Move identification of relevant permission from helpers.lua to access.lua

access.lua

@@ -265,12 +265,46 @@ if conf["redirected_regex"] then
 end
 
 --
+-- 4. IDENTIFY THE RELEVANT PERMISSION
+--
+-- In particular, the conf is filled with permissions such as:
+--
+--        "foobar": {
+--            "auth_header": false,
+--            "label": "Foobar permission",
+--            "public": false,
+--            "show_tile": true,
+--            "uris": [
+--                "yolo.test/foobar",
+--                "re:^[^/]*/%.well%-known/foobar/.*$",
+--            ],
+--            "users": ["alice", "bob"]
+--        }
 --
 --
+-- And we find the best matching permission by trying to match the request uri
+-- against all the uris rules/regexes from the conf and keep the longest matching one.
 --
 
+permission = nil
+longest_url_match = ""
 
+for permission_name, permission_infos in pairs(conf["permissions"]) do
+    if next(permission_infos['uris']) ~= nil then
+        for _, url in pairs(permission_infos['uris']) do
+            if string.starts(url, "re:") then
+                url = string.sub(url, 4, string.len(url))
+            end
 
+            local m = hlp.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
+            if m ~= nil and string.len(m) > string.len(longest_url_match) then
+                longest_url_match = m
+                permission = permission_infos
+                permission["id"] = permission_name
+            end
+        end
+    end
+end
 
 --
 --
@@ -278,7 +312,6 @@ end
 --
 
 
-local permission = hlp.get_best_permission()
 
 if permission then
     if is_logged_in then

config.lua

@@ -60,7 +60,8 @@ function get_config()
         allow_mail_authentication = true,
         default_language          = "en",
         theme                     = "default",
-        logging                   = "fatal" -- Only log fatal messages by default (so apriori nothing)
+        logging                   = "fatal", -- Only log fatal messages by default (so apriori nothing)
+        permissions               = {}
     }
 
 

helpers.lua

@@ -296,34 +296,6 @@ function log_access(user, uri)
   end
 end
 
-function get_best_permission()
-    if not conf["permissions"] then
-        conf["permissions"] = {}
-    end
-
-    local permission_match = nil
-    local longest_url_match = ""
-    
-    for permission_name, permission in pairs(conf["permissions"]) do
-        if next(permission['uris']) ~= nil then
-            for _, url in pairs(permission['uris']) do
-                if string.starts(url, "re:") then
-                    url = string.sub(url, 4, string.len(url))
-                end
-
-                local m = match(ngx.var.host..ngx.var.uri..uri_args_string(), url)
-                if m ~= nil and string.len(m) > string.len(longest_url_match) then
-                    longest_url_match = m
-                    permission_match = permission
-                    logger.debug("Match "..m)
-                end
-            end
-        end
-    end
-
-    return permission_match
-end
-
 -- Check whether a user is allowed to access a URL using the `permissions` directive
 -- of the configuration file
 function has_access(permission, user)