1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
-- Roles/Group functions
module (..., package.seeall)
require("modelfunctions")
require("authenticator")
require("roles")
-- Return roles/permissions for specified user
get_user_roles = function(self, userid)
local userinfo = authenticator.get_userinfo(self, userid) or {}
rls = cfe({ type="list", value=userinfo.roles or {}, label="Roles" })
permissions = cfe({ type="table", value=roles.get_roles_perm(self, rls.value), label="Permissions" })
return cfe({ type="group", value={roles=rls, permissions=permissions} })
end
-- Return permissions for specified role
get_role_perms = function(self, role)
return cfe({ type="table", value=roles.get_role_perm(self, role), label="Permissions" })
end
-- Return list of all permissions
get_perms_list = function(self)
return cfe({ type="table", value=roles.get_all_permissions(self), label="All Permissions" })
end
view_roles = function(self)
local defined_roles, default_roles = roles.list_roles(self)
local defined_roles_cfe=cfe({ type="list", value=defined_roles, label="Locally-defined roles" })
local default_roles_cfe=cfe({ type="list", value=default_roles, label="System-defined roles" })
return cfe({ type="group", value={defined_roles=defined_roles_cfe, default_roles=default_roles_cfe} })
end
getpermissions = function(self, role)
local my_perms = {}
local default_perms = {}
if role then
local tmp
tmp, my_perms, default_perms = roles.get_role_perm(self, role)
my_perms = my_perms or {}
default_perms = default_perms or {}
else
role = ""
end
local tmp, all_perms = roles.get_all_permissions(self)
table.sort(all_perms)
local permissions_cfe = cfe({ type="multi", value=my_perms, option=all_perms, label="Role permissions", default=default_perms })
local role_cfe = cfe({ value=role, label="Role" })
return cfe({ type="table", value={role=role_cfe, permissions=permissions_cfe} })
end
setpermissions = function(self, permissions, newrole)
-- Validate entries and create error strings
local result = true
if newrole then
-- make sure not overwriting role
local defined_roles, default_roles = roles.list_roles(self)
local reverseroles = {}
for i,role in ipairs(defined_roles) do reverseroles[role] = i end
for i,role in ipairs(default_roles) do reverseroles[role] = i end
if reverseroles[permissions.value.role.value] then
result = false
permissions.value.role.errtxt = "Role already exists"
permissions.errtxt = "Failed to create role"
end
end
-- Try to set the value
if result==true then
result, permissions.value.role.errtxt = roles.set_role_perm(self, permissions.value.role.value, nil, permissions.value.permissions.value)
if not result then
permissions.errtxt = "Failed to save role"
end
end
return permissions
end
delete_role = function(self, role)
local result, cmdresult = roles.delete_role(self, role)
return cfe({ value=cmdresult })
end
|
