diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-03-18 00:52:30 +0200 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2014-03-25 09:02:58 +0200 |
commit | 751f019580e210ff22fc1ac0eea72cece854534a (patch) | |
tree | 074f3226c7702ff8196207de84ab0e4ec88b5024 /aconf/model/field.lua | |
parent | 499351fd1c1e7c1462df9a962e927fb4dba6b594 (diff) | |
download | aconf-751f019580e210ff22fc1ac0eea72cece854534a.tar.bz2 aconf-751f019580e210ff22fc1ac0eea72cece854534a.tar.xz |
move permission checking from server to model
hide all model data and functions inaccessible to the user
Diffstat (limited to 'aconf/model/field.lua')
-rw-r--r-- | aconf/model/field.lua | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/aconf/model/field.lua b/aconf/model/field.lua index 26711f2..ec8e2c7 100644 --- a/aconf/model/field.lua +++ b/aconf/model/field.lua @@ -68,8 +68,16 @@ function M.Field:init(params) for _, param in ipairs{'compute', 'store', 'editable'} do local func = self[param] - if type(func) == 'string' then - self[param] = function(obj, ...) return obj[func](obj, ...) end + if func then + if type(func) == 'string' then + local method = func + function func(obj, ...) return obj[method](obj, ...) end + end + if type(func) == 'function' then + self[param] = function(obj, ...) + return func(node.escalate(obj), ...) + end + end end end @@ -128,7 +136,8 @@ function M.Field:meta(context) { type=self.dtype, visible=self.visible, - editable=self:_editable(context), + editable=self:_editable(context) and + node.has_permission(context.parent, 'modify'), condition=self.condition, required=self.required, default=self.default, @@ -193,12 +202,6 @@ function M.Field:_validate(context, value) return value end -function M.Field:check_editable(context) - if not self:_editable(context) then - raise(context.path, 'Is not editable') - end -end - function M.Field:check_required(context) if self.required then raise(context.path, 'Required value not set') end end @@ -208,7 +211,10 @@ function M.Field:normalize(context, value) return value end function M.Field:validate(context, value) end function M.Field:save(context, value) - self:check_editable(context) + if not self:_editable(context) then + raise(context.path, 'Is not editable') + end + if self.store then self.store(context.parent, value, context.txn) else self:_save(context, self:_validate(context, value)) end end @@ -326,9 +332,10 @@ function M.TreeNode:load(context, options) options or {}, 'create', self.create ) or self:_load(context) ) then return end - return self.itype( + local res = self.itype( context, update({editable=self:_editable(context)}, self.iparams) ) + return node.has_permission(res, 'read') and res or nil end function M.TreeNode:save(context, value) @@ -342,13 +349,6 @@ function M.TreeNode:save(context, value) return end - local check = value ~= nil and next(value) ~= nil - if not check then - local old = self:_load(context) - if old and next(old) ~= nil then check = true end - end - if check then self:check_editable(context) end - self:_save(context) if value then @@ -364,6 +364,8 @@ function M.TreeNode:save(context, value) errors:collect(self.save_member, new, k, v) end errors:raise() + + return new end end @@ -384,5 +386,10 @@ function M.Model:init(params) self.dtype = 'model' end +function M.Model:save(context, value) + local new = super(self, M.Model):save(context, value) + if new then node.check_permission(new, 'create') end +end + return M |