diff options
-rw-r--r-- | tinydns-controller.lua | 8 | ||||
-rw-r--r-- | tinydns-listpermissions-html.lsp | 15 | ||||
-rw-r--r-- | tinydns-model.lua | 76 | ||||
-rw-r--r-- | tinydns.roles | 2 |
4 files changed, 89 insertions, 12 deletions
diff --git a/tinydns-controller.lua b/tinydns-controller.lua index 4030cf3..aa85efc 100644 --- a/tinydns-controller.lua +++ b/tinydns-controller.lua @@ -65,3 +65,11 @@ function edituserpermissions(self) return self.model:setuserpermissions(value) end, self.clientdata, "Save", "Edit User Permissions", "User permissions set") end + +function editrolepermissions(self) + return controllerfunctions.handle_form(self, function() + return self.model:getrolepermissions(self.clientdata.role) + end, function(value) + return self.model:setrolepermissions(value) + end, self.clientdata, "Save", "Edit Role Permissions", "Role permissions set") +end diff --git a/tinydns-listpermissions-html.lsp b/tinydns-listpermissions-html.lsp index 0fd235e..0e8711c 100644 --- a/tinydns-listpermissions-html.lsp +++ b/tinydns-listpermissions-html.lsp @@ -5,9 +5,10 @@ <H1><?= view.label ?></H1> +<H2>User Permissions</H2> <TABLE> <TR><TD CLASS='header'>User</TD><TD CLASS='header'>Permissions</TD> -<? for i,user in ipairs(view.value) do ?> +<? for i,user in ipairs(view.value.user) do ?> <TR><TD><?= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/edituserpermissions?userid=" .. user.id, label=user.id} ?></TD><TD> <? for y,allowed in pairs(user.allowed) do print(allowed, "<BR>") @@ -15,3 +16,15 @@ <TD></TR> <? end ?> </TABLE> + +<H2>Role Permissions</H2> +<TABLE> +<TR><TD CLASS='header'>Role</TD><TD CLASS='header'>Permissions</TD> +<? for i,role in ipairs(view.value.role) do ?> + <TR><TD><?= html.link{value=page_info.script .. page_info.prefix .. page_info.controller .. "/editrolepermissions?role=" .. role.id, label=role.id} ?></TD><TD> + <? for y,allowed in pairs(role.allowed) do + print(allowed, "<BR>") + end ?> + <TD></TR> +<? end ?> +</TABLE> diff --git a/tinydns-model.lua b/tinydns-model.lua index 148dec6..0546e43 100644 --- a/tinydns-model.lua +++ b/tinydns-model.lua @@ -7,6 +7,7 @@ require("fs") require("format") require("validator") require("authenticator") +require("roles") -- Set variables local configfiles = {} @@ -97,8 +98,15 @@ local function getallowedlist(self, userid) local allowedlist = {} local entry = authenticator.read_userentry(self, "tinydns", userid) or "" for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end - -- FIXME also check to see if there are allowed files for this user's roles --- local roles = authenticator.get_userinfo_roles(self, userid) + + -- also check to see if there are allowed files for this user's roles + local rols = authenticator.get_userinfo_roles(self, userid) + -- add in the ALL role + rols.value[#rols.value + 1] = "ALL" + for i,role in ipairs(rols.value) do + local entry = authenticator.read_roleentry(self, "tinydns", role) or "" + for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end + end return allowedlist end @@ -295,9 +303,9 @@ function createconfigfile(self, configfile, userid) configfile.errtxt = nil -- We have to add this file to the allowed list, if there is one - -- FIXME - what do we do here when there is role support? - local perm = getuserpermissions(self, userid) - if #perm.value.allowed.value > 0 then + local allowed = getallowedlist(self, userid) + if #allowed > 0 then + local perm = getuserpermissions(self, userid) perm.value.allowed.value[#perm.value.allowed.value + 1] = path setuserpermissions(self, perm) end @@ -328,16 +336,25 @@ end function getpermissionslist(self) local users = authenticator.list_users(self) - local output = {} + local userlist = {} for i,user in ipairs(users) do local allowedlist = {} local entry = authenticator.read_userentry(self, "tinydns", user) or "" for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end - output[#output + 1] = {id=user, allowed=allowedlist} + userlist[#userlist + 1] = {id=user, allowed=allowedlist} end - table.sort(output, function(a,b) return a.id < b.id end) - -- FIXME - need to check for roles as well as users - return cfe({ type="structure", value=output, label="TinyDNS Permissions" }) + -- Need to check for roles as well as users + local rolelist = {} + local rols = roles.list_all_roles() + for i,role in ipairs(rols) do + local allowedlist = {} + local entry = authenticator.read_roleentry(self, "tinydns", role) or "" + for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end + rolelist[#rolelist + 1] = {id=role, allowed=allowedlist} + end + table.sort(userlist, function(a,b) return a.id < b.id end) + table.sort(rolelist, function(a,b) return a.id < b.id end) + return cfe({ type="structure", value={user=userlist, role=rolelist}, label="TinyDNS Permissions" }) end local function validateuserpermissions(self, userpermissions) @@ -355,6 +372,21 @@ local function validateuserpermissions(self, userpermissions) return success, userpermissions end +local function validaterolepermissions(self, rolepermissions) + local success = false + rolepermissions.value.role.errtxt = "Invalid role" + local rols = roles.list_all_roles() + for i,role in ipairs(rols) do + if rolepermissions.value.role.value == role then + rolepermissions.value.role.errtxt = nil + success = true + break + end + end + success = success and modelfunctions.validatemulti(rolepermissions.value.allowed) + return success, rolepermissions +end + function getuserpermissions(self, userid) local allowedlist = {} local entry = authenticator.read_userentry(self, "tinydns", userid) or "" @@ -378,3 +410,27 @@ function setuserpermissions(self, userpermissions) end return userpermissions end + +function getrolepermissions(self, role) + local allowedlist = {} + local entry = authenticator.read_roleentry(self, "tinydns", role) or "" + for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end + local cnffile = {} + recursedir(configdir, cnffile) + local allowed = cfe({ type="multi", value=allowedlist, label="TinyDNS Permissions", option=cnffile, descr="If no permissions are defined, then all are allowed" }) + local rol = cfe({ value=role, label="Role" }) + local output = cfe({ type="group", value={role=rol, allowed=allowed}, label="TinyDNS Permissions" }) + validaterolepermissions(self, output) + return output +end + +function setrolepermissions(self, rolepermissions) + local success, rolepermissions = validaterolepermissions(self, rolepermissions) + + if success then + authenticator.write_roleentry(self, "tinydns", rolepermissions.value.role.value, table.concat(rolepermissions.value.allowed.value, ",")) + else + rolepermissions.errtxt = "Failed to set role permissions" + end + return rolepermissions +end diff --git a/tinydns.roles b/tinydns.roles index 04e46ef..7872dc7 100644 --- a/tinydns.roles +++ b/tinydns.roles @@ -1,2 +1,2 @@ READ=tinydns:status,tinydns:view -UPDATE=tinydns:config,tinydns:listfiles,tinydns:delete,tinydns:edit,tinydns:editfile,tinydns:newfile,tinydns:startstop,tinydns:listpermissions,tinydns:edituserpermissions +UPDATE=tinydns:config,tinydns:listfiles,tinydns:delete,tinydns:edit,tinydns:editfile,tinydns:newfile,tinydns:startstop,tinydns:listpermissions,tinydns:edituserpermissions,tinydns:editrolepermissions |