Move identification of relevant permission from helpers.lua to access.lua

2024-09-03 20:06:27 +02:00 · 2020-09-20 17:57:23 +02:00 · 2020-09-20 17:57:23 +02:00 · a11d8f0d87
commit a11d8f0d87
parent abc38bbffe
3 changed files with 36 additions and 30 deletions
--- a/access.lua
+++ b/access.lua
@ -265,12 +265,46 @@ if conf["redirected_regex"] then
 end

 --
+-- 4. IDENTIFY THE RELEVANT PERMISSION
+--
+-- In particular, the conf is filled with permissions such as:
+--
+--        "foobar": {
+--            "auth_header": false,
+--            "label": "Foobar permission",
+--            "public": false,
+--            "show_tile": true,
+--            "uris": [
+--                "yolo.test/foobar",
+--                "re:^[^/]*/%.well%-known/foobar/.*$",
+--            ],
+--            "users": ["alice", "bob"]
+--        }
 --
 --
+-- And we find the best matching permission by trying to match the request uri
+-- against all the uris rules/regexes from the conf and keep the longest matching one.
 --

+permission = nil
+longest_url_match = ""

+for permission_name, permission_infos in pairs(conf["permissions"]) do
+    if next(permission_infos['uris']) ~= nil then
+        for _, url in pairs(permission_infos['uris']) do
+            if string.starts(url, "re:") then
+                url = string.sub(url, 4, string.len(url))
+            end

+            local m = hlp.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
+            if m ~= nil and string.len(m) > string.len(longest_url_match) then
+                longest_url_match = m
+                permission = permission_infos
+                permission["id"] = permission_name
+            end
+        end
+    end
+end

 --
 --
@ -278,7 +312,6 @@ end
 --


-local permission = hlp.get_best_permission()

 if permission then
    if is_logged_in then
--- a/config.lua
+++ b/config.lua
@ -60,7 +60,8 @@ function get_config()
        allow_mail_authentication = true,
        default_language          = "en",
        theme                     = "default",
-        logging                   = "fatal" -- Only log fatal messages by default (so apriori nothing)
+        logging                   = "fatal", -- Only log fatal messages by default (so apriori nothing)
+        permissions               = {}
    }


--- a/helpers.lua
+++ b/helpers.lua
@ -296,34 +296,6 @@ function log_access(user, uri)
  end
 end

-function get_best_permission()
-    if not conf["permissions"] then
-        conf["permissions"] = {}
-    end
-
-    local permission_match = nil
-    local longest_url_match = ""
-    
-    for permission_name, permission in pairs(conf["permissions"]) do
-        if next(permission['uris']) ~= nil then
-            for _, url in pairs(permission['uris']) do
-                if string.starts(url, "re:") then
-                    url = string.sub(url, 4, string.len(url))
-                end
-
-                local m = match(ngx.var.host..ngx.var.uri..uri_args_string(), url)
-                if m ~= nil and string.len(m) > string.len(longest_url_match) then
-                    longest_url_match = m
-                    permission_match = permission
-                    logger.debug("Match "..m)
-                end
-            end
-        end
-    end
-
-    return permission_match
-end
-
 -- Check whether a user is allowed to access a URL using the `permissions` directive
 -- of the configuration file
 function has_access(permission, user)