summaryrefslogtreecommitdiffstats
path: root/aconf/model/field.lua
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2014-03-18 00:52:30 +0200
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2014-03-25 09:02:58 +0200
commit751f019580e210ff22fc1ac0eea72cece854534a (patch)
tree074f3226c7702ff8196207de84ab0e4ec88b5024 /aconf/model/field.lua
parent499351fd1c1e7c1462df9a962e927fb4dba6b594 (diff)
downloadaconf-751f019580e210ff22fc1ac0eea72cece854534a.tar.bz2
aconf-751f019580e210ff22fc1ac0eea72cece854534a.tar.xz
move permission checking from server to model
hide all model data and functions inaccessible to the user
Diffstat (limited to 'aconf/model/field.lua')
-rw-r--r--aconf/model/field.lua43
1 files changed, 25 insertions, 18 deletions
diff --git a/aconf/model/field.lua b/aconf/model/field.lua
index 26711f2..ec8e2c7 100644
--- a/aconf/model/field.lua
+++ b/aconf/model/field.lua
@@ -68,8 +68,16 @@ function M.Field:init(params)
for _, param in ipairs{'compute', 'store', 'editable'} do
local func = self[param]
- if type(func) == 'string' then
- self[param] = function(obj, ...) return obj[func](obj, ...) end
+ if func then
+ if type(func) == 'string' then
+ local method = func
+ function func(obj, ...) return obj[method](obj, ...) end
+ end
+ if type(func) == 'function' then
+ self[param] = function(obj, ...)
+ return func(node.escalate(obj), ...)
+ end
+ end
end
end
@@ -128,7 +136,8 @@ function M.Field:meta(context)
{
type=self.dtype,
visible=self.visible,
- editable=self:_editable(context),
+ editable=self:_editable(context) and
+ node.has_permission(context.parent, 'modify'),
condition=self.condition,
required=self.required,
default=self.default,
@@ -193,12 +202,6 @@ function M.Field:_validate(context, value)
return value
end
-function M.Field:check_editable(context)
- if not self:_editable(context) then
- raise(context.path, 'Is not editable')
- end
-end
-
function M.Field:check_required(context)
if self.required then raise(context.path, 'Required value not set') end
end
@@ -208,7 +211,10 @@ function M.Field:normalize(context, value) return value end
function M.Field:validate(context, value) end
function M.Field:save(context, value)
- self:check_editable(context)
+ if not self:_editable(context) then
+ raise(context.path, 'Is not editable')
+ end
+
if self.store then self.store(context.parent, value, context.txn)
else self:_save(context, self:_validate(context, value)) end
end
@@ -326,9 +332,10 @@ function M.TreeNode:load(context, options)
options or {}, 'create', self.create
) or self:_load(context)
) then return end
- return self.itype(
+ local res = self.itype(
context, update({editable=self:_editable(context)}, self.iparams)
)
+ return node.has_permission(res, 'read') and res or nil
end
function M.TreeNode:save(context, value)
@@ -342,13 +349,6 @@ function M.TreeNode:save(context, value)
return
end
- local check = value ~= nil and next(value) ~= nil
- if not check then
- local old = self:_load(context)
- if old and next(old) ~= nil then check = true end
- end
- if check then self:check_editable(context) end
-
self:_save(context)
if value then
@@ -364,6 +364,8 @@ function M.TreeNode:save(context, value)
errors:collect(self.save_member, new, k, v)
end
errors:raise()
+
+ return new
end
end
@@ -384,5 +386,10 @@ function M.Model:init(params)
self.dtype = 'model'
end
+function M.Model:save(context, value)
+ local new = super(self, M.Model):save(context, value)
+ if new then node.check_permission(new, 'create') end
+end
+
return M