1 files changed, 53 insertions, 0 deletions

diff --git a/acf/model/aaa.lua b/acf/model/aaa.lua
new file mode 100644
index 0000000..93f07dc
--- /dev/null
+++ b/acf/model/aaa.lua
@@ -0,0 +1,53 @@
+--[[
+Copyright (c) 2012-2013 Kaarle Ritvanen
+See LICENSE file for license details
+--]]
+
+module(..., package.seeall)
+
+local M = require('acf.model')
+
+Role = M.new()
+Role.permissions = M.Set{type=M.Reference{scope='../../../permissions'}}
+
+
+User = M.new()
+User.password = M.String
+User.real_name = M.String
+User.superuser = M.Boolean{default=false}
+User.roles = M.Set{type=M.Reference{scope='../../../roles'}}
+
+function User:check_password(password) return password == self.password end
+
+function User:check_permission(permission)
+   -- TODO audit trail
+   print('check permission', permission)
+
+   if self.superuser then return true end
+
+   assert(getmetatable(self).txn:search('/auth/permissions')[permission])
+
+   for _, role in M.node.pairs(self.roles) do
+      for _, p in M.node.pairs(role.permissions) do
+	 if p == permission then return true end
+      end
+   end
+   return false
+end
+
+
+Authentication = M.new()
+Authentication.users = M.Collection{type=User}
+Authentication.roles = M.Collection{type=Role}
+Authentication.permissions = M.Set{
+   type=M.String,
+   addr='/volatile/aaa/permissions'
+}
+
+M.register(
+   'auth',
+   '/json'..require('lfs').currentdir()..'/config/aaa.json',
+   Authentication
+)
+
+M.permission.defaults('/auth')