1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
-- Roles/Group functions
module (..., package.seeall)
auth = require("authenticator-plaintext")
roll = require("roles")
local get_all_permissions = function(self)
-- need to get a list of all the controllers
controllers = roles.get_controllers(self)
local table_perm = {}
local array_perm = {}
for a,b in pairs(controllers) do
if nil == table_perm[b.sname] then
table_perm[b.sname] = {}
end
temp = roles.get_controllers_func(self,b)
for x,y in ipairs(temp) do
table_perm[b.sname][y] = {}
array_perm[#array_perm + 1] = b.sname .. ":" .. y
end
end
return table_perm, array_perm
end
default_action = "read"
-- Return your own roles/permissions
read = function(self)
userid = cfe({ value=self.sessiondata.userinfo.userid, label="User Id" })
roles = cfe({ type="list", value=self.sessiondata.userinfo.roles, label="Roles" })
permissions = cfe({ type="table", value = self.sessiondata.permissions, label="Permissions" })
return cfe({ type="group", value={userid=userid, roles=roles, permissions=permissions} })
end
-- Return roles/permissions for specified user
viewuserroles = function(self)
if not (self.clientdata.userid) then
redirect(self)
end
userid = cfe({ value=self.clientdata.userid, label="User Id" })
roles = cfe({ type="list", value=auth.get_userinfo_roles(self, userid.value), label="Roles" })
permissions = cfe({ type="table", value=roll.get_roles_perm(self.conf.appdir, roles.value), label="Permissions" })
return cfe({ type="group", value={userid=userid, roles=roles, permissions=permissions} })
end
-- Return permissions for specified role
viewroleperms = function(self)
if not (self.clientdata.role) then
redirect(self, "getlist")
end
role = cfe({ value=self.clientdata.role, label="Role" })
permissions = cfe({ type="table", value=roll.get_role_perm(self.conf.appdir, role.value), label="Permissions" })
return cfe({ type="group", value={role=role, permissions=permissions} })
end
-- Return list of all permissions
getpermslist = function(self)
permissions = cfe({ type="table", value=get_all_permissions(self), label="All Permissions" })
return cfe({ type="group", value={permissions=permissions} })
end
viewroles = function(self)
-- Get command result out of session data
local cmdresult = self.sessiondata.cmdresult
self.sessiondata.cmdresult = nil
local defined_roles, default_roles = roll.list_roles()
local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe, cmdresult=cmdresult} })
end
local setpermissions = function(self, role, permissions, newrole)
local errtxt
local my_perms = {}
if permissions then
-- we're changing permissions
local result = true
if newrole then
-- make sure not overwriting role
for x,ro in ipairs(roles.list_roles()) do
if role==ro then
result = false
errtxt = "Role already exists"
break
end
end
end
if result==true then
result, errtxt = roles.set_role_perm(role, nil, permissions)
end
my_perms = self.clientdata.permissions
else
if role then
tmp, my_perms = roles.get_role_perm(self.conf.appdir, role)
else
role = ""
end
end
local tmp, all_perms = get_all_permissions(self)
table.sort(all_perms)
local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions" })
local role_cfe = cfe({ value=role, label="Role", errtxt=errtxt })
return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} })
end
newrole = function(self)
local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, true)
form.type = "form"
form.label = "Edit new role"
if form.value.role.errtxt then
form.errtxt = "Failed to create role"
elseif self.clientdata.permissions then
-- If we have permissions, we tried to set
local cmdresult = cfe({ value="New role created" })
self.sessiondata.cmdresult = cmdresult
redirect(self, "viewroles")
end
return form
end
editrole = function(self)
local form = setpermissions(self, self.clientdata.role, self.clientdata.permissions, false)
form.type = "form"
form.label = "Edit role"
if form.value.role.errtxt then
form.errtxt = "Failed to save role"
elseif self.clientdata.permissions then
-- If we have permissions, we tried to set
local cmdresult = cfe({ value="Role saved" })
self.sessiondata.cmdresult = cmdresult
redirect(self, "viewroles")
end
return form
end
deleterole = function(self)
local result, cmdresult = roles.delete_role(self.clientdata.role)
self.sessiondata.cmdresult = cfe({ value=cmdresult })
redirect(self, "viewroles")
end
|
