From 4ebeb9d3bc2f123f93338bcc8b15ef1723d4eb35 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Mon, 21 Dec 2009 16:46:20 +0000
Subject: Modified permissions from controller:action to
 prefix/controller/action.

Had to move welcome to the acf-util prefix.
Changed format of roles files: old ACF format will still work, but authenticator format won't.
---
 app/Makefile                          |  4 +--
 app/acf-util/acf-util.roles           |  6 ++--
 app/acf-util/logon-controller.lua     |  8 ++---
 app/acf-util/roles-editrole-html.lsp  |  4 ---
 app/acf-util/roles-html.lsp           | 57 ++++++++++++++++++-----------------
 app/acf-util/roles-model.lua          | 17 ++++++-----
 app/acf-util/roles-viewroles-html.lsp | 10 +++---
 app/acf-util/welcome-controller.lua   | 10 ++++++
 app/acf-util/welcome-html.lsp         |  9 ++++++
 app/acf_cli-controller.lua            |  1 +
 app/acf_www-controller.lua            | 24 +++++++--------
 app/template-html.lsp                 |  4 +--
 app/welcome-controller.lua            | 10 ------
 app/welcome-html.lsp                  |  9 ------
 14 files changed, 88 insertions(+), 85 deletions(-)
 create mode 100644 app/acf-util/welcome-controller.lua
 create mode 100644 app/acf-util/welcome-html.lsp
 delete mode 100644 app/welcome-controller.lua
 delete mode 100644 app/welcome-html.lsp

(limited to 'app')

diff --git a/app/Makefile b/app/Makefile
index ba4258a..4c5a7aa 100644
--- a/app/Makefile
+++ b/app/Makefile
@@ -18,13 +18,13 @@ APP_DIST= \
 	acf-util/password-model.lua \
 	acf-util/password-status-html.lsp \
 	acf-util/password.menu \
+	acf-util/welcome-controller.lua\
+	acf-util/welcome-html.lsp\
 	acf_www-controller.lua\
 	acf_cli-controller.lua\
 	menuhints.menu\
 	template-html.lsp\
 	template-stream.lsp\
-	welcome-controller.lua\
-	welcome-html.lsp\
 	dispatcherror-html.lsp\
 	exception-html.lsp\
 	status-html.lsp\
diff --git a/app/acf-util/acf-util.roles b/app/acf-util/acf-util.roles
index b31297c..7433fcc 100644
--- a/app/acf-util/acf-util.roles
+++ b/app/acf-util/acf-util.roles
@@ -1,4 +1,4 @@
-GUEST=logon:logon,logon:logout,logon:status,welcome:read
-USER=password:editme,roles:read
+GUEST=logon/logon,logon/logout,logon/status,welcome/read
+USER=password/editme,roles/read
 EXPERT=
-ADMIN=logon:logon,logon:logout,logon:status,password:editme,password:status,password:edituser,password:newuser,password:deleteuser,roles:read,roles:getpermslist,roles:viewuserroles,roles:viewroleperms,roles:viewroles,roles:editrole,roles:deleterole,roles:newrole,welcome:read,password:status,password:edituser,password:newuser,password:deleteuser,roles:getpermslist,roles:viewuserroles,roles:viewroleperms,roles:viewroles,roles:editrole,roles:deleterole,roles:newrole
+ADMIN=logon/logon,logon/logout,logon/status,password/editme,password/status,password/edituser,password/newuser,password/deleteuser,roles/read,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole,welcome/read,password/status,password/edituser,password/newuser,password/deleteuser,roles/getpermslist,roles/viewuserroles,roles/viewroleperms,roles/viewroles,roles/editrole,roles/deleterole,roles/newrole
diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua
index d71d257..f1fa93d 100644
--- a/app/acf-util/logon-controller.lua
+++ b/app/acf-util/logon-controller.lua
@@ -9,17 +9,17 @@ logon = function(self)
 	-- If there are no users defined, add privileges and dispatch password/newuser
 	local users = self.model:list_users()
 	if #users.value == 0 then
-		self.sessiondata.permissions.password = {}
-		self.sessiondata.permissions.password.newuser = {"temp"}
+		self.sessiondata.permissions[self.conf.prefix].password = {}
+		self.sessiondata.permissions[self.conf.prefix].password.newuser = {"temp"}
 		self:dispatch(self.conf.prefix, "password", "newuser")
-		self.sessiondata.permissions.password = nil
+		self.sessiondata.permissions[self.conf.prefix].password = nil
 		self.conf.suppress_view = true
 		return
 	end
 
 	local userid = cfe({ value=clientdata.userid or "", label="User ID" })
 	local password = cfe({ label="Password" })
-	local redir = cfe({ value=clientdata.redir or "/welcome/read", label="" })
+	local redir = cfe({ value=clientdata.redir or "welcome/read", label="" })
 	local cmdresult = cfe({ type="form", value={userid=userid, password=password, redir=redir}, label="Logon", option="Logon" })
 	if clientdata.Logon then
 		local logonredirect = self.sessiondata.logonredirect
diff --git a/app/acf-util/roles-editrole-html.lsp b/app/acf-util/roles-editrole-html.lsp
index cec9af0..5d1582f 100644
--- a/app/acf-util/roles-editrole-html.lsp
+++ b/app/acf-util/roles-editrole-html.lsp
@@ -1,10 +1,6 @@
 <% local form, viewtable, page_info = ... %> 
 <% require("viewfunctions") %>
 
-<% --[[
-	io.write(html.cfe_unpack(form))
---]] %>
-
 <H1><%= html.html_escape(form.label) %></H1>
 <%
 	displayformstart(form, page_info)
diff --git a/app/acf-util/roles-html.lsp b/app/acf-util/roles-html.lsp
index 090421f..32000af 100644
--- a/app/acf-util/roles-html.lsp
+++ b/app/acf-util/roles-html.lsp
@@ -1,9 +1,5 @@
 <% local view= ... %> 
-<% --[[
-	io.write(html.cfe_unpack(view))
---]] %>
 
-<% ---[[ %>
 <% if view.value.userid then %>
 	<H1>Roles/Permission list for <%= html.html_escape(view.value.userid.value) %>:</H1>
 <% elseif view.value.role then %>
@@ -20,9 +16,7 @@
 	end %>
 	</DL>
 <% end %>
-<% --]] %>
 
-<% ---[[ %>
 <% if view.value.permissions then %>
 	<% if view.value.userid then %>
 		<H2><%= html.html_escape(view.value.userid.value) %>'s full permissions are</H2>
@@ -30,29 +24,36 @@
 		<H2><%= html.html_escape(view.value.role.value) %>'s full permissions are</H2>
 	<% end %>
 	<DL>
-	<% local controllers = {}
-	   -- It's nice to have it in alphabetical order
-	   for cont in pairs(view.value.permissions.value) do
-		controllers[#controllers + 1] = cont
-	   end
-	   table.sort(controllers)
-	   io.write("<TABLE>")
-	   io.write("<TR><TD CLASS='header'>Controller</TD><TD CLASS='header'>Action(s)</TD>")
-	   for x,cont in ipairs(controllers) do
-		print("<TR><TD STYLE='font-weight:bold;'>",html.html_escape(cont),"</TD><TD>")
-		-- Again, alphabetical order
-		local actions = {}
-		for act in pairs(view.value.permissions.value[cont]) do
-			actions[#actions + 1] = act
+	<TABLE>
+		<TR><TD CLASS='header'>Controller</TD><TD CLASS='header'>Action(s)</TD></TR>
+		<% local prefixes = {}
+		-- It's nice to have it in alphabetical order
+		for pref in pairs(view.value.permissions.value) do
+			prefixes[#prefixes + 1] = pref
 		end
-		table.sort(actions)
-		for y,act in pairs(actions) do
-			print((html.html_escape(act)))
+		table.sort(prefixes)
+		for w,pref in ipairs(prefixes) do
+			local controllers = {}
+			-- Again, alphabetical order
+			for cont in pairs(view.value.permissions.value[pref]) do
+				controllers[#controllers + 1] = cont
+			end
+			table.sort(controllers)
+			for x,cont in ipairs(controllers) do
+				print("<TR><TD STYLE='font-weight:bold;'>",html.html_escape(pref..cont),"</TD><TD>")
+				-- Again, alphabetical order
+				local actions = {}
+				for act in pairs(view.value.permissions.value[pref][cont]) do
+					actions[#actions + 1] = act
+				end
+				table.sort(actions)
+				for y,act in pairs(actions) do
+					print((html.html_escape(act)))
+				end
+				io.write("<TD></TR>")
+			end
 		end
-		io.write("<TD></TR>")
-	    end
-	    io.write("</TABLE>")
-	    %>
+		%>
+	</TABLE>
 	</DL>
 <% end %>
-<% --]] %>
diff --git a/app/acf-util/roles-model.lua b/app/acf-util/roles-model.lua
index 79c1b14..6b12dd9 100644
--- a/app/acf-util/roles-model.lua
+++ b/app/acf-util/roles-model.lua
@@ -11,19 +11,22 @@ local get_all_permissions = function(self)
 	local table_perm = {}
 	local array_perm = {}
 	for a,b in pairs(controllers) do
-		if nil == table_perm[b.sname] then
-			table_perm[b.sname] = {}
+		if nil == table_perm[b.prefix] then
+			table_perm[b.prefix] = {}
+		end
+		if nil == table_perm[b.prefix][b.sname] then
+			table_perm[b.prefix][b.sname] = {}
 		end
 		local temp = roles.get_controllers_func(self,b)
 		for x,y in ipairs(temp) do
-			table_perm[b.sname][y] = {}
-			array_perm[#array_perm + 1] = b.sname .. ":" .. y
+			table_perm[b.prefix][b.sname][y] = {}
+			array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y
 		end
 		temp = roles.get_controllers_view(self,b)
 		for x,y in ipairs(temp) do
-			if not table_perm[b.sname][y] then
-				table_perm[b.sname][y] = {}
-				array_perm[#array_perm + 1] = b.sname .. ":" .. y
+			if not table_perm[b.prefix][b.sname][y] then
+				table_perm[b.prefix][b.sname][y] = {}
+				array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y
 			end
 		end
 	end
diff --git a/app/acf-util/roles-viewroles-html.lsp b/app/acf-util/roles-viewroles-html.lsp
index 3e818fb..68aac01 100644
--- a/app/acf-util/roles-viewroles-html.lsp
+++ b/app/acf-util/roles-viewroles-html.lsp
@@ -16,24 +16,26 @@
 
 <H2>Existing roles</H2>
 <DL>
+<TABLE>
 <% if view.value.default_roles then %>
 	<% for x,role in pairs(view.value.default_roles.value) do %>
-		<dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= html.html_escape(role) %></dt>
+		<TR><TD><dt><img src='/skins/static/tango/16x16/categories/applications-system.png' height='16' width='16'> <%= html.html_escape(role) %></dt>
 		<dd>
 		[<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>]
 		[<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>]
-		</dd>
+		</dd></TD></TR>
 	<% end %>
 <% end %>
 <% if view.value.defined_roles then %>
 	<% table.sort(view.value.defined_roles.value) %>
 	<% for x,role in pairs(view.value.defined_roles.value) do %>
-		<dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= html.html_escape(role) %></dt>
+		<TR><TD><dt><img src='/skins/static/tango/16x16/apps/system-users.png' height='16' width='16'> <%= html.html_escape(role) %></dt>
 		<dd>
 		[<a href='viewroleperms?role=<%= html.html_escape(role) %>'>View this role</a>]
 		[<a href='editrole?role=<%= html.html_escape(role) %>&redir=<%= html.html_escape(page_info.orig_action) %>'>Edit this role</a>]
 		[<a href='deleterole?role=<%= html.html_escape(role) %>'>Delete this role</a>]
-		</dd>
+		</dd></TD></TR>
 	<% end %>
 <% end %>
+</TABLE>
 </DL>
diff --git a/app/acf-util/welcome-controller.lua b/app/acf-util/welcome-controller.lua
new file mode 100644
index 0000000..77735ec
--- /dev/null
+++ b/app/acf-util/welcome-controller.lua
@@ -0,0 +1,10 @@
+-- A standin controller for testing
+module (..., package.seeall)
+
+default_action = "read"
+
+read = function (self )
+	return ( {self = self} )
+end
+
+
diff --git a/app/acf-util/welcome-html.lsp b/app/acf-util/welcome-html.lsp
new file mode 100644
index 0000000..88bc934
--- /dev/null
+++ b/app/acf-util/welcome-html.lsp
@@ -0,0 +1,9 @@
+<% view = ... %>
+<h1>Alpine Configuration Framework</h1>
+<DL><p>Welcome.</p></DL>
+
+<% --[[
+	io.write(html.cfe_unpack(view))
+	io.write(html.cfe_unpack(FORM))
+	io.write(html.cfe_unpack(ENV))
+--]] %>
diff --git a/app/acf_cli-controller.lua b/app/acf_cli-controller.lua
index e3f160d..d2b57e2 100644
--- a/app/acf_cli-controller.lua
+++ b/app/acf_cli-controller.lua
@@ -9,6 +9,7 @@ mvc.on_load = function (self, parent)
 	self.conf.libdir = self.conf.libdir or ( self.conf.appdir .. "/lib/" )
 	self.conf.sessiondir = self.conf.sessiondir or "/tmp/"
 	self.conf.script = ""
+	self.conf.default_prefix = "/acf-util/"	
 	self.conf.default_controller = "welcome"	
 
 	parent_exception_handler = parent.exception_handler
diff --git a/app/acf_www-controller.lua b/app/acf_www-controller.lua
index e71ba4f..12a7a43 100644
--- a/app/acf_www-controller.lua
+++ b/app/acf_www-controller.lua
@@ -34,12 +34,12 @@ local function build_menus(self)
 		local cat = cats[x]
 		for y = #cat.groups,1,-1 do
 			local group = cat.groups[y]
-			if nil == permissions[group.controller] then
+			if nil == permissions[group.prefix] or nil == permissions[group.prefix][group.controller] then
 				table.remove(cat.groups, y)
 			else
 				for z = #group.tabs,1,-1 do
 					local tab = group.tabs[z]
-					if nil == permissions[group.controller][tab.action] then
+					if nil == permissions[group.prefix][group.controller][tab.action] then
 						table.remove(group.tabs, z)
 					end
 				end
@@ -59,12 +59,12 @@ local function build_menus(self)
 	self.sessiondata.menu.timestamp = {tab="Menu_created: " .. os.date(),action="Menu_created: " .. os.date(),}
 end
 
-local check_permission = function(self, controller, action)
-	--logevent("Trying " .. (controller or "nil") .. ":" .. (action or "nil"))
+local check_permission = function(self, prefix, controller, action)
+	--logevent("Trying "..(prefix or "/")..(controller or "nil").."/"..(action or "nil"))
 	if nil == self.sessiondata.permissions then return false end
-	if controller then
-		if nil == self.sessiondata.permissions[controller] then return false end
-		if action and nil == self.sessiondata.permissions[controller][action] then return false end
+	if prefix and controller then
+		if nil == self.sessiondata.permissions[prefix] or nil == self.sessiondata.permissions[prefix][controller] then return false end
+		if action and nil == self.sessiondata.permissions[prefix][controller][action] then return false end
 	end
 	return true
 end
@@ -77,7 +77,7 @@ local check_permission_string = function (self, str)
 	if "" == action then
 		action = rawget(self.worker, "default_action") or ""
 	end
-	return check_permission(self, controller, action)
+	return check_permission(self, prefix, controller, action)
 end
 
 -- look for a template
@@ -231,7 +231,7 @@ mvc.on_load = function (self, parent)
 	self.conf.libdir = self.conf.libdir or ( self.conf.appdir .. "/lib/" )
 	self.conf.sessiondir = self.conf.sessiondir or "/tmp/"
 	self.conf.script = ENV.SCRIPT_NAME
-	self.conf.default_prefix = "/"
+	self.conf.default_prefix = "/acf-util/"
 	self.conf.default_controller = self.conf.default_controller or "welcome"
 	self.clientdata = FORM
 	self.conf.clientip = ENV.REMOTE_ADDR
@@ -394,7 +394,7 @@ dispatch = function (self, userprefix, userctlr, useraction)
 	end
 	if "" ~= self.conf.controller then
 		-- We now know the controller / action combo, check if we're allowed to do it
-		local perm = check_permission(self, self.conf.controller)
+		local perm = check_permission(self, self.conf.prefix, self.conf.controller)
 		local worker_loaded = false
 
 		if perm then
@@ -404,7 +404,7 @@ dispatch = function (self, userprefix, userctlr, useraction)
 			local default_action = rawget(controller.worker, "default_action") or ""
 			if self.conf.action == "" then self.conf.action = default_action end
 			if "" ~= self.conf.action then
-				local perm = check_permission(controller, self.conf.controller, self.conf.action)
+				local perm = check_permission(controller, self.conf.prefix, self.conf.controller, self.conf.action)
 				-- Because of the inheritance, normally the 
 				-- controller.worker.action will flow up, so that all children have
 				-- actions of all parents.  We use rawget to make sure that only
@@ -428,7 +428,7 @@ dispatch = function (self, userprefix, userctlr, useraction)
 	-- If the controller or action are missing, display an error view
 	if nil == controller then
 		-- If we have a view w/o an action, just display the view (passing in the clientdata)
-		if (not self.conf.suppress_view) and has_view(self) and check_permission(self, self.conf.controller, self.conf.action) then
+		if (not self.conf.suppress_view) and has_view(self) and check_permission(self, self.conf.prefix, self.conf.controller, self.conf.action) then
 			viewtable = self.clientdata
 		else
 			origconf.type = "dispatch"
diff --git a/app/template-html.lsp b/app/template-html.lsp
index 5af16c7..c1aeafd 100644
--- a/app/template-html.lsp
+++ b/app/template-html.lsp
@@ -74,13 +74,13 @@ end
 			for x,cat in ipairs(session.menu.cats) do
 				io.write (string.format("\n\t\t\t\t<li>%s\n\t\t\t\t\t<ul>\n", html.html_escape(cat.name)))	--start row
 				for y,group in ipairs(cat.groups) do
-					if pageinfo.prefix == group.prefix .. '/' and pageinfo.controller == group.controller then
+					if pageinfo.prefix == group.prefix and pageinfo.controller == group.controller then
 						class="class='selected'"
 						tabs = group.tabs
 					else
 						class=""
 					end
-					io.write (string.format("\t\t\t\t\t\t<li %s><a href=\"%s%s/%s/%s\">%s</a></li>\n", 
+					io.write (string.format("\t\t\t\t\t\t<li %s><a href=\"%s%s%s/%s\">%s</a></li>\n", 
 						class,html.html_escape(pageinfo.script),html.html_escape(group.prefix), html.html_escape(group.controller), html.html_escape(group.tabs[1].action), html.html_escape(group.name) ))
 				end
 				io.write ( "\t\t\t\t\t</ul>" )
diff --git a/app/welcome-controller.lua b/app/welcome-controller.lua
deleted file mode 100644
index 77735ec..0000000
--- a/app/welcome-controller.lua
+++ /dev/null
@@ -1,10 +0,0 @@
--- A standin controller for testing
-module (..., package.seeall)
-
-default_action = "read"
-
-read = function (self )
-	return ( {self = self} )
-end
-
-
diff --git a/app/welcome-html.lsp b/app/welcome-html.lsp
deleted file mode 100644
index 88bc934..0000000
--- a/app/welcome-html.lsp
+++ /dev/null
@@ -1,9 +0,0 @@
-<% view = ... %>
-<h1>Alpine Configuration Framework</h1>
-<DL><p>Welcome.</p></DL>
-
-<% --[[
-	io.write(html.cfe_unpack(view))
-	io.write(html.cfe_unpack(FORM))
-	io.write(html.cfe_unpack(ENV))
---]] %>
-- 
cgit v1.2.3