diff options
| -rw-r--r-- | aconf/model/aaa.lua | 29 | ||||
| -rw-r--r-- | aconf/model/node.lua | 2 | ||||
| -rw-r--r-- | aconf/model/permission.lua | 2 | ||||
| -rw-r--r-- | server.lua | 4 |
4 files changed, 16 insertions, 21 deletions
diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua index 048574a..f956d9e 100644 --- a/aconf/model/aaa.lua +++ b/aconf/model/aaa.lua @@ -53,7 +53,7 @@ function User:check_password(password) end function User:check_permission(permission) - assert(self:fetch('/auth/permissions')[permission]) + assert(self:fetch('/aaa/permissions')[permission]) for _, role in node.pairs(self.roles, true) do for _, p in node.pairs(role.permissions, true) do @@ -72,20 +72,16 @@ Record.data = M.String{editable=false} Record.timestamp = M.time.Timestamp{editable=false} -local Authentication = M.new() -Authentication.users = M.Collection{type=User} -Authentication.roles = M.Collection{type=Role} -Authentication.permissions = M.Set{ - type=M.String, addr='/volatile/aaa/permissions' -} -Authentication.audit_trail = M.List{ +local Aaa = M.new() +Aaa.users = M.Collection{type=User} +Aaa.roles = M.Collection{type=Role} +Aaa.permissions = M.Set{type=M.String, addr='/volatile/aaa/permissions'} +Aaa.audit_trail = M.List{ type=Record, editable=false, ui_name='Audit trail', ui_member='Record' } -Authentication.action_log = M.List{ - type=Record, addr=node.null_addr, visible=false -} +Aaa.action_log = M.List{type=Record, addr=node.null_addr, visible=false} -function Authentication:validate() +function Aaa:validate() local time = os.time() for _, action in node.pairs(self.action_log) do action.timestamp = time @@ -95,12 +91,11 @@ end M.register( - 'auth', - Authentication, + 'aaa', + Aaa, { - addr='/json'..require('posix').getcwd()..'/config/aaa.json', - ui_name='Authentication' + addr='/json'..require('posix').getcwd()..'/config/aaa.json', ui_name='AAA' } ) -M.permission.defaults('/auth') +M.permission.defaults('/aaa') diff --git a/aconf/model/node.lua b/aconf/model/node.lua index 40e4422..013b1bb 100644 --- a/aconf/model/node.lua +++ b/aconf/model/node.lua @@ -143,7 +143,7 @@ function M.TreeNode:init(context, params) res = user.superuser or mt._has_permission(permission) if res == nil then - if getmetatable(mt.escalate).fetch('/auth/permissions')[name] then + if getmetatable(mt.escalate).fetch('/aaa/permissions')[name] then res = user:check_permission(name) else if ({create=true, delete=true})[permission] then diff --git a/aconf/model/permission.lua b/aconf/model/permission.lua index e90099b..f7f5be1 100644 --- a/aconf/model/permission.lua +++ b/aconf/model/permission.lua @@ -10,7 +10,7 @@ local start_txn = require('aconf.transaction') function M.define(path, ...) local txn = start_txn() - local db = txn:fetch('/auth/permissions') + local db = txn:fetch('/aaa/permissions') for _, permission in ipairs{...} do node.insert(db, permission..path) end txn:commit() end @@ -49,7 +49,7 @@ return function(env) local function log_action(txn, params, s) params.user = mnode.name((s or session).user) - mnode.insert(txn:fetch('/auth/action-log'), params) + mnode.insert(txn:fetch('/aaa/action-log'), params) end local function log_session_event(action, session) @@ -97,7 +97,7 @@ return function(env) if method == 'POST' then if not data.username or not data.password then return 401 end local user = - aconf.start_txn():fetch('/auth/users')[data.username] + aconf.start_txn():fetch('/aaa/users')[data.username] if user and user:check_password(data.password) then local sid repeat |