Working version for node v0.6.11

lib/Menu.js

@@ -16,7 +16,9 @@ var rootpath = process.cwd() + '/',
   path = require('path'),
   sys = require('sys'),
   utils = require('connect').utils,
-  merge = utils.merge;
+  merge = utils.merge,
+  calipso = require(path.join(rootpath, 'lib/calipso')),
+  PermissionFilter = require(path.join(rootpath, 'lib/Permission')).PermissionFilter;
 
 /**
  * Exports
@@ -63,13 +65,32 @@ CalipsoMenu.prototype.setOptions = function(options) {
  * url: '/admin'  -- Url to use as link
  * security: [/admin/,"bob"] -- regex based on user role
  */
-CalipsoMenu.prototype.addMenuItem = function(options) {
+CalipsoMenu.prototype.addMenuItem = function(req, options) {
 
   var self = this;
 
+  // The req parameter was added in 0.3.0, if not passed, assuming options only
+  if(options === undefined) calipso.error("Attempting to add menu item with invalid params, please update your module for the 0.3.0 api, path: " + req.path);
+
   // Refresh the reference, as it is initially loaded at startup
   var calipso = require(path.join(rootpath, 'lib/calipso'));
 
+  // Check security
+  if(options.permit) {
+    var permitFn = new PermissionFilter(options.path, options.permit), 
+        permit = permitFn.check(req);
+
+    if(typeof permit !== "object") return;
+    if(!permit.allow) return;
+  }
+  // Admin security is opposite to default
+  if(self.name === 'admin') {
+    var isAdmin = req.session.user && req.session.user.isAdmin;
+    // Admin by default is not shown unless permitted
+    if (!options.permit && !isAdmin)
+     return;
+  }
+
   // Split the path, traverse items and add menuItems.
   // If you add a child prior to parent, then create the parent.
   var newItem = self.createPath(options,options.path.split("/"));
@@ -150,6 +171,9 @@ CalipsoMenu.prototype.render = function(req, depth) {
 
   var self = this;
 
+  // If the menu is empty, render nothing
+  if (self.sortedChildren.length === 0) return '';
+
   // Get selected items
   var selected = self.selected(req);
 

lib/Permission.js

@@ -25,14 +25,20 @@ function PermissionFilter(route, permit) {
 PermissionFilter.prototype.check = function(req) {
 
   if(this.permit) {
+
     var user = req.session.user;
+    var isAdmin = req.session.user && req.session.user.isAdmin;
+    if(isAdmin) return {allow:true}; // Admins always access everything
+
+    // Else check for a specific permission
     if(user) {
       return this.permit(user);
     } else {
       return {allow:false, msg:'You must be a logged in user to view that page'};
     }
+
   } else {
-      return {allow:true};
+    return {allow:true};
   }
 
 }
@@ -46,31 +52,75 @@ var PermissionHelpers = {
   // Holder of defined permissions
   permissions: {},
   sortedPermissions: [],
+  structuredPermissions: {},
+
+  // Clear all oaded permissions
+  clearPermissionRoles: function() {
+
+     var self = this;
+     for(var perm in self.permissions) {
+       delete self.permissions[perm].roles;
+       self.permissions[perm].roles = [];
+     }
+
+  },
 
   // Add a permission
   addPermission: function(permission, description, isCrud) {
 
     var self = this, calipso = require(path.join(rootpath, 'lib/calipso'));
 
-    // Add Permission always resets it if it already exists
-    self.permissions[permission] = {roles: [], queries:[], description: description};
-    self.sortedPermissions.push(permission);
-
     // if Crud, automatically add level below
-    calipso.lib._.map(["create","view","update","delete"], function(crudAction) {
-      var crudPermission = permission + ":" + crudAction;
-      self.permissions[crudPermission] = {roles: [], queries:[], description: description};
-      self.sortedPermissions.push(crudPermission);
-    })
+    if(isCrud) {
+      calipso.lib._.map(["view","create","update","delete"], function(crudAction) {
+        var crudPermission = permission + ":" + crudAction;
+        self.permissions[crudPermission] = {roles: [], queries:[], description: description};
+        self.sortedPermissions.push(crudPermission);
+      })
+    } else {
+
+      // Add Permission always resets it if it already exists
+      self.permissions[permission] = {roles: [], queries:[], description: description};
+      self.sortedPermissions.push(permission);
+
+    }
 
+  },
+
+  structureAndSort: function() {
+
+    var self = this;
+
+    // This could be done by the permissions module
     self.sortedPermissions.sort(function(a,b) {
       return a < b;
     });
 
+    // Now we need to create our permissions object structure
+    self.sortedPermissions.forEach(function(value) {
+
+      var path = value.split(":"), target = self.structuredPermissions, counter = 0;
+
+      while (path.length > 1) {
+        key = path.shift();
+        if (!target[key] || typeof target[key] !== 'object') {
+          target[key] = {};
+        }
+        target = target[key];
+      }
+
+      // Set the specified value in the nested JSON structure
+      key = path.shift();
+      if(typeof target[key] !== "object") {
+        target[key] = self.permissions[value].roles;
+      }
+
+    });
+
   },
 
   // Add a map between role / permission (this is loaded via the user module)
-  addRolePermission: function(role, permission) {
+  addPermissionRole: function(permission, role) {
 
     var self = this, calipso = require(path.join(rootpath, 'lib/calipso'));
 
@@ -79,7 +129,7 @@ var PermissionHelpers = {
       self.permissions[permission].roles.push(role);
       return true;
     } else {
-      calipso.error("Attempted to map role: " + role + " to a permission: " + permission +" that does not exist (perhaps related to a disabled module?).");
+      calipso.warn("Attempted to map role: " + role + " to a permission: " + permission +" that does not exist (perhaps related to a disabled module?).");
       return false;
     }
 
@@ -96,18 +146,19 @@ var PermissionHelpers = {
 
   // Does a user have a permission
   hasPermission: function(permission) {
-
-    var self = this, calipso = require(path.join(rootpath, 'lib/calipso'));
-    var permissionRoles = self.permissions[permission] ? self.permissions[permission].roles : [];
-
+
+    var self = this;
+
     // Curried filter
     return function(user) {
 
+      var calipso = require(path.join(rootpath, 'lib/calipso'));
+
       // Check if the user has a role that maps to the permission
-      var userRoles = user.roles;
+      var userRoles = user.roles, permissionRoles = self.permissions[permission] ? self.permissions[permission].roles : [];
 
       // Check if allowed based on intersection of user roles and roles that have permission
-      var isAllowed = calipso.lib._.intersect(permissionRoles,userRoles).length > 0;
+      var isAllowed = calipso.lib._.intersect(permissionRoles, userRoles).length > 0;
 
       return {allow:isAllowed, msg:'You do not have any of the roles required to view this page or perform that action'};
     }

lib/Router.js

@@ -177,7 +177,7 @@ var Router = function (moduleName, modulePath) {
                 res.layout = "admin";
               }
 
-              // Check to see if it requires admin access
+              /* Check to see if it requires admin access
               var isAdmin = req.session.user && req.session.user.isAdmin;
               if (route.admin && !isAdmin) {
                 req.flash('error', req.t('You need to be an administrative user to view that page.'));
@@ -195,7 +195,7 @@ var Router = function (moduleName, modulePath) {
                 res.redirect("/");
                 group()();
                 return;
-              }
+              }*/
 
               // Check to see if it requires logged in user access
               if (route.permit) {

modules/core/admin/admin.js

@@ -15,13 +15,17 @@ exports = module.exports = {
  */
 function route(req, res, module, app, next) {
 
+  // Config helpers
+  var corePermit = calipso.permissions.hasPermission("admin:core:configuration"),
+      cachePermit = calipso.permissions.hasPermission("admin:core:cache");
+
   // Menu items
-  res.menu.admin.addMenuItem({name:'Administration',path:'admin',url:'/admin',description:'Calipso administration ...',security:[]});
-  res.menu.admin.addMenuItem({name:'Calipso Core',path:'admin/core',url:'/admin',description:'Manage core settings for Calipso ...',security:[]});
-  res.menu.admin.addMenuItem({name:'Configuration Options',path:'admin/core/config',url:'/admin/core/config',description:'Core configuration ...',security:[]});
-  res.menu.admin.addMenuItem({name:'View Languages',path:'admin/core/languages',url:'/admin/core/languages',description:'Languages ...',security:[]});
-  res.menu.admin.addMenuItem({name:'View Cache',path:'admin/core/cache',url:'/admin/core/cache',description:'Cache ...',security:[]});
-  res.menu.admin.addMenuItem({name:'Clear Cache',path:'admin/core/cache/clear',url:'/admin/core/cache/clear',description:'Clear Cache ...',security:[]});
+  res.menu.admin.addMenuItem(req, {name:'Administration',path:'admin',url:'/admin',description:'Calipso administration ...',permit:corePermit});
+  res.menu.admin.addMenuItem(req, {name:'Calipso Core',path:'admin/core',url:'/admin',description:'Manage core settings for Calipso ...',permit:corePermit});
+  res.menu.admin.addMenuItem(req, {name:'Configuration Options',path:'admin/core/config',url:'/admin/core/config',description:'Core configuration ...',permit:corePermit});
+  res.menu.admin.addMenuItem(req, {name:'View Languages',path:'admin/core/languages',url:'/admin/core/languages',description:'Languages ...',permit:corePermit});
+  res.menu.admin.addMenuItem(req, {name:'View Cache',path:'admin/core/cache',url:'/admin/core/cache',description:'Cache ...',permit:cachePermit});
+  res.menu.admin.addMenuItem(req, {name:'Clear Cache',path:'admin/core/cache/clear',url:'/admin/core/cache/clear',description:'Clear Cache ...',permit:cachePermit});
 
   // Routing and Route Handler
   module.router.route(req, res, next);
@@ -40,48 +44,61 @@ function init(module, app, next) {
   // Add listener to config_update
   calipso.e.post('CONFIG_UPDATE',module.name,calipso.reloadConfig);
 
+  calipso.permissions.addPermission("admin:core:configuration","Manage core configuration.");
+  calipso.permissions.addPermission("admin:core:cache","View and clear cache.");
+
   // Admin routes
   calipso.lib.step(
 
   function defineRoutes() {
 
+    // Permissions
+    var corePermit = calipso.permissions.hasPermission("admin:core:configuration"),
+        cachePermit = calipso.permissions.hasPermission("admin:core:cache");
+
     // Core Administration dashboard
     module.router.addRoute('GET /admin', showAdmin, {
       template: 'admin',
       block: 'admin.show',
-      admin: true
+      admin: true,
+      permit: corePermit
     }, this.parallel());
 
     // Core configuration
     module.router.addRoute('GET /admin/core/config', coreConfig, {
       block: 'admin.show',
-      admin: true
+      admin: true,
+      permit: corePermit
     }, this.parallel());
 
     module.router.addRoute('POST /admin/core/config/save', saveAdmin, {
-      admin: true
+      admin: true,
+      permit: corePermit
     }, this.parallel());
 
     module.router.addRoute('GET /admin/core/cache', showCache, {
       admin: true,
       template:'cache',
-      block:'admin.cache'
+      block:'admin.cache',
+      permit: cachePermit
     }, this.parallel());
 
     module.router.addRoute('GET /admin/core/cache/clear', clearCache, {
       admin: true,
       template:'cache',
-      block:'admin.cache'
+      block:'admin.cache',
+      permit: cachePermit
     }, this.parallel());
 
     module.router.addRoute('GET /admin/core/languages', showLanguages, {
       admin: true,
       template:'languages',
       block:'admin.languages',
+      permit: corePermit
     }, this.parallel());
 
 
-    // Default installation routers
+    // Default installation routers - only accessible in install mode
     module.router.addRoute('GET /admin/install', install, null, this.parallel());
     module.router.addRoute('POST /admin/install', install, null, this.parallel());
     module.router.addRoute('POST /admin/installTest/mongo', installMongoTest, null, this.parallel());