diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2016-04-19 23:47:08 +0300 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2016-04-20 00:53:11 +0300 |
commit | 64fb7a6edb00fac497fa9ef58b2b8f49a5f8b4ed (patch) | |
tree | 312f5294ae21607baa362cbf674e7394d6f1dd2f | |
parent | 8c38f605fb1b5441e44083ca122020515e78a75d (diff) | |
download | aconf-64fb7a6edb00fac497fa9ef58b2b8f49a5f8b4ed.tar.bz2 aconf-64fb7a6edb00fac497fa9ef58b2b8f49a5f8b4ed.tar.xz |
model: cache permissions at user object
-rw-r--r-- | aconf/model/aaa.lua | 19 | ||||
-rw-r--r-- | aconf/model/node.lua | 7 |
2 files changed, 15 insertions, 11 deletions
diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua index 3f62ef0..982e5b3 100644 --- a/aconf/model/aaa.lua +++ b/aconf/model/aaa.lua @@ -1,5 +1,5 @@ --[[ -Copyright (c) 2012-2015 Kaarle Ritvanen +Copyright (c) 2012-2016 Kaarle Ritvanen See LICENSE file for license details --]] @@ -56,14 +56,19 @@ function User:check_password(password) end function User:check_permission(permission) - assert(self:fetch('/aaa/permissions')[permission]) - - for _, role in node.pairs(self.roles, true) do - for _, p in node.pairs(role.permissions, true) do - if p == permission then return true end + local mt = getmetatable(self) + if not mt.permissions then + mt.permissions = {} + for _, p in pairs(self:fetch('../../permissions')) do + mt.permissions[p] = false + end + for _, role in node.pairs(self.roles, true) do + for _, p in node.pairs(role.permissions, true) do + mt.permissions[p] = true + end end end - return false + return mt.permissions[permission] end diff --git a/aconf/model/node.lua b/aconf/model/node.lua index c1d53e9..ccbb418 100644 --- a/aconf/model/node.lua +++ b/aconf/model/node.lua @@ -1,5 +1,5 @@ --[[ -Copyright (c) 2012-2015 Kaarle Ritvanen +Copyright (c) 2012-2016 Kaarle Ritvanen See LICENSE file for license details --]] @@ -200,9 +200,8 @@ function M.TreeNode:init(context, params) res = user.superuser or mt._has_permission(permission) if res == nil then - if getmetatable(mt.escalate).fetch('/aaa/permissions')[name] then - res = user:check_permission(name) - else + res = mt.txn.user:check_permission(name) + if res == nil then if ({create=true, delete=true})[permission] then permission = 'modify' end |