summaryrefslogtreecommitdiffstats
path: root/lib/roles.lua
blob: cef1d284cf547c4cd0de2329646b1b62b0f12913 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
--this module is for authorization help and group/role management

authenticator = require ("authenticator")
fs = require ("acf.fs")
format = require ("acf.format")

local mymodule = {}

mymodule.guest_role = "GUEST"

-- Global variables so we don't have to figure out all the roles multiple times
local defined_roles, default_roles, reverseroles, roles_candidates, role_table, table_perm, array_perm

-- returns a table of the *.roles files
-- startdir should be the app dir
local get_roles_candidates = function(self)
	if not roles_candidates then
		roles_candidates = {}
		for p in string.gmatch(self.conf.appdir, "[^,]+") do
			local l = fs.find_files_as_array(".*%.roles", p, true) or {}
			for i,f in ipairs(l) do
				roles_candidates[#roles_candidates+1] = f
			end
		end
	end
	return roles_candidates
end

-- Return a list of *controller.lua files
mymodule.list_controllers = function(self)
	local list = {}
	for p in string.gmatch(self.conf.appdir, "[^,]+") do
		for file in fs.find(".*controller%.lua", p, true) do
			if not string.find(file, "acf_") then
				list[#list + 1] = file
			end
		end
	end

	return list
end

-- Return information about all or specified controller files
mymodule.get_controllers = function(self,pre,controller)
	--we get all the controllers
	local list = mymodule.list_controllers(self)
	--we need to grab the directory and name of file
	local temp = {}
	for k,v in pairs(list) do
		path = string.match(v,".*/")
		prefix = string.match(path,"/[^/]+/$")
		filename = string.match(v,"[^/]*.lua")
		name = string.match(filename,"[^.]*")
		sname = string.match(filename,"[^-]*")
		if not temp[prefix..sname] then -- only keep the first of each
			temp[prefix..sname] = {path=path,prefix=prefix,filename=filename,name=name,sname=sname}
		end
	end
	if pre and controller then
		return temp[pre..controller]
	else
		return temp
	end
end

-- Find all public functions in a controller
mymodule.get_controllers_func = function(self,controller_info)
	if controller_info == nil then
		return "Could not be processed"
	else
		-- FIXME - would rather do this without 'require' since that messes with global variables
		-- but, haven't figured that out yet
		local PATH = package.path
		local loaded = package.loaded[controller_info.name]
		package.loaded[controller_info.name] = nil
		_G[controller_info.name] = nil
		package.path = controller_info.path .. "?.lua;" .. package.path
		temp = require (controller_info.name)
		package.path = PATH
		package.loaded[controller_info.name] = loaded
		_G[controller_info.name] = loaded
		temp1 = {}
		for a,b in pairs(temp) do
			local c = string.match(a,"^mvc") or string.match(a,"^_")
			if c == nil and type(temp[a])=="function" then
				temp1[#temp1 +1] = a
			end
		end
		return temp1
	end
end

-- Find all views for a controller
mymodule.get_controllers_view = function(self,controller_info)
	local temp = {}
	for file in fs.find(controller_info.sname.."%-[^%.]+%-html%.lsp", controller_info.path) do
		temp[#temp + 1] = string.match(file, controller_info.sname.."%-([^%./]+)%-html%.lsp")
	end
	return temp
end

mymodule.get_all_permissions = function(self)
	if not table_perm or not array_perm then
		-- need to get a list of all the controllers
		controllers = mymodule.get_controllers(self)
		table_perm = {}
		array_perm = {}
		for a,b in pairs(controllers) do
			if nil == table_perm[b.prefix] then
				table_perm[b.prefix] = {}
			end
			if nil == table_perm[b.prefix][b.sname] then
				table_perm[b.prefix][b.sname] = {}
			end
			local temp = mymodule.get_controllers_func(self,b)
			for x,y in ipairs(temp) do
				table_perm[b.prefix][b.sname][y] = {}
				array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y
			end
			temp = mymodule.get_controllers_view(self,b)
			for x,y in ipairs(temp) do
				if not table_perm[b.prefix][b.sname][y] then
					table_perm[b.prefix][b.sname][y] = {}
					array_perm[#array_perm + 1] = b.prefix .. b.sname .. "/" .. y
				end
			end
		end
	end

	return table_perm, array_perm
end

mymodule.list_default_roles = function(self)
	if not default_roles then
		default_roles = {}
		reverseroles = {}

		-- find all of the default roles files and parse them
		local rolesfiles = get_roles_candidates(self)
		-- keep track of the prefix and name handled
		local handled = {}

		for x,file in ipairs(rolesfiles) do
			local prefix, controller = string.match(file, "(/[^/]+/)([^/]+)%.roles$")
			local rolefile = prefix..controller
			if not handled[rolefile] then -- only use the first of each
				handled[rolefile] = true

				f = fs.read_file_as_array(file) or {}
				for y,line in pairs(f) do
					local role = string.match(line,"^[%w_]+")
					if role then
						if not reverseroles[rolefile.."/"..role] then
							default_roles[#default_roles+1] = rolefile.."/"..role
							reverseroles[default_roles[#default_roles]] = #default_roles
						end
						if not reverseroles[role] then
							default_roles[#default_roles+1] = role
							reverseroles[default_roles[#default_roles]] = #default_roles
						end
					end
				end
			end
		end

		table.sort(default_roles, function(a,b)
				if string.byte(a, 1) == 47 and string.byte(b,1) ~= 47 then return false
				elseif string.byte(a, 1) ~= 47 and string.byte(b,1) == 47 then return true
				else return a<b
				end
			end)
	end

	return default_roles, reverseroles
end

mymodule.list_defined_roles = function(self)
	if not defined_roles then
		local auth = authenticator.get_subauth(self)
		-- Open the roles file and parse for defined roles
		defined_roles = {}
		if not role_table then role_table = auth.read_field(self, authenticator.roletable, "") or {} end
		for x,entry in ipairs(role_table) do
			if not reverseroles[entry.id] then
				defined_roles[#defined_roles + 1] = entry.id
			end
		end
		table.sort(defined_roles)
	end

	return defined_roles
end

mymodule.list_roles = function(self)
	local default_roles = mymodule.list_default_roles(self)
	local defined_roles = mymodule.list_defined_roles(self)

	return defined_roles, default_roles
end

mymodule.list_all_roles = function(self)
	local defined_roles, default_roles = mymodule.list_roles(self)
	-- put the defined roles first
	for x,role in ipairs(default_roles) do
		defined_roles[#defined_roles + 1] = role
	end
	return defined_roles
end

-- Go through the roles files and determine the permissions for the specified list of roles
local determine_perms = function(self,roles)
	local permissions = {}
	local permissions_array = {}
	local default_permissions_array = {}

	local reverseroles = {}
	for x,role in ipairs(roles) do
		reverseroles[role] = x
	end

	-- find all of the default roles files and parse them
	local rolesfiles = get_roles_candidates(self)
	-- keep track of the prefix and name handled
	local handled = {}

	for x,file in ipairs(rolesfiles) do
		local prefix, controller = string.match(file, "(/[^/]+/)([^/]+)%.roles$")
		local rolefile = prefix..controller
		if not handled[rolefile] then -- only use the first of each
			handled[rolefile] = true

			f = fs.read_file_as_array(file) or {}
			for y,line in pairs(f) do
				local role = string.match(line,"^[%w_]+")
				if role then
					if reverseroles[role] or reverseroles[rolefile.."/"..role] then
						temp = format.string_to_table(string.match(line,"[,%w_:/]+$"),",")
						for z,perm in pairs(temp) do
							-- we'll allow for : or / to not break old format
							local control,action = string.match(perm,"([%w_]+)[:/]([%w_]+)")
							if control then
								if nil == permissions[prefix] then
									permissions[prefix] = {}
								end
								if nil == permissions[prefix][control] then
									permissions[prefix][control] = {}
								end
								if action then
									if not permissions[prefix][control][action] then
										permissions[prefix][control][action] = {file}
										permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action
										default_permissions_array[#default_permissions_array + 1] = prefix .. control .. "/" .. action
									else
										permissions[prefix][control][action][#permissions[prefix][control][action] + 1] = file
									end
								end
							end
						end
					end
				end
			end
		end
	end

	-- then look in the user-editable roles
	local auth = authenticator.get_subauth(self)
	if not role_table then role_table = auth.read_field(self, authenticator.roletable, "") or {} end
	for x,entry in ipairs(role_table) do
		if reverseroles[entry.id] then
			temp = format.string_to_table(entry.entry, ",")
			for z,perm in pairs(temp) do
				local prefix,control,action = self.parse_path_info(perm)
				if control and "" ~= control then
					if nil == permissions[prefix] then
						permissions[prefix] = {}
					end
					if nil == permissions[prefix][control] then
						permissions[prefix][control] = {}
					end
					if nil == permissions[prefix][control][action] then
						permissions[prefix][control][action] = {}
						permissions_array[#permissions_array + 1] = prefix .. control .. "/" .. action
					end
				end
			end
		end
	end

	return permissions, permissions_array, default_permissions_array
end

-- Go through the roles files and determine the permissions for the specified list of roles (including guest)
mymodule.get_roles_perm = function(self,roles)
	roles[#roles+1] = mymodule.guest_role
	return determine_perms(self, roles)
end

-- Go through the roles files and determine the permissions for the specified role
mymodule.get_role_perm = function(self,role)
	return determine_perms(self, {role})
end

-- Delete a role from role file
mymodule.delete_role = function(self, role)
	local auth = authenticator.get_subauth(self)
	local result = auth.delete_entry(self, authenticator.roletable, "", role)
	local cmdresult = "Role entry not found"
	if result then cmdresult = "Role deleted" end

	return result, cmdresult
end

-- Set permissions for a role in role file
mymodule.set_role_perm = function(self, role, permissions, permissions_array)
	if role==nil or role=="" then
		return false, "Invalid Role"
	end
	if string.find(role, '[^%w_/-]') then
		return false, "Role can only contain letters, numbers, '/', '-', and '_'"
	end
	if permissions and not permissions_array then
		permissions_array = {}
		for prefix,contrllrs in pairs(permissions) do
			for cont,actions in pairs(contrllrs) do
				for action in pairs(actions) do
					permissions_array[#permissions_array + 1] = prefix .. cont .. "/" .. action
				end
			end
		end
	end

	local auth = authenticator.get_subauth(self)
	return auth.write_entry(self, authenticator.roletable, "", role, table.concat(permissions_array or {},","))
end

return mymodule