Passwd file permissions are no longer modified in make; re-enabled PATH_INFO
authorTimm S. Mueller <tmueller@neoscientists.org>
Sat, 24 Nov 2007 20:53:20 +0100
changeset 206450cd443de9f
parent 205 4b7e44d9cc88
child 207 ec4e6b25c0f1
Passwd file permissions are no longer modified in make; re-enabled PATH_INFO
evaluation in Request class; added "seeall" permission, swapped meanings of
"c" and "p" permission rights; added defprofile setting; username attribute
is now optional in password db (falls back to loginname)
Makefile
cgi-bin/tek/class/cgi/request.lua
cgi-bin/tek/class/loona.lua
etc/config.lua.sample
     1.1 --- a/Makefile	Sat Nov 24 20:47:22 2007 +0100
     1.2 +++ b/Makefile	Sat Nov 24 20:53:20 2007 +0100
     1.3 @@ -72,8 +72,6 @@
     1.4  	chown -R $(WWWUSER) $(VARDIR)/sessions $(VARDIR)/htmlcache
     1.5  	chown -R $(WWWUSER) $(CONTENTDIR) $(HTDIR)
     1.6  	find . -name CVS -type d | xargs -r chmod g+rw
     1.7 -	-chown $(WWWUSER):$(GROUP) $(ETCDIR)/passwd.lua
     1.8 -	-chmod 460 $(ETCDIR)/passwd.lua
     1.9  
    1.10  
    1.11  all: modules setup permissions
     2.1 --- a/cgi-bin/tek/class/cgi/request.lua	Sat Nov 24 20:47:22 2007 +0100
     2.2 +++ b/cgi-bin/tek/class/cgi/request.lua	Sat Nov 24 20:53:20 2007 +0100
     2.3 @@ -45,6 +45,7 @@
     2.4  	self.UNIQUE_ID = self.getenv("UNIQUE_ID")
     2.5  	self.REQUEST_URI = self.getenv("REQUEST_URI")
     2.6  	self.SCRIPT_FILENAME = self.getenv("SCRIPT_FILENAME")
     2.7 +	self.PATH_INFO = getenv("PATH_INFO")
     2.8  
     2.9  	return self
    2.10  
    2.11 @@ -119,6 +120,7 @@
    2.12  		self.document.Handler = pt
    2.13  
    2.14  		if vp then
    2.15 +			script = self.PATH_INFO or script
    2.16  			-- isolate document name by matching virtual path at end:
    2.17  			if script:sub(-vp:len()) == vp then
    2.18  				script = script:sub(1, script:len() - vp:len())
     3.1 --- a/cgi-bin/tek/class/loona.lua	Sat Nov 24 20:47:22 2007 +0100
     3.2 +++ b/cgi-bin/tek/class/loona.lua	Sat Nov 24 20:53:20 2007 +0100
     3.3 @@ -13,6 +13,8 @@
     3.4  local Request = require "tek.class.cgi.request"
     3.5  local util = require "tek.class.loona.util"
     3.6  local markup = require "tek.class.loona.markup"
     3.7 +-- local db = require "tek.lib.debug"
     3.8 +-- db.level = 4
     3.9  
    3.10  local boxed_G = {
    3.11  	string = string, table = table,
    3.12 @@ -254,7 +256,7 @@
    3.13  	self:recursesections(self.sections, function(self, s, e)
    3.14  		local permitted = true
    3.15  		local sectperm = e.permissions
    3.16 -		if sectperm and sectperm ~= "" then
    3.17 +		if sectperm and sectperm ~= "" and not self.authuser_seeall then
    3.18  			permitted = false
    3.19  			if userperm then
    3.20  				local num = sectperm:len()
    3.21 @@ -713,8 +715,7 @@
    3.22  	local contentdir = self.contentdir
    3.23  	local edit, show, hidden, extramsg, changed
    3.24  
    3.25 -	if self.authuser_edit or self.authuser_profile or
    3.26 -		self.authuser_modifyprofile or self.authuser_menu then
    3.27 +	if self.authuser_edit or self.authuser_profile or self.authuser_menu then
    3.28  
    3.29  		local hiddenvars = table.concat( {
    3.30  			self:hidden("lang", self.args.lang),
    3.31 @@ -910,47 +911,45 @@
    3.32  			self.args.actionchangeprofile or
    3.33  			self.args.actionchangelanguage or
    3.34  			self.args.actionpublishprofile) and editkey == "main" and
    3.35 -			(self.authuser_profile or self.authuser_modifyprofile) then
    3.36 +			self.authuser_profile then
    3.37  			hidden = true
    3.38 -			if self.authuser_profile then
    3.39 -				self:out([[
    3.40 -				<form action="]] .. self.document .. [[" method="post" accept-charset="utf-8">
    3.41 -					<fieldset>
    3.42 -						<legend>
    3.43 -							]] .. self.locale.CHANGEPROFILE .. [[
    3.44 -						</legend>
    3.45 -						<select name="changeprofile" size="1">]])
    3.46 -							for _, val in ipairs(self:getprofiles()) do
    3.47 -								self:out('<option' .. (val == self.profile and ' selected="selected"' or '') .. '>')
    3.48 -								self:out(val)
    3.49 -								self:out('</option>')
    3.50 -							end
    3.51 -						self:out([[
    3.52 -						</select>
    3.53 -						<input type="submit" name="actionchangeprofile" value="]] .. self.locale.CHANGE ..[[" />
    3.54 -						]] .. hiddenvars .. [[
    3.55 -					</fieldset>
    3.56 -				</form>
    3.57 -				<form action="]] .. self.document .. [[" method="post" accept-charset="utf-8">
    3.58 -					<fieldset>
    3.59 -						<legend>
    3.60 -							]] .. self.locale.CHANGELANGUAGE .. [[
    3.61 -						</legend>
    3.62 -						<select name="changelanguage" size="1">]])
    3.63 -							for _, val in ipairs(self:getlanguages()) do
    3.64 -								self:out('<option' .. (val == self.lang and ' selected="selected"' or '') .. '>')
    3.65 -								self:out(val)
    3.66 -								self:out('</option>')
    3.67 -							end
    3.68 -						self:out([[
    3.69 -						</select>
    3.70 -						<input type="submit" name="actionchangelanguage" value="]] .. self.locale.CHANGE ..[[" />
    3.71 -						]] .. hiddenvars .. [[
    3.72 -					</fieldset>
    3.73 -				</form>
    3.74 -				]])
    3.75 -			end
    3.76 -			if self.authuser_modifyprofile then
    3.77 +			self:out([[
    3.78 +			<form action="]] .. self.document .. [[" method="post" accept-charset="utf-8">
    3.79 +				<fieldset>
    3.80 +					<legend>
    3.81 +						]] .. self.locale.CHANGEPROFILE .. [[
    3.82 +					</legend>
    3.83 +					<select name="changeprofile" size="1">]])
    3.84 +						for _, val in ipairs(self:getprofiles()) do
    3.85 +							self:out('<option' .. (val == self.profile and ' selected="selected"' or '') .. '>')
    3.86 +							self:out(val)
    3.87 +							self:out('</option>')
    3.88 +						end
    3.89 +					self:out([[
    3.90 +					</select>
    3.91 +					<input type="submit" name="actionchangeprofile" value="]] .. self.locale.CHANGE ..[[" />
    3.92 +					]] .. hiddenvars .. [[
    3.93 +				</fieldset>
    3.94 +			</form>
    3.95 +			<form action="]] .. self.document .. [[" method="post" accept-charset="utf-8">
    3.96 +				<fieldset>
    3.97 +					<legend>
    3.98 +						]] .. self.locale.CHANGELANGUAGE .. [[
    3.99 +					</legend>
   3.100 +					<select name="changelanguage" size="1">]])
   3.101 +						for _, val in ipairs(self:getlanguages()) do
   3.102 +							self:out('<option' .. (val == self.lang and ' selected="selected"' or '') .. '>')
   3.103 +							self:out(val)
   3.104 +							self:out('</option>')
   3.105 +						end
   3.106 +					self:out([[
   3.107 +					</select>
   3.108 +					<input type="submit" name="actionchangelanguage" value="]] .. self.locale.CHANGE ..[[" />
   3.109 +					]] .. hiddenvars .. [[
   3.110 +				</fieldset>
   3.111 +			</form>
   3.112 +			]])
   3.113 +			if self.authuser_publish then
   3.114  				self:out([[
   3.115  				<form action="]] .. self.document ..[[" method="post" accept-charset="utf-8">
   3.116  					<fieldset>
   3.117 @@ -966,8 +965,8 @@
   3.118  				</form>
   3.119  				]])
   3.120  			end
   3.121 -			if not self.ispubprofile or self.config.editablepubprofile and
   3.122 -				self.authuser_modifyprofile then
   3.123 +			if (not self.ispubprofile or self.config.editablepubprofile) and
   3.124 +				self.authuser_publish then
   3.125  				self:out([[
   3.126  				<form action="]] .. self.document .. [[" method="post" accept-charset="utf-8">
   3.127  					<fieldset>
   3.128 @@ -992,8 +991,8 @@
   3.129  				]])
   3.130  			end
   3.131  
   3.132 -		elseif self.args.actionedit and editkey == self.args.editkey then
   3.133 -			if not self.section.redirect and self.authuser_edit then
   3.134 +		elseif self.args.actionedit and editkey == self.args.editkey and self.authuser_edit then
   3.135 +			if not self.section.redirect then
   3.136  				extramsg = self.ispubprofile and
   3.137  					self.locale.WARNING_YOU_ARE_IN_PUBLISHED_PROFILE
   3.138  				edit = self:loadcontent(fname):gsub("\194\160", "&nbsp;") -- TODO
   3.139 @@ -1221,8 +1220,10 @@
   3.140  
   3.141  	-- get profile
   3.142  
   3.143 -	local checkprofile =
   3.144 -		self.authuser_profile and self.args.profile or self.pubprofile or "work"
   3.145 +	local checkprofile = self.authuser and
   3.146 +		(self.authuser_profile and self.args.profile or self.session.data.profile)
   3.147 +		or self.config.defprofile or self.pubprofile or "work"
   3.148 +
   3.149  	for _, lang in ipairs(self.langs) do
   3.150  		if profiles[checkprofile .. "_" .. lang] then
   3.151  			self.profile = checkprofile
   3.152 @@ -1611,7 +1612,6 @@
   3.153  	self.args = self.request:getargs()
   3.154  	self.cgi_document = self.request:getdocument()
   3.155  
   3.156 ---  	self.scriptpath = self.scriptpath or self.cgi_document.Path
   3.157  	self.requesthandler = self.requesthandler or self.cgi_document.Handler
   3.158   	self.requestdocument = self.requestdocument or self.cgi_document.Name
   3.159  	self.requestpath = self.requestpath or self.cgi_document.VirtualPath
   3.160 @@ -1635,12 +1635,13 @@
   3.161  				self.session = nil
   3.162  			elseif self.args.password then
   3.163  				self.loginfailed = true
   3.164 -				local match, username, perm =
   3.165 +				local match, username, perm, profile =
   3.166  					self:checkpw(self.args.login, self.args.password)
   3.167  				if match then
   3.168  					self.session.data.authuser = self.args.login
   3.169  					self.session.data.username = username
   3.170  					self.session.data.permissions = perm
   3.171 +					self.session.data.profile = profile
   3.172  					self.session.data.id = self.session.id
   3.173  					self.loginfailed = nil
   3.174  				end
   3.175 @@ -1656,10 +1657,12 @@
   3.176  	else
   3.177  		self.authuser_edit = self.session.data.permissions:find("e") and true
   3.178  		self.authuser_menu = self.session.data.permissions:find("m") and true
   3.179 -		self.authuser_profile = self.session.data.permissions:find("p") and true
   3.180 -		self.authuser_modifyprofile = self.session.data.permissions:find("c") and true
   3.181 +		self.authuser_publish = self.session.data.permissions:find("p") and true
   3.182 +		self.authuser_profile = self.authuser_publish or
   3.183 +			self.session.data.permissions:find("c") and true
   3.184  		self.authuser_visible = self.session.data.permissions:find("v") and true
   3.185  		self.authuser_debug = self.session.data.permissions:find("d") and true
   3.186 +		self.authuser_seeall = self.session.data.permissions:find("a") and true
   3.187  	end
   3.188  
   3.189  
   3.190 @@ -1705,9 +1708,10 @@
   3.191  
   3.192  function Loona:checkpw(login, passwd)
   3.193  	local pwddb = lib.source(self.config.passwdfile)
   3.194 -	local pwdentry = pwddb[login]
   3.195 -	if pwdentry and pwdentry.password == passwd then
   3.196 -		return true, pwdentry.username, pwdentry.permissions or ""
   3.197 +	local pwdent = pwddb[login]
   3.198 +	if pwdent and pwdent.password == passwd then
   3.199 +		return true, pwdent.username or login,
   3.200 +			pwdent.permissions or "", pwdent.profile
   3.201  	end
   3.202  end
   3.203  
     4.1 --- a/etc/config.lua.sample	Sat Nov 24 20:47:22 2007 +0100
     4.2 +++ b/etc/config.lua.sample	Sat Nov 24 20:53:20 2007 +0100
     4.3 @@ -7,7 +7,7 @@
     4.4  --
     4.5  --	You can use absolute or relative paths. By default, the application
     4.6  --	is intended to work 'out of the box' from the cgi-bin/ directory
     4.7 ---	without further installation, hence the relative paths.
     4.8 +--	without further installation.
     4.9  --
    4.10  -------------------------------------------------------------------------------
    4.11  
    4.12 @@ -17,7 +17,7 @@
    4.13  -- Session directory ----------------------------------------------------------
    4.14  -- sessiondir = "../var/sessions";
    4.15  
    4.16 --- html cache directory -------------------------------------------------------
    4.17 +-- HTML cache directory -------------------------------------------------------
    4.18  -- htmlcachedir = "../var/htmlcache";
    4.19  
    4.20  -- Extensions directory -------------------------------------------------------
    4.21 @@ -49,3 +49,6 @@
    4.22  
    4.23  -- Allow editing of published profile -----------------------------------------
    4.24  -- editablepubprofile = false;
    4.25 +
    4.26 +-- Default profile a user is thrown into by default ---------------------------
    4.27 +-- defprofile = "...";