summaryrefslogtreecommitdiffstats
path: root/aconf
diff options
context:
space:
mode:
Diffstat (limited to 'aconf')
-rw-r--r--aconf/model/aaa.lua31
1 files changed, 27 insertions, 4 deletions
diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua
index 01dc26a..048574a 100644
--- a/aconf/model/aaa.lua
+++ b/aconf/model/aaa.lua
@@ -4,6 +4,7 @@ See LICENSE file for license details
--]]
local M = require('aconf.model')
+local node = require('aconf.model.node')
local object = require('aconf.object')
local digest = require('crypto').digest
@@ -54,8 +55,8 @@ end
function User:check_permission(permission)
assert(self:fetch('/auth/permissions')[permission])
- for _, role in M.node.pairs(self.roles, true) do
- for _, p in M.node.pairs(role.permissions, true) do
+ for _, role in node.pairs(self.roles, true) do
+ for _, p in node.pairs(role.permissions, true) do
if p == permission then return true end
end
end
@@ -63,14 +64,36 @@ function User:check_permission(permission)
end
+local Record = M.new()
+Record.user = M.String{required=true, editable=false}
+Record.action = M.String{required=true, editable=false}
+Record.path = M.String{editable=false}
+Record.data = M.String{editable=false}
+Record.timestamp = M.time.Timestamp{editable=false}
+
+
local Authentication = M.new()
Authentication.users = M.Collection{type=User}
Authentication.roles = M.Collection{type=Role}
Authentication.permissions = M.Set{
- type=M.String,
- addr='/volatile/aaa/permissions'
+ type=M.String, addr='/volatile/aaa/permissions'
+}
+Authentication.audit_trail = M.List{
+ type=Record, editable=false, ui_name='Audit trail', ui_member='Record'
+}
+Authentication.action_log = M.List{
+ type=Record, addr=node.null_addr, visible=false
}
+function Authentication:validate()
+ local time = os.time()
+ for _, action in node.pairs(self.action_log) do
+ action.timestamp = time
+ node.insert(self.audit_trail, action)
+ end
+end
+
+
M.register(
'auth',
Authentication,