From 110544c9c7ed7af1e4da474b2ed90e75c050ffc0 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 24 Mar 2014 18:29:51 +0200
Subject: model: grant superuser all permissions despite custom permission
 checkers

---
 aconf/model/aaa.lua  | 5 -----
 aconf/model/node.lua | 6 ++++--
 2 files changed, 4 insertions(+), 7 deletions(-)

(limited to 'aconf')

diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua
index 1986b3b..01dc26a 100644
--- a/aconf/model/aaa.lua
+++ b/aconf/model/aaa.lua
@@ -52,11 +52,6 @@ function User:check_password(password)
 end
 
 function User:check_permission(permission)
-   -- TODO audit trail
-   print('check permission', permission)
-
-   if self.superuser then return true end
-
    assert(self:fetch('/auth/permissions')[permission])
 
    for _, role in M.node.pairs(self.roles, true) do
diff --git a/aconf/model/node.lua b/aconf/model/node.lua
index fe816e8..95d9e79 100644
--- a/aconf/model/node.lua
+++ b/aconf/model/node.lua
@@ -131,6 +131,7 @@ function M.TreeNode:init(context, params)
 
    function mt._has_permission(permission) end
 
+   -- TODO audit trail
    function mt.has_permission(permission)
       if mt.privileged then return true end
 
@@ -138,11 +139,12 @@ function M.TreeNode:init(context, params)
       local res = permissions[name]
       if res ~= nil then return res end
 
-      res = mt._has_permission(permission)
+      local user = mt.txn.user
+      res = user.superuser or mt._has_permission(permission)
 
       if res == nil then
 	 if getmetatable(mt.escalate).fetch('/auth/permissions')[name] then
-	    res = mt.txn.user:check_permission(name)
+	    res = user:check_permission(name)
 	 else
 	    if ({create=true, delete=true})[permission] then
 	       permission = 'modify'
-- 
cgit v1.2.3