summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2016-04-19 23:47:08 +0300
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2016-04-20 00:53:11 +0300
commit64fb7a6edb00fac497fa9ef58b2b8f49a5f8b4ed (patch)
tree312f5294ae21607baa362cbf674e7394d6f1dd2f
parent8c38f605fb1b5441e44083ca122020515e78a75d (diff)
downloadaconf-64fb7a6edb00fac497fa9ef58b2b8f49a5f8b4ed.tar.bz2
aconf-64fb7a6edb00fac497fa9ef58b2b8f49a5f8b4ed.tar.xz
model: cache permissions at user object
-rw-r--r--aconf/model/aaa.lua19
-rw-r--r--aconf/model/node.lua7
2 files changed, 15 insertions, 11 deletions
diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua
index 3f62ef0..982e5b3 100644
--- a/aconf/model/aaa.lua
+++ b/aconf/model/aaa.lua
@@ -1,5 +1,5 @@
--[[
-Copyright (c) 2012-2015 Kaarle Ritvanen
+Copyright (c) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
--]]
@@ -56,14 +56,19 @@ function User:check_password(password)
end
function User:check_permission(permission)
- assert(self:fetch('/aaa/permissions')[permission])
-
- for _, role in node.pairs(self.roles, true) do
- for _, p in node.pairs(role.permissions, true) do
- if p == permission then return true end
+ local mt = getmetatable(self)
+ if not mt.permissions then
+ mt.permissions = {}
+ for _, p in pairs(self:fetch('../../permissions')) do
+ mt.permissions[p] = false
+ end
+ for _, role in node.pairs(self.roles, true) do
+ for _, p in node.pairs(role.permissions, true) do
+ mt.permissions[p] = true
+ end
end
end
- return false
+ return mt.permissions[permission]
end
diff --git a/aconf/model/node.lua b/aconf/model/node.lua
index c1d53e9..ccbb418 100644
--- a/aconf/model/node.lua
+++ b/aconf/model/node.lua
@@ -1,5 +1,5 @@
--[[
-Copyright (c) 2012-2015 Kaarle Ritvanen
+Copyright (c) 2012-2016 Kaarle Ritvanen
See LICENSE file for license details
--]]
@@ -200,9 +200,8 @@ function M.TreeNode:init(context, params)
res = user.superuser or mt._has_permission(permission)
if res == nil then
- if getmetatable(mt.escalate).fetch('/aaa/permissions')[name] then
- res = user:check_permission(name)
- else
+ res = mt.txn.user:check_permission(name)
+ if res == nil then
if ({create=true, delete=true})[permission] then
permission = 'modify'
end