[wellwell-devel] [SCM] Interchange wellwell catalog branch, master, updated. 498b05ab0cf5db5bcac9167ea2967cf22b4b8db3

Stefan Hornburg racke at rt.icdevgroup.org
Mon Mar 29 12:39:04 UTC 2010 

       via  498b05ab0cf5db5bcac9167ea2967cf22b4b8db3 (commit)
       via  78d6bc5a9428b227048745214adab06a6a67feaa (commit)
      from  e2fff4ce7ccdd262c55836a79889eda9a49ddd30 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 498b05ab0cf5db5bcac9167ea2967cf22b4b8db3
Author: Stefan Hornburg (Racke) <racke at linuxia.de>
Date:   Mon Mar 29 14:37:23 2010 +0200

    moved [acl] tag to module
    try to automagically recognize key for username
    allow StartupHooks routines to mangle catalog configuration

commit 78d6bc5a9428b227048745214adab06a6a67feaa
Author: Stefan Hornburg (Racke) <racke at linuxia.de>
Date:   Mon Mar 29 14:24:40 2010 +0200

    avoid unnecessary [acl] calls

-----------------------------------------------------------------------

Summary of changes and diff:
 catalog.cfg          |    3 ++
 code/acl.tag         |   72 ------------------------------------
 lib/WellWell/ACL.pm  |   99 ++++++++++++++++++++++++++++++++++++++++++++++++++
 lib/WellWell/Core.pm |    7 +++-
 lib/WellWell/Data.pm |   74 +++++++++++++++++++++++++++++++++++++
 lib/WellWell/Menu.pm |    4 +-
 6 files changed, 184 insertions(+), 75 deletions(-)
 delete mode 100644 code/acl.tag
 create mode 100644 lib/WellWell/ACL.pm
 create mode 100644 lib/WellWell/Data.pm

diff --git a/catalog.cfg b/catalog.cfg
index b1aa581..e28b876 100644
--- a/catalog.cfg
+++ b/catalog.cfg
@@ -20,6 +20,9 @@ ImageDir __IMAGE_URL__/
 # Custom functions
 include code/*.*
 
+# Functions to run after completion of the configuration
+StartupHooks prepare_database
+
 # Profiles
 OrderProfile profiles/*.profile
 
diff --git a/code/acl.tag b/code/acl.tag
deleted file mode 100644
index c1bdf4a..0000000
--- a/code/acl.tag
+++ /dev/null
@@ -1,72 +0,0 @@
-# 
-# Syntax: [acl check]
-#
-# function=check permission=enter_titles
-# function=check permission.0=enter_titles_without_approval 
-# 	permission.1=enter_titles
-# function=check permission=change_own_titles uid="[scratch entered_by]"
-#
-# Without body it returns first matching permission or empty string if no
-# permission is granted.
-#
-# With body it returns the body if permission is granted.
-#
-
-UserTag acl Order function permission uid
-UserTag acl AddAttr
-UserTag acl HasEndTag
-UserTag acl Routine <<EOR
-sub {
-	my ($function, $permission, $uid, $opt, $body) = @_;
-	my ($qual, $set, $ret);
-
-	return 1 unless $permission;
-
-	$Tag->perl({tables => "roles user_roles permissions"});
-
-	# match UID on request
-	if ($uid) {
-		return unless $uid == $Session->{username};
-	}
-
-	# determine qualifier based on user and corresponding roles
-	if ($Session->{logged_in}) {
-		my (@roles, $role_string);
-
-		$roles[0] = 2; # role "authenticated"
-
-		$set = $Db{user_roles}->query(qq{select rid from user_roles where uid = $Session->{username}});
-		for (@$set) {
-			push(@roles, $_->[0]);
-		}
-		$role_string = join (',', @roles);
-
-		$qual = qq{(uid = $Session->{username} or rid in ($role_string))}; 
-	} else {
-		# anonymous role
-		$qual = q{rid = 1};
-	}
-
-	# check for proper permission
-	my @permissions = ref($permission) eq 'ARRAY' ? @$permission : ($permission);
-
-	for my $perm (@permissions) {
-		$set = $Db{permissions}->query(qq{select count(*) from permissions where perm = '%s' and $qual}, $perm);
-
-		if ($set->[0]->[0]) {
-			$ret = $perm;
-			last;
-		}
-	}
-
-	if ($opt->{reverse}) {
-		$ret = ! $ret;
-	}
-
-	if ($ret && length($body)) {
-		return $body;
-	}
-
-	return $ret;
-}
-EOR
diff --git a/lib/WellWell/ACL.pm b/lib/WellWell/ACL.pm
new file mode 100644
index 0000000..137ab20
--- /dev/null
+++ b/lib/WellWell/ACL.pm
@@ -0,0 +1,99 @@
+# WellWell::ACL - WellWell access control routines
+#
+# Copyright (C) 2010 Stefan Hornburg (Racke) <racke at linuxia.de>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package WellWell::ACL;
+
+use strict;
+use warnings;
+
+use Vend::Config;
+use Vend::Data;
+
+Vend::Config::parse_tag('UserTag', 'acl Order function permission uid');
+Vend::Config::parse_tag('UserTag', 'acl AddAttr');
+Vend::Config::parse_tag('UserTag', 'acl HasEndTag');
+Vend::Config::parse_tag('UserTag', 'acl MapRoutine WellWell::ACL::acl');
+
+sub acl {
+	my ($function, $permission, $uid, $opt, $body) = @_;
+	my ($qual, $set, $ret, $acl_config);
+	
+	return 1 unless $permission;
+
+	unless ($acl_config = $Vend::Cfg->{ACL}) {
+		die errmsg("ACL configuration missing in [acl tag].");
+	}
+	
+	# match UID on request
+	if ($uid) {
+		return unless $uid eq $Vend::Session->{username};
+	}
+
+	# determine qualifier based on user and corresponding roles
+	if ($Vend::Session->{logged_in}) {
+		my (@roles, $role_string, $db_roles);
+
+		$roles[0] = 2; # role "authenticated"
+
+		unless ($db_roles = database_exists_ref('user_roles')) {
+			die errmsg("Database missing in [acl] tag: %s", 'user_roles');
+		}
+		
+		$set = $db_roles->query($acl_config->{roles_query}, $Vend::Session->{username});
+		
+		for (@$set) {
+			push(@roles, $_->[0]);
+		}
+		$role_string = join (',', @roles);
+
+		$qual = sprintf($acl_config->{roles_qual}, $Vend::Session->{username}, $role_string);
+	} else {
+		# anonymous role
+		$qual = q{rid = 1};
+	}
+
+	# check for proper permission
+	my $db_perms;
+	my @permissions = ref($permission) eq 'ARRAY' ? @$permission : ($permission);
+
+	unless ($db_perms = database_exists_ref('permissions')) {
+		die errmsg("Database missing in [acl] tag: %s", 'permissions');
+	}
+		
+	for my $perm (@permissions) {
+		$set = $db_perms->query(qq{select count(*) from permissions where perm = '%s' and $qual}, $perm);
+
+		if ($set->[0]->[0]) {
+			$ret = $perm;
+			last;
+		}
+	}
+
+	if ($opt->{reverse}) {
+		$ret = ! $ret;
+	}
+
+	if ($ret && length($body)) {
+		return $body;
+	}
+
+	return $ret;
+}
+
+1;
diff --git a/lib/WellWell/Core.pm b/lib/WellWell/Core.pm
index 4be1d45..de2129f 100644
--- a/lib/WellWell/Core.pm
+++ b/lib/WellWell/Core.pm
@@ -22,11 +22,15 @@ package WellWell::Core;
 use Vend::Config;
 
 use WellWell::Cart;
+use WellWell::Data;
 
 # setup configuration directives
 Vend::Config::parse_directive('Hook', 'Hook hook');
 Vend::Config::parse_directive('StartupHooks', 'StartupHooks startup_hooks');
 
+# predefined startup hooks
+Vend::Config::parse_subroutine('GlobalSub', 'prepare_database WellWell::Data::prepare_database');
+
 # all what we want is to transfer CGI values from CGI to the Values
 # space, and nothing else
 Vend::Config::parse_tag('UserTag', 'values_update MapRoutine Vend::Dispatch::update_values');
@@ -84,8 +88,9 @@ sub parse_startup_hooks {
 		$Vend::Cfg = $Vend::Config::C;
 		$::Variable = $Vend::Cfg->{Variable};
 		$::Pragma = $Vend::Cfg->{Pragma};
+		open_database();
 		Vend::Dispatch::run_macro($routines);
-		$Vend::Cfg = $save;
+#		$Vend::Cfg = $save;
 		return 1;
 	};
 
diff --git a/lib/WellWell/Data.pm b/lib/WellWell/Data.pm
new file mode 100644
index 0000000..989162d
--- /dev/null
+++ b/lib/WellWell/Data.pm
@@ -0,0 +1,74 @@
+# WellWell::Data - WellWell database routines
+#
+# Copyright (C) 2010 Stefan Hornburg (Racke) <racke at linuxia.de>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public
+# License along with this program; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA.
+
+package WellWell::Data;
+
+use strict;
+use warnings;
+
+use Vend::Data;
+
+sub prepare_database {
+	my ($userdb_ref, $users_table, %dbif);
+	my ($users_key, $users_key_numeric);
+	
+	$userdb_ref = $Vend::Cfg->{UserDB};
+	$users_table = $userdb_ref->{database} || 'userdb';
+
+	unless ($dbif{users} = database_exists_ref($users_table)) {
+		die ::errmsg('Database missing: %s', $users_table);
+	}
+
+	# "username" field which ends up in $Session->{username}
+	
+	$users_key = $dbif{users}->config('KEY');
+	$users_key_numeric = $dbif{users}->numeric($users_key);
+
+	# in addition to the user database we need the following tables:
+	# user_roles and permissions - with corresponding field for username
+	
+	for my $table (qw/user_roles permissions/) {
+		unless ($dbif{$table} = database_exists_ref($table)) {
+			die ::errmsg('Database missing: %s', $table);
+		}
+
+		unless ($dbif{$table}->column_exists($users_key)) {
+			die ::errmsg('Column %s missing in %s', $users_key, $table);
+		}
+	}
+
+	# determine query for user's roles
+	my ($roles_query, $roles_qual);
+
+	if ($users_key_numeric) {
+		$roles_query = qq{select rid from user_roles where $users_key = %s};
+	}
+	else {
+		$roles_query = qq{select rid from user_roles where $users_key = '%s'};
+	}
+
+	$roles_qual = qq{$users_key = '%s' or rid in (%s)};
+	
+	$Vend::Cfg->{ACL}->{roles_query} = $roles_query;
+	$Vend::Cfg->{ACL}->{roles_qual} = $roles_qual;	
+
+	return;
+}
+
+1;
diff --git a/lib/WellWell/Menu.pm b/lib/WellWell/Menu.pm
index 652e1fc..93a4607 100644
--- a/lib/WellWell/Menu.pm
+++ b/lib/WellWell/Menu.pm
@@ -1,6 +1,6 @@
 # WellWell::Menu - WellWell Menu Functions/Tags
 #
-# Copyright (C) 2009 Stefan Hornburg (Racke) <racke at linuxia.de>.
+# Copyright (C) 2009,2010 Stefan Hornburg (Racke) <racke at linuxia.de>.
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -51,7 +51,7 @@ sub display {
 	}
 	
 	for (@$set) {
-		next unless Vend::Tags->acl('check', $_->{permission});
+		next if $_->{permission} && ! Vend::Tags->acl('check', $_->{permission});
 
 		push(@entries, $_);
 	}


hooks/post-receive
-- 
Interchange wellwell catalog

More information about the wellwell-devel mailing list