Module:Layout/Production/Interface/Security
Uiterlijk
Deze module is nog in ontwikkeling (versie 0.0) en wordt getest.
De Module:Layout is bedoeld om snel, consistent en uitgebreid een pagina op te maken.
Er is een op de module afgestemde handleiding over deze onderwijswiki beschikbaar.
De module wordt geïnitialiseerd met de configuratie in Module:Layout/Production/Configuration.
Test
[bewerken]Deze module wordt getest door Module:Layout/Production/Test/Security.
All 4 tests are ok.
Name | Expected | Actual | |
---|---|---|---|
test_security_authentication | |||
test_security_declaration | |||
test_security_frisk | |||
test_security_scan |
Code
[bewerken]-- This submodule checks all the input passed to Module:Layout.
-- If an input is invalid this submodule will default it to allow correct proceeding.
-- Any mistake found will be reported to the user.
-- This submodle will set call.pass to false to prevent the system to be launched.
local security = {};
local frisk = {};
local report = {};
-- This function checks the identity of the calling pages.
-- Only passage is granted to a call by the correct interface template.
function security.authentication( call )
call.add_new_debug( call.message.DEBUG.INVOKER, tostring( call.invoker ), report.debugging( call ) );
if ( call.invoker ~= call.template ) then
call.add_new_mistake ( call.message.MISTAKE.NO_INTERFACE_TEMPLATE );
call.add_debug( call.message.DEBUG.NO_INTERFACE_TEMPLATE );
end
return call;
end
function security.declaration( call )
-- The functions from other modules that are used in this function
local array = call.include( "array" );
-- Loop over named parameters
for key, value in pairs( call.named ) do
-- The parameter should be listed in the configuration setting hook.PARAMETER
if not array.search( call.hook.PARAMETER, key ) then
call.add_new_mistake ( call.message.MISTAKE.WRONG.INVOKE_PARAMETER, key, key, value );
end
end
return call;
end
-- This function frisks all the parameters that are added by the frame on their values.
function security.frisk( call )
-- The functions from other modules that are used in this function
local array, frisk = call.include( "array", "frisk" );
local mistakes_before_value_check = #call.mistake;
for _, parameter in ipairs( call.hook.PARAMETER ) do
-- Protect the call object for being changed by the frisk so no other wiki-objects are infected accidentaly
-- The frisks should only return the result not change anything it frisks.
local call_clone = array.copy( call );
if frisk[ parameter ]( call_clone ) then
call.add_new_mistake( frisk[ parameter ]( call_clone ) );
end
end
local value_mistake = #call.mistake - mistakes_before_value_check;
if value_mistake == 0 then call.add_debug( call.message.DEBUG.VALUES_OK ); end
if value_mistake == 1 then call.add_mistake( call.message.DEBUG.VALUE_MISTAKE ); end
if value_mistake > 1 then call.add_mistake( call.message.DEBUG.VALUE_MISTAKES, value_mistake ); end
return call;
end
-- This function checks the original call to the template
-- This call has the parameters named in the installed language in stead of the names used in this application.
-- Be aware that we are not able to know if the template has been called multiple times in the page
-- which one is the one we need. So we just check everyone.
function security.scan( call ) -- returns call object with security information
-- The functions from other modules that are used in this function
local extract, array = call.include( "extract", "array" );
-- A strange thing can happen that a doc page is returning it's module content
-- and if in it are strings containing template defintions it will produce unwanted results.
-- if call.caller:inNamespace( "Module" ) and call.caller.subpageText ~= "doc" then return call; end
call.add_new_debug( call.message.DEBUG.CALLER, tostring( call.invoker), tostring( call.caller ) );
local caller_content = call.caller:getContent();
local calling_templates = extract.template( caller_content, call.message.TEMPLATENAME, call );
local parameter_mistake = {};
for index, value in ipairs( calling_templates ) do
for key, v in pairs( value ) do
-- We only check the named arguments of the string because the unnamed parameters are free to use up to this point
-- and see if they are hooked as valid parameters in the configuration of the language.
-- Allow case-insensitive values for the parameters
if not tonumber( key ) and not array.search( call.message.HOOK.PARAMETER, key, true ) then
parameter_mistake[ #parameter_mistake + 1 ] = key;
call.add_new_mistake( call.message.MISTAKE.WRONG.TEMPLATE_PARAMETER, key, key, v, table.concat( call.message.HOOK.PARAMETER, ", ") );
end
end
end
-- The mistakes are already stored. The debug reports only the number of mistakes found.
if #parameter_mistake == 0 then call.add_debug( call.message.DEBUG.PARAMETERS_OK ); end
if #parameter_mistake == 1 then call.add_debug( call.message.DEBUG.PARAMETER_MISTAKE, parameter_mistake[1] ); end
if #parameter_mistake > 1 then call.add_debug( call.message.DEBUG.PARAMETER_MISTAKES, #parameter_mistake, table.concat( parameter_mistake, ", ") ); end
return call;
end
-- Construct a template call as the module would have received it so the user can check if he used wrong named parameters
function report.debugging( call )
local call_string = "{{#invoke:Layout|main";
-- loop over named parameters
for key, value in pairs( call.named ) do
call_string = call_string .. "|" .. key .. "=" .. value;
end
-- loop over unnamed parameters
for _, value in ipairs( call.unnamed ) do
call_string = call_string .. "|" .. value;
end
return call_string .. "}}";
end
return security;