summaryrefslogtreecommitdiffstats
path: root/aconf
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2014-03-24 18:29:51 +0200
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2014-03-25 09:02:58 +0200
commit110544c9c7ed7af1e4da474b2ed90e75c050ffc0 (patch)
tree15ed0a79082eac9388ec556909cf1595f323a9c9 /aconf
parent791ee0dc06650351e0fd6cf79d6af5056c5c987f (diff)
downloadaconf-110544c9c7ed7af1e4da474b2ed90e75c050ffc0.tar.bz2
aconf-110544c9c7ed7af1e4da474b2ed90e75c050ffc0.tar.xz
model: grant superuser all permissions despite custom permission checkers
Diffstat (limited to 'aconf')
-rw-r--r--aconf/model/aaa.lua5
-rw-r--r--aconf/model/node.lua6
2 files changed, 4 insertions, 7 deletions
diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua
index 1986b3b..01dc26a 100644
--- a/aconf/model/aaa.lua
+++ b/aconf/model/aaa.lua
@@ -52,11 +52,6 @@ function User:check_password(password)
end
function User:check_permission(permission)
- -- TODO audit trail
- print('check permission', permission)
-
- if self.superuser then return true end
-
assert(self:fetch('/auth/permissions')[permission])
for _, role in M.node.pairs(self.roles, true) do
diff --git a/aconf/model/node.lua b/aconf/model/node.lua
index fe816e8..95d9e79 100644
--- a/aconf/model/node.lua
+++ b/aconf/model/node.lua
@@ -131,6 +131,7 @@ function M.TreeNode:init(context, params)
function mt._has_permission(permission) end
+ -- TODO audit trail
function mt.has_permission(permission)
if mt.privileged then return true end
@@ -138,11 +139,12 @@ function M.TreeNode:init(context, params)
local res = permissions[name]
if res ~= nil then return res end
- res = mt._has_permission(permission)
+ local user = mt.txn.user
+ res = user.superuser or mt._has_permission(permission)
if res == nil then
if getmetatable(mt.escalate).fetch('/auth/permissions')[name] then
- res = mt.txn.user:check_permission(name)
+ res = user:check_permission(name)
else
if ({create=true, delete=true})[permission] then
permission = 'modify'