You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ponymail.apache.org by sebb <se...@gmail.com> on 2016/09/30 13:27:26 UTC

DRY: checking access rights to an email document

The Lua files contain lots of the following code in various versions:

canUse = false
if account then
    local lid = doc.list_raw:match("<[^.]+%.(.-)>")
    local flid = doc.list_raw:match("<([^.]+%..-)>")
    for k, v in pairs(rights or {}) do
        if v == "*" or v == lid or v == flid then
            canUse = true
            break
        end
    end
end

Seems to me that this code should be standardised and centralised.

For example, the API could be:

function checkAccess(r, doc, account, rights)
-- account: if not provided, will be fetched from lib/user
-- rights: if not provided, will be fetched from lib/aaa
-- returns true/false

However I'm not sure if there is an existing library module which is
suitable, so I think it would be better to create a new one.

Thoughts?

Re: DRY: checking access rights to an email document

Posted by sebb <se...@gmail.com>.

On 30 September 2016 at 14:35, Daniel Gruno <hu...@apache.org> wrote:
> On 09/30/2016 03:27 PM, sebb wrote:
>> The Lua files contain lots of the following code in various versions:
>>
>> canUse = false
>> if account then
>>     local lid = doc.list_raw:match("<[^.]+%.(.-)>")
>>     local flid = doc.list_raw:match("<([^.]+%..-)>")
>>     for k, v in pairs(rights or {}) do
>>         if v == "*" or v == lid or v == flid then
>>             canUse = true
>>             break
>>         end
>>     end
>> end
>>
>> Seems to me that this code should be standardised and centralised.
>>
>> For example, the API could be:
>>
>> function checkAccess(r, doc, account, rights)
>> -- account: if not provided, will be fetched from lib/user
>> -- rights: if not provided, will be fetched from lib/aaa
>> -- returns true/false
>>
>> However I'm not sure if there is an existing library module which is
>> suitable, so I think it would be better to create a new one.
>>
>> Thoughts?
>>
>
> My immediate thought is...this sounds potentially expensive. the 'if not
> provided, will be fetched' thing would mean we'd be doing a lot of calls
> to user or aaa whenever this is called. But that could probably be
> worked around.

The caller can provide the account and rights values, so the caller
can provide a cached value.
However if the caller does not need to cache the values then it could
let the function do it.
That's why the params are optional.
At present most of the modules only cache the values for the duration
of the request, and if they only process a single document then any
fetching might as well be done by the common function.

> Having said that, I think this should probably belong to AAA and be a
> function you can override with the custom AAA lib. Thus, I think we
> should do what we discussed elsewhere and make AAA.lua a wrapper that
> also has this checkAccess thing defined before it loads whatever
> overrides may exist, since different AAA libs may have different means
> of deciding when a user can access an email - it may not be
> listname-based access.

In which case, I think it only makes sense to provide a checkAccess() function.

Any table returned by getRights() will only make sense in the context
of the AAA module.
The only reason for returning the table would be to allow the calling
code to cache the value.

But maybe there is a way to safely cache the account/rights?
e.g. would r.notes be suitable?

> With regards,
> Daniel.

Re: DRY: checking access rights to an email document

Posted by Daniel Gruno <hu...@apache.org>.

On 09/30/2016 03:27 PM, sebb wrote:
> The Lua files contain lots of the following code in various versions:
> 
> canUse = false
> if account then
>     local lid = doc.list_raw:match("<[^.]+%.(.-)>")
>     local flid = doc.list_raw:match("<([^.]+%..-)>")
>     for k, v in pairs(rights or {}) do
>         if v == "*" or v == lid or v == flid then
>             canUse = true
>             break
>         end
>     end
> end
> 
> Seems to me that this code should be standardised and centralised.
> 
> For example, the API could be:
> 
> function checkAccess(r, doc, account, rights)
> -- account: if not provided, will be fetched from lib/user
> -- rights: if not provided, will be fetched from lib/aaa
> -- returns true/false
> 
> However I'm not sure if there is an existing library module which is
> suitable, so I think it would be better to create a new one.
> 
> Thoughts?
> 

My immediate thought is...this sounds potentially expensive. the 'if not
provided, will be fetched' thing would mean we'd be doing a lot of calls
to user or aaa whenever this is called. But that could probably be
worked around.

Having said that, I think this should probably belong to AAA and be a
function you can override with the custom AAA lib. Thus, I think we
should do what we discussed elsewhere and make AAA.lua a wrapper that
also has this checkAccess thing defined before it loads whatever
overrides may exist, since different AAA libs may have different means
of deciding when a user can access an email - it may not be
listname-based access.

With regards,
Daniel.