move permission checking from server to model

hide all model data and functions inaccessible to the user

1 files changed, 10 insertions, 4 deletions

diff --git a/aconf/transaction/init.lua b/aconf/transaction/init.lua
index aba1b66..d4c79fe 100644
--- a/aconf/transaction/init.lua
+++ b/aconf/transaction/init.lua
@@ -19,12 +19,14 @@ local ModelTransaction = object.class(
    require('aconf.transaction.base').Transaction
 )
 
-function ModelTransaction:init(backend, validate)
+function ModelTransaction:init(backend, validate, user)
    super(self, ModelTransaction):init(backend)
 
    self.validate = validate
    self.validable = {}
 
+   self.user = user
+
    self.root = root.RootModel{txn=self}
 end
 
@@ -79,7 +81,10 @@ function ModelTransaction:check_deleted(path)
    end
 end
 
-function ModelTransaction:fetch(path) return self.root:fetch(path) end
+function ModelTransaction:fetch(path, escalate)
+   local root = self.root
+   return (escalate and getmetatable(root).escalate or root):fetch(path)
+end
 
 function ModelTransaction:meta(path) return self.root:meta(path) end
 
@@ -93,7 +98,7 @@ function ModelTransaction:commit()
       local function validate(path)
 	 if path > '/' then validate(pth.parent(path)) end
 	 if not self.commit_val[path] then return end
-	 errors:collect(getmetatable(self:fetch(path)).validate)
+	 errors:collect(getmetatable(self:fetch(path, true)).validate)
 	 self.commit_val[path] = nil
       end
 
@@ -119,6 +124,7 @@ return function(options)
    options = options or {}
    return ModelTransaction(
       options.parent or (options.allow_commit_defer and def_store or store),
-      not (options.parent and options.defer_validation)
+      not (options.parent and options.defer_validation),
+      options.parent and options.parent.user or options.user
    )
 end