From e8321385feea875b350b759241c8dc439edd9319 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 24 Mar 2014 22:06:00 +0200
Subject: server: audit trail

---
 aconf/model/aaa.lua | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

(limited to 'aconf')

diff --git a/aconf/model/aaa.lua b/aconf/model/aaa.lua
index 01dc26a..048574a 100644
--- a/aconf/model/aaa.lua
+++ b/aconf/model/aaa.lua
@@ -4,6 +4,7 @@ See LICENSE file for license details
 --]]
 
 local M = require('aconf.model')
+local node = require('aconf.model.node')
 local object = require('aconf.object')
 
 local digest = require('crypto').digest
@@ -54,8 +55,8 @@ end
 function User:check_permission(permission)
    assert(self:fetch('/auth/permissions')[permission])
 
-   for _, role in M.node.pairs(self.roles, true) do
-      for _, p in M.node.pairs(role.permissions, true) do
+   for _, role in node.pairs(self.roles, true) do
+      for _, p in node.pairs(role.permissions, true) do
 	 if p == permission then return true end
       end
    end
@@ -63,14 +64,36 @@ function User:check_permission(permission)
 end
 
 
+local Record = M.new()
+Record.user = M.String{required=true, editable=false}
+Record.action = M.String{required=true, editable=false}
+Record.path = M.String{editable=false}
+Record.data = M.String{editable=false}
+Record.timestamp = M.time.Timestamp{editable=false}
+
+
 local Authentication = M.new()
 Authentication.users = M.Collection{type=User}
 Authentication.roles = M.Collection{type=Role}
 Authentication.permissions = M.Set{
-   type=M.String,
-   addr='/volatile/aaa/permissions'
+   type=M.String, addr='/volatile/aaa/permissions'
+}
+Authentication.audit_trail = M.List{
+   type=Record, editable=false, ui_name='Audit trail', ui_member='Record'
+}
+Authentication.action_log = M.List{
+   type=Record, addr=node.null_addr, visible=false
 }
 
+function Authentication:validate()
+   local time = os.time()
+   for _, action in node.pairs(self.action_log) do
+      action.timestamp = time
+      node.insert(self.audit_trail, action)
+   end
+end
+
+
 M.register(
    'auth',
    Authentication,
-- 
cgit v1.2.3