On 09/30/2016 03:27 PM, sebb wrote:
> The Lua files contain lots of the following code in various versions:
>
> canUse = false
> if account then
> local lid = doc.list_raw:match("<[^.]+%.(.-)>")
> local flid = doc.list_raw:match("<([^.]+%..-)>")
> for k, v in pairs(rights or {}) do
> if v == "*" or v == lid or v == flid then
> canUse = true
> break
> end
> end
> end
>
> Seems to me that this code should be standardised and centralised.
>
> For example, the API could be:
>
> function checkAccess(r, doc, account, rights)
> -- account: if not provided, will be fetched from lib/user
> -- rights: if not provided, will be fetched from lib/aaa
> -- returns true/false
>
> However I'm not sure if there is an existing library module which is
> suitable, so I think it would be better to create a new one.
>
> Thoughts?
>
My immediate thought is...this sounds potentially expensive. the 'if not
provided, will be fetched' thing would mean we'd be doing a lot of calls
to user or aaa whenever this is called. But that could probably be
worked around.
Having said that, I think this should probably belong to AAA and be a
function you can override with the custom AAA lib. Thus, I think we
should do what we discussed elsewhere and make AAA.lua a wrapper that
also has this checkAccess thing defined before it loads whatever
overrides may exist, since different AAA libs may have different means
of deciding when a user can access an email - it may not be
listname-based access.
With regards,
Daniel.
