1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
|
--this module is for authorization help and group/role management
require ("authenticator")
require ("fs")
require ("format")
module (..., package.seeall)
guest_role = "GUEST"
-- Global variables so we don't have to figure out all the roles multiple times
local defined_roles, default_roles, reverseroles, roles_candidates, role_table, table_perm, array_perm
-- returns a table of the *.roles files
-- startdir should be the app dir
local get_roles_candidates = function(self)
if not roles_candidates then
roles_candidates = {}
for p in string.gmatch(self.conf.appdir, "[^,]+") do
local l = fs.find_files_as_array(".*%.roles", p, true) or {}
for i,f in ipairs(l) do
roles_candidates[#roles_candidates+1] = f
end
end
end
return roles_candidates
end
-- Return a list of *controller.lua files
list_controllers = function(self)
local list = {}
for p in string.gmatch(self.conf.appdir, "[^,]+") do
for file in fs.find(".*controller%.lua", p, true) do
if not string.find(file, "acf_") then
list[#list + 1] = file
end
end
end
return list
end
-- Return information about all or specified controller files
get_controllers = function(self,pre,controller)
--we get all the controllers
local list = list_controllers(self)
--we need to grab the directory and name of file
local temp = {}
for k,v in pairs(list) do
path = string.match(v,".*/")
prefix = string.match(path,"/[^/]+/$")
filename = string.match(v,"[^/]*.lua")
name = string.match(filename,"[^.]*")
sname = string.match(filename,"[^-]*")
temp[prefix..sname] = {path=path,prefix=prefix,filename=filename,name=name,sname=sname}
end
if pre and controller then
return temp[pre..controller]
else
return temp
end
end
-- Find all public functions in a controller
get_controllers_func = function(self,controller_info)
if controller_info == nil then
return "Could not be processed"
else
-- FIXME - would rather do this without 'require' since that messes with global variables
-- but, haven't figured that out yet
local PATH = package.path
local loaded = package.loaded[controller_info.name]
package.loaded[controller_info.name] = nil
_G[controller_info.name] = nil
package.path = controller_info.path .. "?.lua;" .. package.path
temp = require (controller_info.name)
package.path = PATH
package.loaded[controller_info.name] = loaded
_G[controller_info.name] = loaded
temp1 = {}
for a,b in pairs(temp) do
local c = string.match(a,"^mvc") or string.match(a,"^_")
if c == nil and type(temp[a])=="function" then
temp1[#temp1 +1] = a
end
end
return temp1
end
end
-- Find all views for a controller
get_controllers_view = function(self,controller_info)
local temp = {}
for file in fs.find(controller_info.sname.."%-[^%.]+%-html%.lsp", controller_info.path) do
temp[#temp + 1] = string.match(file, controller_info.sname.."%-([^%./]+)%-html%.lsp")
end
return temp
end
get_all_permissions = function(self)
if not table_perm or not array_perm then
-- need to get a list of all the controllers
controllers = get_controllers(self)
table_perm = {}
array_perm = {}
for a,b in pairs(controllers) do
if nil == table_perm[b.prefix] then
table_perm[b.prefix] = {}
end
if nil == table_perm[b.prefix][b.sname] then
table_perm[b.prefix][b.sname] = {}
end
local temp = get_controllers_func(self,b)
for x,y in ipairs(temp) do
table_perm[b.prefix][b.sname][y] = {}
array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y
end
temp = get_controllers_view(self,b)
for x,y in ipairs(temp) do
if not table_perm[b.prefix][b.sname][y] then
table_perm[b.prefix][b.sname][y] = {}
array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y
end
end
end
end
return table_perm, array_perm
end
list_default_roles = function(self)
if not default_roles then
default_roles = {}
reverseroles = {}
-- find all of the default roles files and parse them
local rolesfiles = get_roles_candidates(self)
for x,file in ipairs(rolesfiles) do
f = fs.read_file_as_array(file) or {}
local rolefile = string.match(file, "(/[^/]+/[^/]+)%.roles$")
for y,line in pairs(f) do
local role = string.match(line,"^[%w_]+")
if role then
if not reverseroles[rolefile.."/"..role] then
default_roles[#default_roles+1] = rolefile.."/"..role
reverseroles[default_roles[#default_roles]] = #default_roles
end
if not reverseroles[role] then
default_roles[#default_roles+1] = role
reverseroles[default_roles[#default_roles]] = #default_roles
end
end
end
end
table.sort(default_roles, function(a,b)
if string.byte(a, 1) == 47 and string.byte(b,1) ~= 47 then return false
elseif string.byte(a, 1) ~= 47 and string.byte(b,1) == 47 then return true
else return a<b
end
end)
end
return default_roles, reverseroles
end
list_defined_roles = function(self)
if not defined_roles then
-- Open the roles file and parse for defined roles
defined_roles = {}
if not role_table then role_table = authenticator.auth.read_field(self, authenticator.roletable, "") or {} end
for x,entry in ipairs(role_table) do
if not reverseroles[entry.id] then
defined_roles[#defined_roles + 1] = entry.id
end
end
table.sort(defined_roles)
end
return defined_roles
end
list_roles = function(self)
local default_roles = list_default_roles(self)
local defined_roles = list_defined_roles(self)
return defined_roles, default_roles
end
list_all_roles = function(self)
local defined_roles, default_roles = list_roles(self)
-- put the defined roles first
for x,role in ipairs(default_roles) do
defined_roles[#defined_roles + 1] = role
end
return defined_roles
end
-- Go through the roles files and determine the permissions for the specified list of roles
local determine_perms = function(self,roles)
local permissions = {}
local permissions_array = {}
local default_permissions_array = {}
local reverseroles = {}
for x,role in ipairs(roles) do
reverseroles[role] = x
end
-- find all of the default roles files and parse them
local rolesfiles = get_roles_candidates(self)
for x,file in ipairs(rolesfiles) do
local prefix = string.match(file, "(/[^/]+/)[^/]+$") or "/"
f = fs.read_file_as_array(file) or {}
local rolefile = string.match(file, "(/[^/]+/[^/]+)%.roles$")
for y,line in pairs(f) do
local role = string.match(line,"^[%w_]+")
if role then
if reverseroles[role] or reverseroles[rolefile.."/"..role] then
temp = format.string_to_table(string.match(line,"[,%w_:/]+$"),",")
for z,perm in pairs(temp) do
-- we'll allow for : or / to not break old format
local control,action = string.match(perm,"([%w_]+)[:/]([%w_]+)")
if control then
if nil == permissions[prefix] then
permissions[prefix] = {}
end
if nil == permissions[prefix][control] then
permissions[prefix][control] = {}
end
if action then
if not permissions[prefix][control][action] then
permissions[prefix][control][action] = {file}
permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action
default_permissions_array[#default_permissions_array + 1] = prefix .. control .. "/" .. action
else
permissions[prefix][control][action][#permissions[prefix][control][action] + 1] = file
end
end
end
end
end
end
end
end
-- then look in the user-editable roles
if not role_table then role_table = authenticator.auth.read_field(self, authenticator.roletable, "") or {} end
for x,entry in ipairs(role_table) do
if reverseroles[entry.id] then
temp = format.string_to_table(entry.entry, ",")
for z,perm in pairs(temp) do
local prefix,control,action = self.parse_path_info(perm)
if control then
if nil == permissions[prefix] then
permissions[prefix] = {}
end
if nil == permissions[prefix][control] then
permissions[prefix][control] = {}
end
if nil == permissions[prefix][control][action] then
permissions[prefix][control][action] = {}
permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action
end
end
end
end
end
return permissions, permissions_array, default_permissions_array
end
-- Go through the roles files and determine the permissions for the specified list of roles (including guest)
get_roles_perm = function(self,roles)
roles[#roles+1] = guest_role
return determine_perms(self, roles)
end
-- Go through the roles files and determine the permissions for the specified role
get_role_perm = function(self,role)
return determine_perms(self, {role})
end
-- Delete a role from role file
delete_role = function(self, role)
local result = authenticator.auth.delete_entry(self, authenticator.roletable, "", role)
local cmdresult = "Role entry not found"
if result then cmdresult = "Role deleted" end
return result, cmdresult
end
-- Set permissions for a role in role file
set_role_perm = function(self, role, permissions, permissions_array)
if role==nil or role=="" then
return false, "Invalid Role"
end
if string.find(role, '[^%w_/]') then
return false, "Role can only contain letters, numbers, '/', and '_'"
end
if permissions and not permissions_array then
permissions_array = {}
for prefix,contrllrs in pairs(permissions) do
for cont,actions in pairs(contrllrs) do
for action in pairs(actions) do
permissions_array[#permissions_array + 1] = prefix .. cont .. "/" .. action
end
end
end
end
return authenticator.auth.write_entry(self, authenticator.roletable, "", role, table.concat(permissions_array or {},","))
end
|