[wellwell-devel] [SCM] Interchange wellwell catalog branch, master, updated. 498b05ab0cf5db5bcac9167ea2967cf22b4b8db3
Stefan Hornburg
racke at rt.icdevgroup.org
Mon Mar 29 12:39:04 UTC 2010
via 498b05ab0cf5db5bcac9167ea2967cf22b4b8db3 (commit)
via 78d6bc5a9428b227048745214adab06a6a67feaa (commit)
from e2fff4ce7ccdd262c55836a79889eda9a49ddd30 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 498b05ab0cf5db5bcac9167ea2967cf22b4b8db3
Author: Stefan Hornburg (Racke) <racke at linuxia.de>
Date: Mon Mar 29 14:37:23 2010 +0200
moved [acl] tag to module
try to automagically recognize key for username
allow StartupHooks routines to mangle catalog configuration
commit 78d6bc5a9428b227048745214adab06a6a67feaa
Author: Stefan Hornburg (Racke) <racke at linuxia.de>
Date: Mon Mar 29 14:24:40 2010 +0200
avoid unnecessary [acl] calls
-----------------------------------------------------------------------
Summary of changes and diff:
catalog.cfg | 3 ++
code/acl.tag | 72 ------------------------------------
lib/WellWell/ACL.pm | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++
lib/WellWell/Core.pm | 7 +++-
lib/WellWell/Data.pm | 74 +++++++++++++++++++++++++++++++++++++
lib/WellWell/Menu.pm | 4 +-
6 files changed, 184 insertions(+), 75 deletions(-)
delete mode 100644 code/acl.tag
create mode 100644 lib/WellWell/ACL.pm
create mode 100644 lib/WellWell/Data.pm
diff --git a/catalog.cfg b/catalog.cfg
index b1aa581..e28b876 100644
--- a/catalog.cfg
+++ b/catalog.cfg
@@ -20,6 +20,9 @@ ImageDir __IMAGE_URL__/
# Custom functions
include code/*.*
+# Functions to run after completion of the configuration
+StartupHooks prepare_database
+
# Profiles
OrderProfile profiles/*.profile
diff --git a/code/acl.tag b/code/acl.tag
deleted file mode 100644
index c1bdf4a..0000000
--- a/code/acl.tag
+++ /dev/null
@@ -1,72 +0,0 @@
-#
-# Syntax: [acl check]
-#
-# function=check permission=enter_titles
-# function=check permission.0=enter_titles_without_approval
-# permission.1=enter_titles
-# function=check permission=change_own_titles uid="[scratch entered_by]"
-#
-# Without body it returns first matching permission or empty string if no
-# permission is granted.
-#
-# With body it returns the body if permission is granted.
-#
-
-UserTag acl Order function permission uid
-UserTag acl AddAttr
-UserTag acl HasEndTag
-UserTag acl Routine <<EOR
-sub {
- my ($function, $permission, $uid, $opt, $body) = @_;
- my ($qual, $set, $ret);
-
- return 1 unless $permission;
-
- $Tag->perl({tables => "roles user_roles permissions"});
-
- # match UID on request
- if ($uid) {
- return unless $uid == $Session->{username};
- }
-
- # determine qualifier based on user and corresponding roles
- if ($Session->{logged_in}) {
- my (@roles, $role_string);
-
- $roles[0] = 2; # role "authenticated"
-
- $set = $Db{user_roles}->query(qq{select rid from user_roles where uid = $Session->{username}});
- for (@$set) {
- push(@roles, $_->[0]);
- }
- $role_string = join (',', @roles);
-
- $qual = qq{(uid = $Session->{username} or rid in ($role_string))};
- } else {
- # anonymous role
- $qual = q{rid = 1};
- }
-
- # check for proper permission
- my @permissions = ref($permission) eq 'ARRAY' ? @$permission : ($permission);
-
- for my $perm (@permissions) {
- $set = $Db{permissions}->query(qq{select count(*) from permissions where perm = '%s' and $qual}, $perm);
-
- if ($set->[0]->[0]) {
- $ret = $perm;
- last;
- }
- }
-
- if ($opt->{reverse}) {
- $ret = ! $ret;
- }
-
- if ($ret && length($body)) {
- return $body;
- }
-
- return $ret;
-}
-EOR
diff --git a/lib/WellWell/ACL.pm b/lib/WellWell/ACL.pm
new file mode 100644
index 0000000..137ab20
--- /dev/null
+++ b/lib/WellWell/ACL.pm
@@ -0,0 +1,99 @@
+# WellWell::ACL - WellWell access control routines
+#
+# Copyright (C) 2010 Stefan Hornburg (Racke) <racke at linuxia.de>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package WellWell::ACL;
+
+use strict;
+use warnings;
+
+use Vend::Config;
+use Vend::Data;
+
+Vend::Config::parse_tag('UserTag', 'acl Order function permission uid');
+Vend::Config::parse_tag('UserTag', 'acl AddAttr');
+Vend::Config::parse_tag('UserTag', 'acl HasEndTag');
+Vend::Config::parse_tag('UserTag', 'acl MapRoutine WellWell::ACL::acl');
+
+sub acl {
+ my ($function, $permission, $uid, $opt, $body) = @_;
+ my ($qual, $set, $ret, $acl_config);
+
+ return 1 unless $permission;
+
+ unless ($acl_config = $Vend::Cfg->{ACL}) {
+ die errmsg("ACL configuration missing in [acl tag].");
+ }
+
+ # match UID on request
+ if ($uid) {
+ return unless $uid eq $Vend::Session->{username};
+ }
+
+ # determine qualifier based on user and corresponding roles
+ if ($Vend::Session->{logged_in}) {
+ my (@roles, $role_string, $db_roles);
+
+ $roles[0] = 2; # role "authenticated"
+
+ unless ($db_roles = database_exists_ref('user_roles')) {
+ die errmsg("Database missing in [acl] tag: %s", 'user_roles');
+ }
+
+ $set = $db_roles->query($acl_config->{roles_query}, $Vend::Session->{username});
+
+ for (@$set) {
+ push(@roles, $_->[0]);
+ }
+ $role_string = join (',', @roles);
+
+ $qual = sprintf($acl_config->{roles_qual}, $Vend::Session->{username}, $role_string);
+ } else {
+ # anonymous role
+ $qual = q{rid = 1};
+ }
+
+ # check for proper permission
+ my $db_perms;
+ my @permissions = ref($permission) eq 'ARRAY' ? @$permission : ($permission);
+
+ unless ($db_perms = database_exists_ref('permissions')) {
+ die errmsg("Database missing in [acl] tag: %s", 'permissions');
+ }
+
+ for my $perm (@permissions) {
+ $set = $db_perms->query(qq{select count(*) from permissions where perm = '%s' and $qual}, $perm);
+
+ if ($set->[0]->[0]) {
+ $ret = $perm;
+ last;
+ }
+ }
+
+ if ($opt->{reverse}) {
+ $ret = ! $ret;
+ }
+
+ if ($ret && length($body)) {
+ return $body;
+ }
+
+ return $ret;
+}
+
+1;
diff --git a/lib/WellWell/Core.pm b/lib/WellWell/Core.pm
index 4be1d45..de2129f 100644
--- a/lib/WellWell/Core.pm
+++ b/lib/WellWell/Core.pm
@@ -22,11 +22,15 @@ package WellWell::Core;
use Vend::Config;
use WellWell::Cart;
+use WellWell::Data;
# setup configuration directives
Vend::Config::parse_directive('Hook', 'Hook hook');
Vend::Config::parse_directive('StartupHooks', 'StartupHooks startup_hooks');
+# predefined startup hooks
+Vend::Config::parse_subroutine('GlobalSub', 'prepare_database WellWell::Data::prepare_database');
+
# all what we want is to transfer CGI values from CGI to the Values
# space, and nothing else
Vend::Config::parse_tag('UserTag', 'values_update MapRoutine Vend::Dispatch::update_values');
@@ -84,8 +88,9 @@ sub parse_startup_hooks {
$Vend::Cfg = $Vend::Config::C;
$::Variable = $Vend::Cfg->{Variable};
$::Pragma = $Vend::Cfg->{Pragma};
+ open_database();
Vend::Dispatch::run_macro($routines);
- $Vend::Cfg = $save;
+# $Vend::Cfg = $save;
return 1;
};
diff --git a/lib/WellWell/Data.pm b/lib/WellWell/Data.pm
new file mode 100644
index 0000000..989162d
--- /dev/null
+++ b/lib/WellWell/Data.pm
@@ -0,0 +1,74 @@
+# WellWell::Data - WellWell database routines
+#
+# Copyright (C) 2010 Stefan Hornburg (Racke) <racke at linuxia.de>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package WellWell::Data;
+
+use strict;
+use warnings;
+
+use Vend::Data;
+
+sub prepare_database {
+ my ($userdb_ref, $users_table, %dbif);
+ my ($users_key, $users_key_numeric);
+
+ $userdb_ref = $Vend::Cfg->{UserDB};
+ $users_table = $userdb_ref->{database} || 'userdb';
+
+ unless ($dbif{users} = database_exists_ref($users_table)) {
+ die ::errmsg('Database missing: %s', $users_table);
+ }
+
+ # "username" field which ends up in $Session->{username}
+
+ $users_key = $dbif{users}->config('KEY');
+ $users_key_numeric = $dbif{users}->numeric($users_key);
+
+ # in addition to the user database we need the following tables:
+ # user_roles and permissions - with corresponding field for username
+
+ for my $table (qw/user_roles permissions/) {
+ unless ($dbif{$table} = database_exists_ref($table)) {
+ die ::errmsg('Database missing: %s', $table);
+ }
+
+ unless ($dbif{$table}->column_exists($users_key)) {
+ die ::errmsg('Column %s missing in %s', $users_key, $table);
+ }
+ }
+
+ # determine query for user's roles
+ my ($roles_query, $roles_qual);
+
+ if ($users_key_numeric) {
+ $roles_query = qq{select rid from user_roles where $users_key = %s};
+ }
+ else {
+ $roles_query = qq{select rid from user_roles where $users_key = '%s'};
+ }
+
+ $roles_qual = qq{$users_key = '%s' or rid in (%s)};
+
+ $Vend::Cfg->{ACL}->{roles_query} = $roles_query;
+ $Vend::Cfg->{ACL}->{roles_qual} = $roles_qual;
+
+ return;
+}
+
+1;
diff --git a/lib/WellWell/Menu.pm b/lib/WellWell/Menu.pm
index 652e1fc..93a4607 100644
--- a/lib/WellWell/Menu.pm
+++ b/lib/WellWell/Menu.pm
@@ -1,6 +1,6 @@
# WellWell::Menu - WellWell Menu Functions/Tags
#
-# Copyright (C) 2009 Stefan Hornburg (Racke) <racke at linuxia.de>.
+# Copyright (C) 2009,2010 Stefan Hornburg (Racke) <racke at linuxia.de>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -51,7 +51,7 @@ sub display {
}
for (@$set) {
- next unless Vend::Tags->acl('check', $_->{permission});
+ next if $_->{permission} && ! Vend::Tags->acl('check', $_->{permission});
push(@entries, $_);
}
hooks/post-receive
--
Interchange wellwell catalog
More information about the wellwell-devel
mailing list