Module:Layout/Production/Interface/Security

(MediaWiki:Scribunto-doc-page-show)


 Deze module is nog in ontwikkeling (versie 0.0) en wordt getest.

De Module:Layout is bedoeld om snel, consistent en uitgebreid een pagina op te maken.

Er is een op de module afgestemde handleiding over deze onderwijswiki beschikbaar.


De module wordt geïnitialiseerd met de configuratie in Module:Layout/Production/Configuration.

Controleer op scriptfouten, lintfouten of opmaak notificaties.

Test

Deze module wordt getest door Module:Layout/Production/Test/Security.

All 4 tests are ok.

	Name	Expected	Actual
	test_security_authentication
	test_security_declaration
	test_security_frisk
	test_security_scan

Code

-- This submodule checks all the input passed to Module:Layout. 
-- If an input is invalid this submodule will default it to allow correct proceeding.
-- Any mistake found will be reported to the user.
-- This submodle will set call.pass to false to prevent the system to be launched.
local security = {};
local frisk = {};
local report = {};

-- This function checks the identity of the calling pages.
-- Only passage is granted to a call by the correct interface template.
function security.authentication( call )
	call.add_new_debug( call.message.DEBUG.INVOKER, tostring( call.invoker ), report.debugging( call ) );
	if ( call.invoker ~= call.template ) then
        call.add_new_mistake ( call.message.MISTAKE.NO_INTERFACE_TEMPLATE );
        call.add_debug( call.message.DEBUG.NO_INTERFACE_TEMPLATE );
	end
    return call;
end

function security.declaration( call )
	-- The functions from other modules that are used in this function
	local array  = call.include( "array" );

    -- Loop over named parameters
    for key, value in pairs( call.named ) do
    	-- The parameter should be listed in the configuration setting hook.PARAMETER
        if not array.search( call.hook.PARAMETER, key ) then 
        	call.add_new_mistake ( call.message.MISTAKE.WRONG.INVOKE_PARAMETER, key, key, value );
        end
    end
	return call;
end

-- This function frisks all the parameters that are added by the frame on their values.
function security.frisk( call )
	-- The functions from other modules that are used in this function
	local array, frisk  = call.include( "array", "frisk" );

    local mistakes_before_value_check = #call.mistake;
	for _, parameter in ipairs( call.hook.PARAMETER ) do
		-- Protect the call object for being changed by the frisk so no other wiki-objects are infected accidentaly
		-- The frisks should only return the result not change anything it frisks.
		local call_clone = array.copy( call );
        if frisk[ parameter ]( call_clone ) then
        	call.add_new_mistake( frisk[ parameter ]( call_clone ) );
        end
	end
	local value_mistake = #call.mistake - mistakes_before_value_check;

    if value_mistake == 0 then call.add_debug( call.message.DEBUG.VALUES_OK ); end
	if value_mistake == 1 then call.add_mistake( call.message.DEBUG.VALUE_MISTAKE ); end
    if value_mistake > 1  then call.add_mistake( call.message.DEBUG.VALUE_MISTAKES, value_mistake ); end
    return call;
end

-- This function checks the original call to the template
-- This call has the parameters named in the installed language in stead of the names used in this application.
-- Be aware that we are not able to know if the template has been called multiple times in the page
-- which one is the one we need. So we just check everyone.
function security.scan( call ) -- returns call object with security information
	-- The functions from other modules that are used in this function
	local extract, array  = call.include( "extract", "array" );

 	-- A strange thing can happen that a doc page is returning it's module content 
 	-- and if in it are strings containing template defintions it will produce unwanted results.
-- 	if call.caller:inNamespace( "Module" ) and call.caller.subpageText ~= "doc" then return call; end
 	
    call.add_new_debug( call.message.DEBUG.CALLER,  tostring( call.invoker), tostring( call.caller ) );

    local caller_content =  call.caller:getContent();
    local calling_templates = extract.template( caller_content, call.message.TEMPLATENAME, call );
    local parameter_mistake = {};
    for index, value in ipairs( calling_templates ) do
     	for key, v in pairs( value ) do
     		-- We only check the named arguments of the string because the unnamed parameters are free to use up to this point
     		-- and see if they are hooked as valid parameters in the configuration of the language.
     		-- Allow case-insensitive values for the parameters 
            if not tonumber( key ) and not array.search( call.message.HOOK.PARAMETER, key, true ) then
            	parameter_mistake[ #parameter_mistake + 1 ] = key;
		    	call.add_new_mistake( call.message.MISTAKE.WRONG.TEMPLATE_PARAMETER, key, key, v, table.concat( call.message.HOOK.PARAMETER, ", ") );
            end
        end
    end
    -- The mistakes are already stored. The debug reports only the number of mistakes found.
    if #parameter_mistake == 0 then call.add_debug( call.message.DEBUG.PARAMETERS_OK ); end
    if #parameter_mistake == 1 then call.add_debug( call.message.DEBUG.PARAMETER_MISTAKE, parameter_mistake[1] ); end
    if #parameter_mistake > 1  then call.add_debug( call.message.DEBUG.PARAMETER_MISTAKES, #parameter_mistake, table.concat( parameter_mistake, ", ") ); end
    return call;
end

-- Construct a template call as the module would have received it so the user can check if he used wrong named parameters
function report.debugging( call )
	local call_string = "{{#invoke:Layout|main";
    -- loop over named parameters
    for key, value in pairs( call.named ) do
        call_string = call_string .. "|" .. key .. "=" .. value;
    end

    -- loop over unnamed parameters
    for _, value in ipairs( call.unnamed ) do
        call_string = call_string .. "|" .. value;
    end
    return call_string .. "}}";
end

return security;