diff options
Diffstat (limited to 'acf/model/aaa.lua')
-rw-r--r-- | acf/model/aaa.lua | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/acf/model/aaa.lua b/acf/model/aaa.lua new file mode 100644 index 0000000..93f07dc --- /dev/null +++ b/acf/model/aaa.lua @@ -0,0 +1,53 @@ +--[[ +Copyright (c) 2012-2013 Kaarle Ritvanen +See LICENSE file for license details +--]] + +module(..., package.seeall) + +local M = require('acf.model') + +Role = M.new() +Role.permissions = M.Set{type=M.Reference{scope='../../../permissions'}} + + +User = M.new() +User.password = M.String +User.real_name = M.String +User.superuser = M.Boolean{default=false} +User.roles = M.Set{type=M.Reference{scope='../../../roles'}} + +function User:check_password(password) return password == self.password end + +function User:check_permission(permission) + -- TODO audit trail + print('check permission', permission) + + if self.superuser then return true end + + assert(getmetatable(self).txn:search('/auth/permissions')[permission]) + + for _, role in M.node.pairs(self.roles) do + for _, p in M.node.pairs(role.permissions) do + if p == permission then return true end + end + end + return false +end + + +Authentication = M.new() +Authentication.users = M.Collection{type=User} +Authentication.roles = M.Collection{type=Role} +Authentication.permissions = M.Set{ + type=M.String, + addr='/volatile/aaa/permissions' +} + +M.register( + 'auth', + '/json'..require('lfs').currentdir()..'/config/aaa.json', + Authentication +) + +M.permission.defaults('/auth') |