liquid_feedback_frontend
view model/session.lua @ 1507:103ed34037ed
Added search by role to member API endpoint
| author | bsw | 
|---|---|
| date | Fri Jul 31 12:26:37 2020 +0200 (2020-07-31) | 
| parents | 3e9b0f1adec3 | 
| children | f1258993d993 | 
 line source
     1 Session = mondelefant.new_class()
     2 Session.table = 'session'
     3 Session.primary_key = { 'ident' } 
     5 Session:add_reference{
     6   mode          = 'm1',
     7   to            = "Member",
     8   this_key      = 'member_id',
     9   that_key      = 'id',
    10   ref           = 'member',
    11 }
    13 Session:add_reference{
    14   mode          = 'm1',
    15   to            = "Member",
    16   this_key      = 'real_member_id',
    17   that_key      = 'id',
    18   ref           = 'real_member',
    19 }
    21 local secret_length = 24
    22 local secret_alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
    23 local secret_purposes = { "oauth", "_other" }
    24 for idx, purpose in ipairs(secret_purposes) do
    25   secret_purposes[purpose] = idx
    26 end
    28 local function random_string(length_multiplier)
    29   return multirand.string(
    30     secret_length * (length_multiplier or 1),
    31     secret_alphabet
    32   )
    33 end
    35 function Session:new()
    36   local session = self.prototype.new(self)  -- super call
    37   session.ident             = random_string()
    38   session.additional_secret = random_string(#secret_purposes)
    39   session:save()
    40   return session
    41 end
    43 function Session.object:additional_secret_for(purpose)
    44   local use_hash = false
    45   local idx = secret_purposes[purpose]
    46   if not idx then
    47     idx = assert(secret_purposes._other, "No other secrets supported")
    48     use_hash = true
    49   end
    50   local from_pos = secret_length * (idx-1) + 1
    51   local to_pos = from_pos + secret_length - 1
    52   local secret = string.sub(self.additional_secret, from_pos, to_pos)
    53   if #secret ~=  secret_length then
    54     self:destroy()
    55     error("Session state invalid")
    56   end
    57   if use_hash then
    58     local moonhash = require "moonhash"  -- TODO: auto loader for libraries in WebMCP?
    59     secret = moonhash.shake256(secret .. "\0" .. purpose, secret_length, secret_alphabet)
    60   end
    61   return secret
    62 end
    64 function Session:by_ident(ident)
    65   local selector = self:new_selector()
    66   selector:add_where{ 'ident = ?', ident }
    67   selector:add_field{ 'authority_uid' }
    68   selector:optional_object_mode()
    69   return selector:exec()
    70 end
    72 function Session.object:has_access(level)
    73   if level == "member" then
    74     if app.session.member_id then
    75       return true
    76     else
    77       return false
    78     end
    80   elseif level == "everything" then
    81     if self:has_access("member") or config.public_access == "everything" then
    82       return true
    83     else
    84       return false
    85     end
    87   elseif level == "all_pseudonymous" then
    88     if self:has_access("everything") or config.public_access == "all_pseudonymous" then
    89       return true
    90     else
    91       return false
    92     end
    94   elseif level == "authors_pseudonymous" then
    95     if self:has_access("all_pseudonymous") or config.public_access == "authors_pseudonymous" then
    96       return true
    97     else
    98       return false
    99     end
   101   elseif level == "anonymous" then
   102     if self:has_access("authors_pseudonymous") or config.public_access == "anonymous" then
   103       return true
   104     else
   105       return false
   106     end
   108   end
   110   error("invalid access level")
   111 end
