ponymail-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [2/3] incubator-ponymail git commit: Makes more sense to cache the rights
Date Fri, 16 Dec 2016 14:18:06 GMT
Makes more sense to cache the rights

Project: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/commit/758eee45
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/tree/758eee45
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ponymail/diff/758eee45

Branch: refs/heads/master
Commit: 758eee45876ad68e4e2a6389fe576dcb57684abe
Parents: 3453a44
Author: Sebb <sebb@apache.org>
Authored: Fri Dec 16 13:46:20 2016 +0000
Committer: Sebb <sebb@apache.org>
Committed: Fri Dec 16 13:46:20 2016 +0000

----------------------------------------------------------------------
 aaa_examples/aaa_with_ldap.lua | 41 ++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ponymail/blob/758eee45/aaa_examples/aaa_with_ldap.lua
----------------------------------------------------------------------
diff --git a/aaa_examples/aaa_with_ldap.lua b/aaa_examples/aaa_with_ldap.lua
index 8672683..4148bd6 100644
--- a/aaa_examples/aaa_with_ldap.lua
+++ b/aaa_examples/aaa_with_ldap.lua
@@ -17,6 +17,8 @@
 
 -- This is aaa_site.lua - site-specific AAA filter for ASF.
 
+local JSON = require 'cjson'
+
 -- Get a list of PMCs the user is a part of
 local function getPMCs(r, uid)
     local groups = {}
@@ -32,37 +34,29 @@ end
 -- Is $uid a member of the ASF?
 local function isMember(r, uid)
     
-    -- First, check the 30 minute cache
-    local NOWISH = math.floor(os.time() / 1800)
-    local MEMBER_KEY = "isMember_" .. NOWISH .. "_" .. uid
-    local t = r:ivm_get(MEMBER_KEY)
-    
-    -- If cached, then just return the value
-    if t then
-        return tonumber(t) == 1
-    
-    -- Otherwise, look in LDAP
-    else
-        local ldapdata = io.popen([[ldapsearch -x -LLL -b cn=member,ou=groups,dc=apache,dc=org]])
-        local data = ldapdata:read("*a")
-        for match in data:gmatch("memberUid: ([-a-z0-9_.]+)") do
-            -- Found it?
-            if match == uid then
-                -- Set cache
-                r:ivm_set(MEMBER_KEY, "1")
-                return true
-            end
+    local ldapdata = io.popen([[ldapsearch -x -LLL -b cn=member,ou=groups,dc=apache,dc=org]])
+    local data = ldapdata:read("*a")
+    for match in data:gmatch("memberUid: ([-a-z0-9_.]+)") do
+        -- Found it?
+        if match == uid then
+            return true
         end
     end
-    
-    -- Set cache
-    r:ivm_set(MEMBER_KEY, "0")
     return false
 end
 
 -- Get a list of domains the user has private email access to (or wildcard if org member)
 local function getRights(r, usr)
     local uid = usr.credentials.uid
+    
+    -- First, check the 30 minute cache
+    local NOWISH = math.floor(os.time() / 1800)
+    local USER_KEY = "aaa_rights_" .. NOWISH .. "_" .. uid
+    local t = r:ivm_get(USER_KEY)
+    if t then
+        return JSON.decode(t)
+    end
+
     local rights = {}
     -- Check if uid has member (admin) rights
     if usr.internal.admin or isMember(r, uid) then
@@ -74,6 +68,7 @@ local function getRights(r, usr)
             table.insert(rights, v .. ".apache.org")
         end
     end
+    r:ivm_set(USER_KEY, JSON.encode(rights))
     return rights
 end
 


Mime
View raw message