Added lua validate code into provisioning_params table, added example for mac address

1 files changed, 61 insertions, 16 deletions

diff --git a/provisioning-model.lua b/provisioning-model.lua
index 683b90d..bb68af6 100644
--- a/provisioning-model.lua
+++ b/provisioning-model.lua
@@ -219,13 +219,42 @@ validateparam = function(p)
 	return true
 end
 
+-- These are the functions that may be called from within loaded Lua code
+local functions = {
+	getselectresponse=getselectresponse,
+	runsqlcommand=runsqlcommand,
+	get_device=get_device,
+	get_device_params=get_device_params,
+}
+
+local validateparamcoded
+validateparamcoded = function(p, top)
+	top = top or p
+	local success = true
+	if p.type == "group" then
+		for n,p2 in pairs(p.value) do
+			success = validateparamcoded(p2, top) and success
+		end
+		return success
+	end
+	if p.validate and p.validate ~= "" then
+		-- We have Lua validation code
+		local env = {}
+		setmetatable (env, {__index = _G})
+		-- loadfile loads into the global environment
+		-- so we set env 0, not env 1
+		setfenv (0, env)
+		local f = loadstring(p.validate)
+		if (f) then
+			p.value, p.errtxt = f(p.value, functions, top)
+			if p.errtxt then success = false end
+		end
+		setfenv (0, _G)
+	end
+	return success
+end
+
 local function callscript(script, ...)
-	local functions = {
-		getselectresponse=getselectresponse,
-		runsqlcommand=runsqlcommand,
-		get_device=get_device,
-		get_device_params=get_device_params,
-	}
 	local env = {}
 	setmetatable (env, {__index = _G})
 	-- loadfile loads into the global environment
@@ -236,23 +265,30 @@ local function callscript(script, ...)
 	setfenv (0, _G)
 end
 
-local function validatefiledetails(filedetails)
+local function validateluacode(code)
 	local success = true
-	
+
 	-- Validate that contents are valid lua code
 	local env = {}
 	setmetatable (env, {__index = _G})
 	-- loadfile loads into the global environment
 	-- so we set env 0, not env 1
 	setfenv (0, env)
-	local f,err = loadstring(filedetails.value.filecontent.value)
-	if not (f) then
+	local f,errtxt = loadstring(code)
+	if not f then
 		success = false
-		filedetails.value.filecontent.errtxt = "Invalid Lua code\n"..(err or "")
 	end
 	setfenv (0, _G)
 	-- setmetatable (self.conf.app_hooks, {})
 
+	return success, errtxt
+end
+
+local function validatefiledetails(filedetails)
+	local success, errtxt = validateluacode(filedetails.value.filecontent.value)
+	if not success then
+		filedetails.value.filecontent.errtxt = "Invalid Lua code\n"..(errtxt or "")
+	end
 	return success, filedetails
 end
 
@@ -1003,8 +1039,8 @@ get_param = function(param_id)
 	retval.descr = cfe({label="Description", seq=5})
 	retval.value = cfe({label="Default Value", descr="Warning, this value is not validated", seq=6})
 	retval.regexp = cfe({label="Regular Expression", descr="Lua regular expression for validating the text parameter value", seq=7})
-	retval.seq = cfe({label="Sequence", seq=8})
--- FIXME - we should add validation and option stuff here
+	retval.validate = cfe({type="longtext", label="Validation Code", descr="Lua code to validate the parameter value. Returns updated value and error text. Not used to validate group defaults.", seq=8})
+	retval.seq = cfe({label="Sequence", seq=9})
 	local errtxt
 	local res, err = pcall(function()
 		local connected = databaseconnect()
@@ -1049,6 +1085,14 @@ update_param = function(param, create)
 		success = false
 		param.value.seq.errtxt = "Must be an integer"
 	end
+	local s,e = validateluacode(param.value.validate.value)
+	if not s then
+		success = false
+		param.value.validate.errtxt = "Invalid Lua code"
+		if e and e ~= "" then
+			param.value.validate.errtxt = param.value.validate.errtxt.."\n"..e
+		end
+	end
 	if success then
         	local res, err = pcall(function()
 			local connected = databaseconnect()
@@ -1064,7 +1108,7 @@ update_param = function(param, create)
 				local sql = "BEGIN TRANSACTION"
 				runsqlcommand(sql)
 				if create then
-					sql = "INSERT INTO provisioning_params VALUES(DEFAULT, '"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."')"
+					sql = "INSERT INTO provisioning_params VALUES(DEFAULT, '"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."', '"..escape(param.value.validate.value).."')"
 					runsqlcommand(sql, true)
 					sql = "SELECT param_id FROM provisioning_params WHERE name='"..escape(param.value.name.value).."' AND label='"..escape(param.value.label.value).."'"
 					local tmp = getselectresponse(sql, true)
@@ -1072,7 +1116,7 @@ update_param = function(param, create)
 						param.value.param_id.value = tmp[1].param_id
 					end
 				else
-					sql = "UPDATE provisioning_params SET (name, type, label, descr, value, seq, regexp) = ('"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."') WHERE param_id='"..escape(param.value.param_id.value).."'"
+					sql = "UPDATE provisioning_params SET (name, type, label, descr, value, seq, regexp, validate) = ('"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."', '"..escape(param.value.validate.value).."') WHERE param_id='"..escape(param.value.param_id.value).."'"
 					runsqlcommand(sql, true)
 				end
 
@@ -1323,7 +1367,7 @@ get_device_params = function(device_id, editable)
 					retval[g.name].type="group"
 				end
 				-- Then, get all of the parameters for this device
-				sql = "SELECT g.name AS group, g.label AS grouplabel, p.param_id, p.name, p.type, p.label, p.descr, p.seq, p.regexp, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value, CASE WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS default "..
+				sql = "SELECT g.name AS group, g.label AS grouplabel, p.param_id, p.name, p.type, p.label, p.descr, p.seq, p.regexp, p.validate, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value, CASE WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS default "..
 					"FROM (devices_to_classes d2t JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING (class_id) JOIN provisioning_groups g USING(group_id) "..
 						"JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id)) LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) "..
 					"WHERE d2t.device_id='"..escape(device_id).."'"
@@ -1380,6 +1424,7 @@ set_device_params = function(params, editable)
 	if success then
         	local res, err = pcall(function()
 			local connected = databaseconnect()
+			success = validateparamcoded(params)
 			if not create then
 				local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..escape(params.value.device_id.value).."' LIMIT 1"
 				local tmp = getselectresponse(sql)