_array + 1] = control .. ":" .. action + permissions[prefix][control][action] = {file} + permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action + default_permissions_array[#default_permissions_array + 1] = prefix .. control .. "/" .. action end end end @@ -159,73 +164,33 @@ get_roles_perm = function(self,roles) if reverseroles[entry.id] then temp = format.string_to_table(entry.entry, ",") for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") + local prefix,control,action = mvc.parse_path_info(perm) if control then - if nil == permissions[control] then - permissions[control] = {} + if nil == permissions[prefix] then + permissions[prefix] = {} end - if action then - permissions[control][action] = {} - permissions_array[#permissions_array + 1] = control .. ":" .. action + if nil == permissions[prefix][control] then + permissions[prefix][control] = {} end + permissions[prefix][control][action] = {} + permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action end end end end - return permissions, permissions_array + return permissions, permissions_array, default_permissions_array +end + +-- Go through the roles files and determine the permissions for the specified list of roles (including guest) +get_roles_perm = function(self,roles) + roles[#roles+1] = guest_role + return determine_perms(self, roles) end -- Go through the roles files and determine the permissions for the specified role get_role_perm = function(self,role) - permissions = {} - permissions_array = {} - default_permissions_array = {} - - -- find all of the default roles files and parse them - local rolesfiles = get_roles_candidates(self.conf.appdir) - - for x,file in ipairs(rolesfiles) do - f = fs.read_file_as_array(file) or {} - for y,line in pairs(f) do - if role == string.match(line,"^[%w_]+") then - temp = format.string_to_table(string.match(line,"[,%w_:]+$"),",") - for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") - if control then - if nil == permissions[control] then - permissions[control] = {} - end - if action then - permissions[control][action] = {file} - permissions_array[#permissions_array + 1] = control .. ":" .. action - default_permissions_array[#default_permissions_array + 1] = control .. ":" .. action - end - end - end - end - end - end - - -- then look in the user-editable roles - local entry = authenticator.auth.read_entry(self, authenticator.roletable, "", role) - if entry then - temp = format.string_to_table(entry, ",") - for z,perm in pairs(temp) do - local control,action = string.match(perm,"([%w_]+):([%w_]+)") - if control then - if nil == permissions[control] then - permissions[control] = {} - end - if action then - permissions[control][action] = {} - permissions_array[#permissions_array + 1] = control .. ":" .. action - end - end - end - end - - return permissions, permissions_array, default_permissions_array + return determine_perms(self, {role}) end -- Delete a role from role file @@ -247,9 +212,11 @@ set_role_perm = function(self, role, permissions, permissions_array) end if permissions and not permissions_array then permissions_array = {} - for cont,actions in pairs(permissions) do - for action in pairs(actions) do - permissions_array[#permissions_array + 1] = cont .. ":" .. action + for prefix,contrllrs in pairs(permissions) do + for cont,actions in pairs(contrllrs) do + for action in pairs(actions) do + permissions_array[#permissions_array + 1] = prefix .. cont .. "/" .. action + end end end end -- cgit v1.2.3