summaryrefslogtreecommitdiffstats
path: root/tinydns-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'tinydns-model.lua')
-rw-r--r--tinydns-model.lua76
1 files changed, 66 insertions, 10 deletions
diff --git a/tinydns-model.lua b/tinydns-model.lua
index 148dec6..0546e43 100644
--- a/tinydns-model.lua
+++ b/tinydns-model.lua
@@ -7,6 +7,7 @@ require("fs")
require("format")
require("validator")
require("authenticator")
+require("roles")
-- Set variables
local configfiles = {}
@@ -97,8 +98,15 @@ local function getallowedlist(self, userid)
local allowedlist = {}
local entry = authenticator.read_userentry(self, "tinydns", userid) or ""
for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end
- -- FIXME also check to see if there are allowed files for this user's roles
--- local roles = authenticator.get_userinfo_roles(self, userid)
+
+ -- also check to see if there are allowed files for this user's roles
+ local rols = authenticator.get_userinfo_roles(self, userid)
+ -- add in the ALL role
+ rols.value[#rols.value + 1] = "ALL"
+ for i,role in ipairs(rols.value) do
+ local entry = authenticator.read_roleentry(self, "tinydns", role) or ""
+ for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end
+ end
return allowedlist
end
@@ -295,9 +303,9 @@ function createconfigfile(self, configfile, userid)
configfile.errtxt = nil
-- We have to add this file to the allowed list, if there is one
- -- FIXME - what do we do here when there is role support?
- local perm = getuserpermissions(self, userid)
- if #perm.value.allowed.value > 0 then
+ local allowed = getallowedlist(self, userid)
+ if #allowed > 0 then
+ local perm = getuserpermissions(self, userid)
perm.value.allowed.value[#perm.value.allowed.value + 1] = path
setuserpermissions(self, perm)
end
@@ -328,16 +336,25 @@ end
function getpermissionslist(self)
local users = authenticator.list_users(self)
- local output = {}
+ local userlist = {}
for i,user in ipairs(users) do
local allowedlist = {}
local entry = authenticator.read_userentry(self, "tinydns", user) or ""
for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end
- output[#output + 1] = {id=user, allowed=allowedlist}
+ userlist[#userlist + 1] = {id=user, allowed=allowedlist}
end
- table.sort(output, function(a,b) return a.id < b.id end)
- -- FIXME - need to check for roles as well as users
- return cfe({ type="structure", value=output, label="TinyDNS Permissions" })
+ -- Need to check for roles as well as users
+ local rolelist = {}
+ local rols = roles.list_all_roles()
+ for i,role in ipairs(rols) do
+ local allowedlist = {}
+ local entry = authenticator.read_roleentry(self, "tinydns", role) or ""
+ for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end
+ rolelist[#rolelist + 1] = {id=role, allowed=allowedlist}
+ end
+ table.sort(userlist, function(a,b) return a.id < b.id end)
+ table.sort(rolelist, function(a,b) return a.id < b.id end)
+ return cfe({ type="structure", value={user=userlist, role=rolelist}, label="TinyDNS Permissions" })
end
local function validateuserpermissions(self, userpermissions)
@@ -355,6 +372,21 @@ local function validateuserpermissions(self, userpermissions)
return success, userpermissions
end
+local function validaterolepermissions(self, rolepermissions)
+ local success = false
+ rolepermissions.value.role.errtxt = "Invalid role"
+ local rols = roles.list_all_roles()
+ for i,role in ipairs(rols) do
+ if rolepermissions.value.role.value == role then
+ rolepermissions.value.role.errtxt = nil
+ success = true
+ break
+ end
+ end
+ success = success and modelfunctions.validatemulti(rolepermissions.value.allowed)
+ return success, rolepermissions
+end
+
function getuserpermissions(self, userid)
local allowedlist = {}
local entry = authenticator.read_userentry(self, "tinydns", userid) or ""
@@ -378,3 +410,27 @@ function setuserpermissions(self, userpermissions)
end
return userpermissions
end
+
+function getrolepermissions(self, role)
+ local allowedlist = {}
+ local entry = authenticator.read_roleentry(self, "tinydns", role) or ""
+ for x in string.gmatch(entry, "([^,]+),?") do allowedlist[#allowedlist + 1] = x end
+ local cnffile = {}
+ recursedir(configdir, cnffile)
+ local allowed = cfe({ type="multi", value=allowedlist, label="TinyDNS Permissions", option=cnffile, descr="If no permissions are defined, then all are allowed" })
+ local rol = cfe({ value=role, label="Role" })
+ local output = cfe({ type="group", value={role=rol, allowed=allowed}, label="TinyDNS Permissions" })
+ validaterolepermissions(self, output)
+ return output
+end
+
+function setrolepermissions(self, rolepermissions)
+ local success, rolepermissions = validaterolepermissions(self, rolepermissions)
+
+ if success then
+ authenticator.write_roleentry(self, "tinydns", rolepermissions.value.role.value, table.concat(rolepermissions.value.allowed.value, ","))
+ else
+ rolepermissions.errtxt = "Failed to set role permissions"
+ end
+ return rolepermissions
+end