From e2025dcb099c3bc491d5b18476154fe0ab2ffe26 Mon Sep 17 00:00:00 2001
From: Stan Grishin <stangri@melmac.net>
Date: Mon, 21 Sep 2020 18:34:05 +0000
Subject: [PATCH] luci-app-vpnbypass: ACL update

Signed-off-by: Stan Grishin <stangri@melmac.net>
---
 applications/luci-app-vpnbypass/Makefile      |  2 +-
 .../luasrc/controller/vpnbypass.lua           | 26 +++++++-----
 .../luasrc/model/cbi/vpnbypass.lua            | 18 ++++++++-
 .../po/templates/vpnbypass.pot                | 40 ++++++++++---------
 .../share/rpcd/acl.d/luci-app-vpnbypass.json  | 37 +++++++++++++++--
 5 files changed, 88 insertions(+), 35 deletions(-)

diff --git a/applications/luci-app-vpnbypass/Makefile b/applications/luci-app-vpnbypass/Makefile
index 2795244935..230963623c 100644
--- a/applications/luci-app-vpnbypass/Makefile
+++ b/applications/luci-app-vpnbypass/Makefile
@@ -10,7 +10,7 @@ LUCI_TITLE:=VPN Bypass Web UI
 LUCI_DESCRIPTION:=Provides Web UI for VPNBypass service.
 LUCI_DEPENDS:=+luci-compat +luci-mod-admin-full +vpnbypass
 LUCI_PKGARCH:=all
-PKG_RELEASE:=19
+PKG_RELEASE:=20
 
 include ../../luci.mk
 
diff --git a/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua b/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua
index 0de6ff6481..057aee787f 100644
--- a/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua
+++ b/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua
@@ -3,26 +3,32 @@ function index()
 	if nixio.fs.access("/etc/config/vpnbypass") then
 		local e = entry({"admin", "vpn"}, firstchild(), _("VPN"), 60)
 		e.dependent = false
-
-		entry({"admin", "vpn", "vpnbypass"}, cbi("vpnbypass"), _("VPN Bypass")).acl_depends = { "luci-app-vpnbypass" }
+		e.acl_depends = { "luci-app-vpnbypass" }
+		entry({"admin", "vpn", "vpnbypass"}, cbi("vpnbypass"), _("VPN Bypass"))
 		entry({"admin", "vpn", "vpnbypass", "action"}, call("vpnbypass_action"), nil).leaf = true
 	end
 end
 
 function vpnbypass_action(name)
 	local packageName = "vpnbypass"
+	local http = require "luci.http"
+	local sys = require "luci.sys"
+	local uci = require "luci.model.uci".cursor()
+	local util = require "luci.util"
 	if name == "start" then
-		luci.sys.init.start(packageName)
+		sys.init.start(packageName)
 	elseif name == "action" then
-		luci.util.exec("/etc/init.d/" .. packageName .. " restart >/dev/null 2>&1")
-		luci.util.exec("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
+		util.exec("/etc/init.d/" .. packageName .. " restart >/dev/null 2>&1")
+		util.exec("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
 	elseif name == "stop" then
-		luci.sys.init.stop(packageName)
+		sys.init.stop(packageName)
 	elseif name == "enable" then
-		luci.util.exec("uci set " .. packageName .. ".config.enabled=1; uci commit " .. packageName)
+		uci:set(packageName, "config", "enabled", "1")
+		uci:commit(packageName)
 	elseif name == "disable" then
-		luci.util.exec("uci set " .. packageName .. ".config.enabled=0; uci commit " .. packageName)
+		uci:set(packageName, "config", "enabled", "0")
+		uci:commit(packageName)
 	end
-	luci.http.prepare_content("text/plain")
-	luci.http.write("0")
+	http.prepare_content("text/plain")
+	http.write("0")
 end
diff --git a/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua b/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua
index 8a70bd1bb9..ed9599c90e 100644
--- a/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua
+++ b/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua
@@ -4,8 +4,22 @@ local sys = require "luci.sys"
 local util = require "luci.util"
 local packageName = "vpnbypass"
 
-local packageVersion, statusText = nil, nil 
-packageVersion = tostring(util.trim(sys.exec("opkg list-installed " .. packageName .. " | awk '{print $3}'"))) or ""
+function getPackageVersion()
+	local opkgFile = "/usr/lib/opkg/status"
+	local line
+	local flag = false
+	for line in io.lines(opkgFile) do
+		if flag then
+			return line:match('[%d%.$-]+') or ""
+		elseif line:find("Package: " .. packageName:gsub("%-", "%%%-")) then
+			flag = true
+		end
+	end
+	return ""
+end
+
+local packageVersion = getPackageVersion()
+local statusText = nil 
 if packageVersion == "" then
 	statusText = translatef("%s is not installed or not found", packageName)
 end
diff --git a/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot b/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot
index 38e442adb9..abbe198229 100644
--- a/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot
+++ b/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot
@@ -1,11 +1,11 @@
 msgid ""
 msgstr "Content-Type: text/plain; charset=UTF-8"
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:26
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:40
 msgid "%s (disabled)"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:10
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:24
 msgid "%s is not installed or not found"
 msgstr ""
 
@@ -13,11 +13,11 @@ msgstr ""
 msgid "Disable"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:74
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:88
 msgid "Domains to Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:75
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:89
 msgid ""
 "Domains to be accessed directly (outside of the VPN tunnel), see %sREADME%s "
 "for syntax"
@@ -27,43 +27,47 @@ msgstr ""
 msgid "Enable"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json:3
+msgid "Grant UCI and file access for luci-app-vpnbypass"
+msgstr ""
+
 #: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/js.htm:51
 msgid "Loading"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:57
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:71
 msgid "Local IP Addresses to Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:57
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:71
 msgid ""
 "Local IP addresses or subnets with direct internet access (outside of the "
 "VPN tunnel)"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:43
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:57
 msgid "Local Ports to Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:43
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:57
 msgid "Local ports to trigger VPN Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:64
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:78
 msgid "Remote IP Addresses to Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:64
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:78
 msgid ""
 "Remote IP addresses or subnets which will be accessed directly (outside of "
 "the VPN tunnel)"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:50
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:64
 msgid "Remote Ports to Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:50
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:64
 msgid "Remote ports to trigger VPN Bypass"
 msgstr ""
 
@@ -71,15 +75,15 @@ msgstr ""
 msgid "Restart"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:22
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:36
 msgid "Running"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:33
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:47
 msgid "Service Status"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:32
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:46
 msgid "Service Status [%s %s]"
 msgstr ""
 
@@ -91,7 +95,7 @@ msgstr ""
 msgid "Stop"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:24
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:38
 msgid "Stopped"
 msgstr ""
 
@@ -103,10 +107,10 @@ msgstr ""
 msgid "VPN Bypass"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:41
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:55
 msgid "VPN Bypass Rules"
 msgstr ""
 
-#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:30
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:44
 msgid "VPN Bypass Settings"
 msgstr ""
diff --git a/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json b/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json
index 219307e477..6dc1cb6a3f 100644
--- a/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json
+++ b/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json
@@ -1,11 +1,40 @@
 {
 	"luci-app-vpnbypass": {
-		"description": "Grant UCI access for luci-app-vpnbypass",
+		"description": "Grant UCI and file access for luci-app-vpnbypass",
 		"read": {
-			"uci": [ "dhcp", "vpnbypass" ]
+			"cgi-io": [
+				"exec"
+			],
+			"file": {
+				"/usr/lib/opkg/status": [
+					"read"
+				],
+				"/etc/init.d/vpnbypass *": [
+					"exec"
+				],
+				"/etc/init.d/dnsmasq restart *": [
+					"exec"
+				],
+				"/usr/bin/grep *": [
+					"exec"
+				],
+				"/usr/sbin/grep *": [
+					"exec"
+				],
+				"/usr/sbin/iptables *": [
+					"exec"
+				]
+			},
+			"uci": [
+				"dhcp",
+				"vpnbypass"
+			]
 		},
 		"write": {
-			"uci": [ "dhcp", "vpnbypass" ]
+			"uci": [
+				"dhcp",
+				"vpnbypass"
+			]
 		}
 	}
-}
+}
\ No newline at end of file
-- 
2.30.2