diff options
Diffstat (limited to 'app/acf-util/password-controller.lua')
-rwxr-xr-x | app/acf-util/password-controller.lua | 382 |
1 files changed, 50 insertions, 332 deletions
diff --git a/app/acf-util/password-controller.lua b/app/acf-util/password-controller.lua index 4dbe1eb..1d3aa7a 100755 --- a/app/acf-util/password-controller.lua +++ b/app/acf-util/password-controller.lua @@ -1,360 +1,78 @@ module(..., package.seeall) -local auth=require("authenticator-plaintext") - -default_action = "status" - -local function admin_permission() --- if (sessiondata.userinfo) and (sessiondata.userinfo.userid == "alpine") then - return true --- else --- return false --- end -end - -local function check_logonstatus(self) - -- Redirect the user if he's not logged in. - if not (self.sessiondata.userinfo) then - redirect(self, "logon", "logon") - end -end - -local function get_config(self,userid) - local config = {} - local userinfo = {} - if (#userid > 0) then - userinfo=auth.get_userinfo(self,userid) - end - if not (userinfo) then - userinfo = {userid = "", username = "", roles = {} } - end - - -- Get list of available roles - local avail_roles=auth.list_roles() - --- config.debug = userid -- Debug info - - config.userid = cfe({ - name="userid", - label="User id", - value=(userinfo.userid or ""), - }) - config.orguserid = cfe({ - name="orguserid", - value=(userinfo.userid or ""), - type="hidden", - }) - config.username = cfe({ - name="username", - label="Real name", - value=userinfo.username, - }) - config.roles = cfe({ - name="roles", - label="Roles", - option=userinfo.roles, - type="select", - size=#avail_roles, - }) - config.password = cfe({ - name="password", - label="Password", - type="passwd", - }) - config.password_confirm = cfe({ - name="password_confirm", - label="Password (confirm)", - type="passwd", - }) - - config.availableroles = cfe({ - name="availableroles", - label="Available roles", - type="select", - option=avail_roles, - }) - - return config -end +default_action = "editme" function status(self) - - -- Redirect the user if he's not logged in. - check_logonstatus(self) - - local status = {} - - -- Check for admin persmissions - else redirect to personal options - if not (admin_permission()) then - self.conf.action = "editme" - return editme(self) - end - - -- Redirect when creating a new account - if (clientdata.cmdnew) then - self.conf.action = "administrator" - self.conf.type = "redir" - - return administrator(self) - end - - --List all users and their userinfo - status.users = {} - local userlist = auth.list_users(self) - for k,v in pairs(userlist) do - local userinfo = auth.get_userinfo(self,v) - status.users[k] = cfe({ - name=v, - label=v, --- debug=userinfo, -- Debug info - value={ userid=cfe ({ - name="userid", - label="User ID", - value=userinfo.userid, - }), - username=cfe ({ - name="username", - label="Real name", - value=userinfo.username, - }), - roles=cfe ({ - name="roles", - label="Roles", - value=table.concat(userinfo.roles," / "), - option=userinfo.roles, - type="select", - }), - }, - - }) - local errormessage = "" - -- Check if this user has got any errors in the config - if (userinfo.password == "") or (userinfo.password == nil) then - errormessage = "This user has no password! ".. errormessage - end - -- Check if user has no roles - if (table.maxn(userinfo.roles) == 0) then - errormessage = "This user has no roles! " .. errormessage - end - -- If there where any errormessages, then present them - if (#errormessage > 0) then - status.users[k].value.errors = cfe ({ - name="errors", - label="Attention", - value=errormessage, - }) - end - end - - --Create a button for 'New user account' - status.cmdnew = cfe ({ - name="cmdnew", - type="submit", - label="Create new account", - value="Create", --- disabled="yes", - }) - return { status=status } -end - -function administrator(self) - - -- Redirect the user if he's not logged in. - check_logonstatus(self) - - local output = {} - - -- Check for admin persmissions - else redirect to personal options - if not (admin_permission()) then - self.conf.action = "editme" - self.conf.type = "redir" - return editme(self) - end - - -- Output userinfo - output = get_config(self,(self.clientdata.orguserid or self.clientdata.userid or "")) - - -- Clear password-field - output.password.value = "" - - -- Add some buttons - output.cmdsave = cfe ({ - name="cmdsave", - type="submit", - label="Save changes", - value="Save", - }) - output.cmddelete = cfe ({ - name="cmddelete", - type="submit", - label="Delete this account", - value="Delete", - }) - - return {config=output} + return self.model.get_users(self) end function editme(self) + -- just to make sure can't modify any other user from this action + self.clientdata.userid = sessiondata.userinfo.userid + self.clientdata.roles = nil + -- if password is blank, don't update it or require it + if self.clientdata.password == "" then self.clientdata.password = nil end + if self.clientdata.password_confirm == "" then self.clientdata.password_confirm = nil end - -- Redirect the user if he's not logged in. - check_logonstatus(self) - - -- Output userinfo - local output = get_config(self,sessiondata.userinfo.userid) + -- Update userinfo + local output = self.model.update_user(self, self.clientdata, false) - -- Hide roles/cmddelete for current the user - output.roles = nil - output.cmddelete = nil + -- Don't allow changing of roles for yourself + output.value.roles = nil - -- Disable userid - output.userid.disabled = "yes" - - -- Set userid - output.orguserid.value = self.sessiondata.userinfo.userid - - -- Add save-button - output.cmdsave = cfe ({ - name="cmdsave", - type="submit", - label="Save changes", - value="Save", - }) - - return {config=output} + output.label = "Edit My Settings" + return output end -local clientdata_from_roles = function(self) - local output = {} +function edituser(self) + -- if password is blank, don't update it or require it + if self.clientdata.password == "" then self.clientdata.password = nil end + if self.clientdata.password_confirm == "" then self.clientdata.password_confirm = nil end - for k,v in pairs(auth.list_roles()) do - if (self.clientdata[v]) then - table.insert(output, v) + -- FIXME this is because multi selects don't work in haserl + if self.clientdata.roles then + local newroles = {} + for x,role in pairs(self.clientdata.roles) do + newroles[#newroles + 1] = role end + self.clientdata.roles = newroles end - - return output -end - -function save(self) - -- Redirect the user if he's not logged in. - check_logonstatus(self) - - local errormessage = {} - local cmdresult = {} - -- FIXME: Check if user is allowed to save settings - -- FIXME: If user has little priviliges, then see to that he only can change hes own settings - -- At the moment... the user could send self.clientdata.orguserid = 'someoneelseid' and change hes settings. - -- This field is hidden for user... but advanced users could probably workaround somehow. + -- Update userinfo + local output = self.model.update_user(self, self.clientdata, false) - -- Delete selected user - if (clientdata.cmddelete) then - cmdresult["delete"],errormessage["delete"] = auth.delete_user(self,self.clientdata.orguserid) + -- result + if output.descr and output.errtxt == nil then + redirect(self, "status") end - -- If userid-filed is disabled, then use orguserid instead (hidden filed) - if not (self.clientdata.userid) then - self.clientdata.userid = self.clientdata.orguserid - end - - -- We start changing things based on input - if (clientdata.cmdsave) then - -- Check if password is written correct - if (self.clientdata.password == self.clientdata.password_confirm) and - (#self.clientdata.userid > 0) then - -- Check if we are editing a existing user or creating a new one - if (#clientdata.orguserid > 0) then - local variables="username userid roles" - -- Change password if user entered any values - if (#self.clientdata.password > 0) then - variables = variables .. " password" - end - -- Concate roles into one chunk of data (needed by the model) - self.clientdata.roles = table.concat(clientdata_from_roles(self), ",") + output.label = "Edit User Settings" + return output +end --- cmdresult.debugs = self.clientdata.orguserid -- Debug information - for var in string.gmatch(variables, "%S+") do - if (self.clientdata[var]) then - cmdresult["cmdtype"] = "change" - cmdresult[var],errormessage[var] = auth.change_settings( - self, - self.clientdata.orguserid, - var, self.clientdata[var] - ) - end - end - else - -- We are about to create a new user - cmdresult["cmdtype"] = "new" - cmdresult["new"],errormessage["new"] = auth.new_settings( - self, - self.clientdata.userid, - self.clientdata.username, - self.clientdata.password, - self.clientdata.password_confirm, - clientdata_from_roles(self) - ) - end - elseif (self.clientdata.password ~= self.clientdata.password_confirm) then - errormessage.none = {password_confirm = "You entered wrong password/confirmation"} - elseif (#self.clientdata.userid == 0) then - errormessage.none = {userid = "Userid can not be blank!"} +function newuser(self) + -- FIXME this is because multi selects don't work in haserl + if self.clientdata.roles then + local newroles = {} + for x,role in pairs(self.clientdata.roles) do + newroles[#newroles + 1] = role end + self.clientdata.roles = newroles end - -- Fetch saved values - local output = administrator(self) + -- Update userinfo + local output = self.model.update_user(self, self.clientdata, true) - -- Report errors from previously entered values (present this error for the user) - if (cmdresult["cmdtype"] == "new") then - -- Report where the user entered som errors - for k,v in pairs(errormessage["new"]) do - output.config[k].errtxt = v - end - else - -- Report where the user entered som errors - for k,v in pairs(errormessage) do - for kk,vv in pairs(v) do - output.config[kk].errtxt = vv - end - end + -- result + if output.descr and output.errtxt == nil then + redirect(self, "status") end - -- If there was any errormessage then return to previous page and present the errormessage - for k,v in pairs(errormessage) do - for kk,vv in pairs(v) do - - -- Incase we entered some invalid options, but entered correct Password (and it has been changed) - -- then inform the user that the password has been changed - if (cmdresult.password) then - output.config.password.descr = "* Password has been changed!" - end - - -- Write the previously entered information on the screen. - for k,v in pairs(self.clientdata) do - if (output.config[k]) and (k == roles) then - table.insert(output.config[k].option, v) - elseif (output.config[k]) then - output.config[k].value = v - end - end - - -- Because something went wrong... clear the password and let the user re-enter the password/confirmation - output.config.password.value = "" - output.config.password_confirm.value = "" - - -- Debug information --- output.config.debugcmdresult = cmdresult -- Debug information - - -- Redirect page - self.conf.action = "administrator" - self.conf.type = "redir" - return output - end - end + output.label = "New User Settings" + return output +end - --If everything went OK then redirect to main page - self.conf.action = "status" - self.conf.type = "redir" - return status(self) +function deleteuser(self) + self.model.delete_user(self, self.clientdata.userid) + redirect(self, "status") end |