blob: d51c10f7bc9cde3216c528d4fba0c406dcbd476a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
--[[
Copyright (c) 2012-2013 Kaarle Ritvanen
See LICENSE file for license details
--]]
local M = require('acf.model')
Role = M.new()
Role.permissions = M.Set{type=M.Reference{scope='../../../permissions'}}
User = M.new()
User.password = M.String
User['real-name'] = M.String
User.superuser = M.Boolean{default=false}
User.roles = M.Set{type=M.Reference{scope='../../../roles'}}
function User:check_password(password) return password == self.password end
function User:check_permission(permission)
-- TODO audit trail
print('check permission', permission)
if self.superuser then return true end
assert(getmetatable(self).txn:fetch('/auth/permissions')[permission])
for _, role in M.node.pairs(self.roles) do
for _, p in M.node.pairs(role.permissions) do
if p == permission then return true end
end
end
return false
end
Authentication = M.new()
Authentication.users = M.Collection{type=User}
Authentication.roles = M.Collection{type=Role}
Authentication.permissions = M.Set{
type=M.String,
addr='/volatile/aaa/permissions'
}
M.register(
'auth',
Authentication,
{
addr='/json'..require('posix').getcwd()..'/config/aaa.json',
ui_name='Authentication'
}
)
M.permission.defaults('/auth')
|
