ponymail-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject incubator-ponymail git commit: Bug: lib/aaa.lua various bugs
Date Thu, 08 Dec 2016 00:15:23 GMT
Repository: incubator-ponymail
Updated Branches:
  refs/heads/master f4cffef51 -> d1eaa36b0


Bug: lib/aaa.lua various bugs

This relates to #140
Some bugs still remain, but the code is at least usable

Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/d1eaa36b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/d1eaa36b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/d1eaa36b

Branch: refs/heads/master
Commit: d1eaa36b064994d0db43181fbd7423696c7df6e4
Parents: f4cffef
Author: Sebb <sebb@apache.org>
Authored: Thu Dec 8 00:15:11 2016 +0000
Committer: Sebb <sebb@apache.org>
Committed: Thu Dec 8 00:15:11 2016 +0000

----------------------------------------------------------------------
 site/api/lib/aaa.lua | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/d1eaa36b/site/api/lib/aaa.lua
----------------------------------------------------------------------
diff --git a/site/api/lib/aaa.lua b/site/api/lib/aaa.lua
index 0188137..4d0de9f 100644
--- a/site/api/lib/aaa.lua
+++ b/site/api/lib/aaa.lua
@@ -17,6 +17,8 @@
 
 -- This is aaa.lua - AAA filter for ASF.
 
+local config = require 'lib/config'
+
 -- Get a list of PMCs the user is a part of
 function getPMCs(r, uid)
     local groups = {}
@@ -62,14 +64,24 @@ end
 
 -- Get a list of domains the user has private email access to (or wildcard if org member)
 function getRights(r, usr)
-    local xuid = usr.uid or usr.email or "|||"
-    uid = xuid:match("([-a-zA-Z0-9._]+)") -- whitelist
+    if not usr.credentials then
+        return {}
+    end
+
+    local xuid = usr.credentials.uid or usr.credentials.email or "|||"
+    local uid = xuid:match("([-a-zA-Z0-9._]+)") -- whitelist
     local rights = {}
     -- bad char in uid?
     if not uid or xuid ~= uid then
         return rights
     end
-    
+
+    -- Check that we used oauth, bail if not
+    local oauth_domain = usr.internal and usr.internal.oauth_used or nil
+    if not oauth_domain then
+        return {}
+    end
+
     -- check if oauth was through an oauth portal that can give privacy rights
     local authority = false
     for k, v in pairs(config.admin_oauth or {}) do
@@ -84,7 +96,7 @@ function getRights(r, usr)
     end
     
     -- Check if uid has member (admin) rights
-    if usr.admin or isMember(r, uid) then
+    if usr.internal.admin or isMember(r, uid) then
         table.insert(rights, "*")
     -- otherwise, get PMC list and construct array
     else


Mime
View raw message