From 3eecd1d2d435332a27e1712cdb352391ffaa0b9d Mon Sep 17 00:00:00 2001 From: Ted Trask Date: Fri, 2 May 2008 21:07:27 +0000 Subject: Updated roles git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1099 ab2d0c66-481e-0410-8bed-d214d4d58bed --- app/acf-util/password-controller.lua | 18 ------ app/acf-util/password-html.lsp | 1 - app/acf-util/password-model.lua | 6 +- app/acf-util/roles-controller.lua | 113 ++++++++++++++++++++++++++++++++-- app/acf-util/roles-editrole-html.lsp | 20 ++++++ app/acf-util/roles-html.lsp | 20 ++++-- app/acf-util/roles-newrole-html.lsp | 20 ++++++ app/acf-util/roles-viewroles-html.lsp | 43 +++++++++++++ app/acf-util/roles.menu | 4 ++ 9 files changed, 214 insertions(+), 31 deletions(-) create mode 100644 app/acf-util/roles-editrole-html.lsp create mode 100644 app/acf-util/roles-newrole-html.lsp create mode 100644 app/acf-util/roles-viewroles-html.lsp create mode 100755 app/acf-util/roles.menu (limited to 'app/acf-util') diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua index 1d3aa7a..809e766 100755 --- a/app/acf-util/password-controller.lua +++ b/app/acf-util/password-controller.lua @@ -29,15 +29,6 @@ function edituser(self) if self.clientdata.password == "" then self.clientdata.password = nil end if self.clientdata.password_confirm == "" then self.clientdata.password_confirm = nil end - -- FIXME this is because multi selects don't work in haserl - if self.clientdata.roles then - local newroles = {} - for x,role in pairs(self.clientdata.roles) do - newroles[#newroles + 1] = role - end - self.clientdata.roles = newroles - end - -- Update userinfo local output = self.model.update_user(self, self.clientdata, false) @@ -51,15 +42,6 @@ function edituser(self) end function newuser(self) - -- FIXME this is because multi selects don't work in haserl - if self.clientdata.roles then - local newroles = {} - for x,role in pairs(self.clientdata.roles) do - newroles[#newroles + 1] = role - end - self.clientdata.roles = newroles - end - -- Update userinfo local output = self.model.update_user(self, self.clientdata, true) diff --git a/app/acf-util/password-html.lsp b/app/acf-util/password-html.lsp index a11d9e3..9de2d4f 100755 --- a/app/acf-util/password-html.lsp +++ b/app/acf-util/password-html.lsp @@ -4,7 +4,6 @@ --[[ DEBUG INFORMATION io.write("

DEBUGGING

DEBUG INFO: CFE

") io.write(html.cfe_unpack(form)) -io.write(html.cfe_unpack(ENV)) io.write(html.cfe_unpack(FORM)) io.write("") --]] diff --git a/app/acf-util/password-model.lua b/app/acf-util/password-model.lua index 553abca..e3d58f1 100755 --- a/app/acf-util/password-model.lua +++ b/app/acf-util/password-model.lua @@ -37,9 +37,6 @@ function update_user(self, clientdata, newuser) end userinfo = userinfo or {} - -- Get list of available roles - local avail_roles=auth.list_roles() - config.userid = cfe({ label="User id", value=(userinfo.userid or clientdata.userid or ""), @@ -54,7 +51,7 @@ function update_user(self, clientdata, newuser) label="Roles", value=(userinfo.roles or clientdata.roles or {}), type="multi", - option=avail_roles, + option=auth.list_roles(), errtxt = errormessage.roles }) config.password = cfe({ @@ -73,6 +70,7 @@ function get_users(self) --List all users and their userinfo local users = {} local userlist = auth.list_users(self) + for x,user in pairs(userlist) do local userinfo = auth.get_userinfo(self,user) users[user] = cfe({ diff --git a/app/acf-util/roles-controller.lua b/app/acf-util/roles-controller.lua index 4363cb6..1d69b8b 100644 --- a/app/acf-util/roles-controller.lua +++ b/app/acf-util/roles-controller.lua @@ -5,6 +5,25 @@ module (..., package.seeall) auth = require("authenticator-plaintext") roll = require("roles") +local get_all_permissions = function(self) + -- need to get a list of all the controllers + controllers = roles.get_controllers(self) + local table_perm = {} + local array_perm = {} + for a,b in pairs(controllers) do + if nil == table_perm[b.sname] then + table_perm[b.sname] = {} + end + temp = roles.get_controllers_func(self,b) + for x,y in ipairs(temp) do + table_perm[b.sname][y] = {} + array_perm[#array_perm + 1] = b.sname .. ":" .. y + end + end + + return table_perm, array_perm +end + default_action = "read" -- Return your own roles/permissions @@ -16,7 +35,7 @@ read = function(self) end -- Return roles/permissions for specified user -viewroles = function(self) +viewuserroles = function(self) if not (self.clientdata.userid) then redirect(self) end @@ -27,7 +46,7 @@ viewroles = function(self) end -- Return permissions for specified role -viewperms = function(self) +viewroleperms = function(self) if not (self.clientdata.role) then redirect(self, "getlist") end @@ -37,6 +56,92 @@ viewperms = function(self) end -- Return list of all permissions -getlist = function(self) - return cfe({ type="group", value={permissions=self.model:getcont(self)} }) +getpermslist = function(self) + permissions = cfe({ type="table", value=get_all_permissions(self), label="All Permissions" }) + return cfe({ type="group", value={permissions=permissions} }) +end + +viewroles = function(self) + -- Get command result out of session data + local cmdresult = self.sessiondata.cmdresult + self.sessiondata.cmdresult = nil + + local defined_roles, default_roles = roll.list_roles() + local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" }) + local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" }) + + return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe, cmdresult=cmdresult} }) +end + +local setpermissions = function(self, role, permissions, newrole) + local errtxt + local my_perms = {} + if permissions then + -- we're changing permissions + local result = true + if newrole then + -- make sure not overwriting role + for x,ro in ipairs(roles.list_roles()) do + if role==ro then + result = false + errtxt = "Role already exists" + break + end + end + end + if result==true then + result, errtxt = roles.set_role_perm(role, nil, permissions) + end + my_perms = self.clientdata.permissions + else + if role then + tmp, my_perms = roles.get_role_perm(self.conf.appdir, role) + else + role = "" + end + end + + local tmp, all_perms = get_all_permissions(self) + table.sort(all_perms) + + local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" }) + local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt }) + + return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} }) +end + +newrole = function(self) + local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, true) + form.type = "form" + form.label = "Edit new role" + if form.value.role.errtxt then + form.errtxt = "Failed to create role" + elseif self.clientdata.permissions then + -- If we have permissions, we tried to set + local cmdresult = cfe({ value="New role created" }) + self.sessiondata.cmdresult = cmdresult + redirect(self, "viewroles") + end + return form +end + +editrole = function(self) + local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, false) + form.type = "form" + form.label = "Edit role" + if form.value.role.errtxt then + form.errtxt = "Failed to save role" + elseif self.clientdata.permissions then + -- If we have permissions, we tried to set + local cmdresult = cfe({ value="Role saved" }) + self.sessiondata.cmdresult = cmdresult + redirect(self, "viewroles") + end + return form +end + +deleterole = function(self) + local result, cmdresult = roles.delete_role(self.clientdata.role) + self.sessiondata.cmdresult = cfe({ value=cmdresult }) + redirect(self, "viewroles") end diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp new file mode 100644 index 0000000..bf42f28 --- /dev/null +++ b/app/acf-util/roles-editrole-html.lsp @@ -0,0 +1,20 @@ + + + + +

+ + diff --git a/app/acf-util/roles-html.lsp b/app/acf-util/roles-html.lsp index 4a23c25..2f4c8b1 100644 --- a/app/acf-util/roles-html.lsp +++ b/app/acf-util/roles-html.lsp @@ -27,10 +27,22 @@

's full permissions are

- ",x,"") - for y,act in pairs(cont) do - print(y) + ",cont,"") + -- Again, alphabetical order + local actions = {} + for act in pairs(view.value.permissions.value[cont]) do + actions[#actions + 1] = act + end + table.sort(actions) + for y,act in pairs(actions) do + print(act) end print("
") end ?> diff --git a/app/acf-util/roles-newrole-html.lsp b/app/acf-util/roles-newrole-html.lsp new file mode 100644 index 0000000..bf42f28 --- /dev/null +++ b/app/acf-util/roles-newrole-html.lsp @@ -0,0 +1,20 @@ + + + + +

+ + diff --git a/app/acf-util/roles-viewroles-html.lsp b/app/acf-util/roles-viewroles-html.lsp new file mode 100644 index 0000000..a98f5b9 --- /dev/null +++ b/app/acf-util/roles-viewroles-html.lsp @@ -0,0 +1,43 @@ + + + + +

ROLES

+ + +

Command Result

+
+ + +

Create new role

+
+
+
+ +

Existing roles

+ +
+ +
+
+ [View this role] +
+ +
+ + +
+ + +
+
+ [View this role] + [Edit this role] + [Delete this role] +
+ +
+ + diff --git a/app/acf-util/roles.menu b/app/acf-util/roles.menu new file mode 100755 index 0000000..7bcca30 --- /dev/null +++ b/app/acf-util/roles.menu @@ -0,0 +1,4 @@ +#CAT GROUP/DESC TAB ACTION +System 02Roles_management Administration viewroles +System 02Roles_management My_Roles read + -- cgit v1.2.3