summaryrefslogtreecommitdiffstats
path: root/app/acf-util/roles-model.lua
blob: 8b51503110fde4025fd1890c54c901977632435d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
-- Roles/Group functions
local mymodule = {}

modelfunctions = require("modelfunctions")
authenticator = require("authenticator")
roles = require("roles")

-- Return roles/permissions for specified user
mymodule.get_user_roles = function(self, userid)
	local userinfo = authenticator.get_userinfo(self, userid) or {}
	rls = cfe({ type="list", value=userinfo.roles or {}, label="Roles" })
	permissions = cfe({ type="structure", value=roles.get_roles_perm(self, rls.value), label="Permissions" })
	return cfe({ type="group", value={roles=rls, permissions=permissions}, label="Roles/Permission list for "..userid })
end

-- Return permissions for specified role
mymodule.get_role_perms = function(self, role)
	return cfe({ type="structure", value=roles.get_role_perm(self, role), label="Permissions" })
end
	
-- Return list of all permissions
mymodule.get_perms_list = function(self)
	return cfe({ type="structure", value=roles.get_all_permissions(self), label="All Permissions" })
end

mymodule.view_roles = function(self)
	local defined_roles, default_roles = roles.list_roles(self)
	local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
	local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })

	return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe}, label="Roles" })
end

mymodule.getpermissions = function(self, clientdata)
	local role_cfe = cfe({ value=clientdata.role or "", label="Role", seq=1 })

	local tmp, all_perms = roles.get_all_permissions(self)
	table.sort(all_perms)
	local my_perms = {}
	local default_perms = {} 

	if clientdata.role then
		role_cfe.readonly = true
		local tmp
		tmp, my_perms, default_perms = roles.get_role_perm(self, clientdata.role)
		my_perms = my_perms or {}
		default_perms = default_perms or {}
		if #default_perms > 0 then
			-- Mark the default permissions as disabled
			local rev = {}
			for i,d in ipairs(default_perms) do
				rev[d] = i
			end
			local newall = {}
			for i,p in ipairs(all_perms) do
				local tmp = {value=p, label=p}
				if rev[p] then
					tmp.disabled = true
				end
				newall[#newall+1] = tmp
			end
			all_perms = newall
		end
	end
	
	local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions", seq=2 })

	return cfe({ type="structure", value={role=role_cfe, permissions=permissions_cfe} })
end

mymodule.setnewpermissions = function(self, permissions, action)
	return mymodule.setpermissions(self, permissions, action, true)
end

mymodule.setpermissions = function(self, permissions, action, newrole)
	-- Validate entries and create error strings
	local result = true
	if newrole then
		-- make sure not overwriting role
		local defined_roles, default_roles = roles.list_roles(self)
		local reverseroles = {}
		for i,role in ipairs(defined_roles) do reverseroles[role] = i end
		for i,role in ipairs(default_roles) do reverseroles[role] = i end
		if reverseroles[permissions.value.role.value] then
			result = false
			permissions.value.role.errtxt = "Role already exists"
			permissions.errtxt = "Failed to create role"
		end
	end
	-- Try to set the value
	if result==true then
		result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissions.value.permissions.value)
		if not result then
			permissions.errtxt = "Failed to save role"
		end
	end

	return permissions
end

mymodule.get_delete_role = function(self, clientdata)
	local defined_roles, default_roles = roles.list_roles(self)
	local role = cfe({ type="select", value = clientdata.role or "", label="Role", option=defined_roles })
	return cfe({ type="group", value={role=role}, label="Delete Role" })
end

mymodule.delete_role = function(self, role)
	local result, cmdresult = roles.delete_role(self, role.value.role.value)
	if not result then
		role.value.role.errtxt = cmdresult
		role.errtxt = "Failed to Delete Role"
	else
		-- remove the just deleted role
		for i,r in ipairs(role.value.role.option) do
			if r == role.value.role.value then
				role.value.role.value =""
				role.value.role.option[i] = nil
				break
			end
		end
	end
	return role
end

return mymodule