app/acf-util/roles-model.lua


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

-- Roles/Group functions
local mymodule = {}

modelfunctions = require("modelfunctions")
authenticator = require("authenticator")
roles = require("roles")

-- Return roles/permissions for specified user
mymodule.get_user_roles = function(self, userid)
	local userinfo = authenticator.get_userinfo(self, userid) or {}
	rls = cfe({ type="list", value=userinfo.roles or {}, label="Roles" })
	permissions = cfe({ type="structure", value=roles.get_roles_perm(self, rls.value), label="Permissions" })
	return cfe({ type="group", value={roles=rls, permissions=permissions}, label="Roles/Permission list for "..userid })
end

-- Return permissions for specified role
mymodule.get_role_perms = function(self, role)
	return cfe({ type="structure", value=roles.get_role_perm(self, role), label="Permissions" })
end

-- Return list of all permissions
mymodule.get_perms_list = function(self)
	return cfe({ type="structure", value=roles.get_all_permissions(self), label="All Permissions" })
end

mymodule.view_roles = function(self)
	local defined_roles, default_roles = roles.list_roles(self)
	local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
	local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })

	return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe}, label="Roles" })
end

mymodule.getpermissions = function(self, clientdata)
	local role_cfe = cfe({ value=clientdata.role or "", label="Role", seq=1 })

	local tmp, all_perms = roles.get_all_permissions(self)
	table.sort(all_perms)
	local my_perms = {}
	local default_perms = {}

	if clientdata.role then
		role_cfe.readonly = true
		local tmp
		tmp, my_perms, default_perms = roles.get_role_perm(self, clientdata.role)
		my_perms = my_perms or {}
		default_perms = default_perms or {}
		if #default_perms > 0 then
			-- Mark the default permissions as disabled
			local rev = {}
			for i,d in ipairs(default_perms) do
				rev[d] = i
			end
			local newall = {}
			for i,p in ipairs(all_perms) do
				local tmp = {value=p, label=p}
				if rev[p] then
					tmp.disabled = true
				end
				newall[#newall+1] = tmp
			end
			all_perms = newall
		end
	end

	local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions", seq=2 })

	return cfe({ type="structure", value={role=role_cfe, permissions=permissions_cfe} })
end

mymodule.setnewpermissions = function(self, permissions, action)
	return mymodule.setpermissions(self, permissions, action, true)
end

mymodule.setpermissions = function(self, permissions, action, newrole)
	-- Validate entries and create error strings
	local result = true
	if newrole then
		-- make sure not overwriting role
		local defined_roles, default_roles = roles.list_roles(self)
		local reverseroles = {}
		for i,role in ipairs(defined_roles) do reverseroles[role] = i end
		for i,role in ipairs(default_roles) do reverseroles[role] = i end
		if reverseroles[permissions.value.role.value] then
			result = false
			permissions.value.role.errtxt = "Role already exists"
			permissions.errtxt = "Failed to create role"
		end
	end
	-- Try to set the value
	if result==true then
		-- Remove the default permissions
		local reversepermissions = {}
		for i,p in ipairs(permissions.value.permissions.value) do
			reversepermissions[p] = i
		end
		for i,p in ipairs(permissions.value.permissions.option) do
			if p.disabled then
				reversepermissions[p.value] = nil
			end
		end
		local permissionstable = {}
		for p in pairs(reversepermissions) do
			permissionstable[#permissionstable+1] = p
		end

		result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissionstable)
		if not result then
			permissions.errtxt = "Failed to save role"
		end
	end

	return permissions
end

mymodule.get_delete_role = function(self, clientdata)
	local defined_roles, default_roles = roles.list_roles(self)
	local role = cfe({ type="select", value = clientdata.role or "", label="Role", option=defined_roles })
	return cfe({ type="group", value={role=role}, label="Delete Role" })
end

mymodule.delete_role = function(self, role)
	local result, cmdresult = roles.delete_role(self, role.value.role.value)
	if not result then
		role.value.role.errtxt = cmdresult
		role.errtxt = "Failed to Delete Role"
	else
		-- remove the just deleted role
		for i,r in ipairs(role.value.role.option) do
			if r == role.value.role.value then
				role.value.role.value =""
				role.value.role.option[i] = nil
				break
			end
		end
	end
	return role
end

return mymodule