From 80157d34a840042556b451efc7f79c73b5227557 Mon Sep 17 00:00:00 2001
From: Stan Grishin <stangri@melmac.net>
Date: Mon, 21 Sep 2020 18:34:19 +0000
Subject: [PATCH] luci-app-vpnbypass: ACL update

Signed-off-by: Stan Grishin <stangri@melmac.net>
---
 applications/luci-app-vpnbypass/Makefile      |  2 +-
 .../luasrc/controller/vpnbypass.lua           | 23 ++++++-----
 .../luasrc/model/cbi/vpnbypass.lua            | 18 ++++++++-
 .../po/templates/vpnbypass.pot                | 30 ++++++++++++++
 .../share/rpcd/acl.d/luci-app-vpnbypass.json  | 40 +++++++++++++++++++
 5 files changed, 101 insertions(+), 12 deletions(-)
 create mode 100644 applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json

diff --git a/applications/luci-app-vpnbypass/Makefile b/applications/luci-app-vpnbypass/Makefile
index 2795244935..230963623c 100644
--- a/applications/luci-app-vpnbypass/Makefile
+++ b/applications/luci-app-vpnbypass/Makefile
@@ -10,7 +10,7 @@ LUCI_TITLE:=VPN Bypass Web UI
 LUCI_DESCRIPTION:=Provides Web UI for VPNBypass service.
 LUCI_DEPENDS:=+luci-compat +luci-mod-admin-full +vpnbypass
 LUCI_PKGARCH:=all
-PKG_RELEASE:=19
+PKG_RELEASE:=20
 
 include ../../luci.mk
 
diff --git a/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua b/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua
index d5f4a8cafd..057aee787f 100644
--- a/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua
+++ b/applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua
@@ -4,7 +4,6 @@ function index()
 		local e = entry({"admin", "vpn"}, firstchild(), _("VPN"), 60)
 		e.dependent = false
 		e.acl_depends = { "luci-app-vpnbypass" }
-
 		entry({"admin", "vpn", "vpnbypass"}, cbi("vpnbypass"), _("VPN Bypass"))
 		entry({"admin", "vpn", "vpnbypass", "action"}, call("vpnbypass_action"), nil).leaf = true
 	end
@@ -12,18 +11,24 @@ end
 
 function vpnbypass_action(name)
 	local packageName = "vpnbypass"
+	local http = require "luci.http"
+	local sys = require "luci.sys"
+	local uci = require "luci.model.uci".cursor()
+	local util = require "luci.util"
 	if name == "start" then
-		luci.sys.init.start(packageName)
+		sys.init.start(packageName)
 	elseif name == "action" then
-		luci.util.exec("/etc/init.d/" .. packageName .. " restart >/dev/null 2>&1")
-		luci.util.exec("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
+		util.exec("/etc/init.d/" .. packageName .. " restart >/dev/null 2>&1")
+		util.exec("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
 	elseif name == "stop" then
-		luci.sys.init.stop(packageName)
+		sys.init.stop(packageName)
 	elseif name == "enable" then
-		luci.util.exec("uci set " .. packageName .. ".config.enabled=1; uci commit " .. packageName)
+		uci:set(packageName, "config", "enabled", "1")
+		uci:commit(packageName)
 	elseif name == "disable" then
-		luci.util.exec("uci set " .. packageName .. ".config.enabled=0; uci commit " .. packageName)
+		uci:set(packageName, "config", "enabled", "0")
+		uci:commit(packageName)
 	end
-	luci.http.prepare_content("text/plain")
-	luci.http.write("0")
+	http.prepare_content("text/plain")
+	http.write("0")
 end
diff --git a/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua b/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua
index 8a70bd1bb9..ed9599c90e 100644
--- a/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua
+++ b/applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua
@@ -4,8 +4,22 @@ local sys = require "luci.sys"
 local util = require "luci.util"
 local packageName = "vpnbypass"
 
-local packageVersion, statusText = nil, nil 
-packageVersion = tostring(util.trim(sys.exec("opkg list-installed " .. packageName .. " | awk '{print $3}'"))) or ""
+function getPackageVersion()
+	local opkgFile = "/usr/lib/opkg/status"
+	local line
+	local flag = false
+	for line in io.lines(opkgFile) do
+		if flag then
+			return line:match('[%d%.$-]+') or ""
+		elseif line:find("Package: " .. packageName:gsub("%-", "%%%-")) then
+			flag = true
+		end
+	end
+	return ""
+end
+
+local packageVersion = getPackageVersion()
+local statusText = nil 
 if packageVersion == "" then
 	statusText = translatef("%s is not installed or not found", packageName)
 end
diff --git a/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot b/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot
index 3514cf9aa6..abbe198229 100644
--- a/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot
+++ b/applications/luci-app-vpnbypass/po/templates/vpnbypass.pot
@@ -1,86 +1,116 @@
 msgid ""
 msgstr "Content-Type: text/plain; charset=UTF-8"
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:40
 msgid "%s (disabled)"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:24
 msgid "%s is not installed or not found"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/buttons.htm:57
 msgid "Disable"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:88
 msgid "Domains to Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:89
 msgid ""
 "Domains to be accessed directly (outside of the VPN tunnel), see %sREADME%s "
 "for syntax"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/buttons.htm:54
 msgid "Enable"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json:3
+msgid "Grant UCI and file access for luci-app-vpnbypass"
+msgstr ""
+
+#: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/js.htm:51
 msgid "Loading"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:71
 msgid "Local IP Addresses to Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:71
 msgid ""
 "Local IP addresses or subnets with direct internet access (outside of the "
 "VPN tunnel)"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:57
 msgid "Local Ports to Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:57
 msgid "Local ports to trigger VPN Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:78
 msgid "Remote IP Addresses to Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:78
 msgid ""
 "Remote IP addresses or subnets which will be accessed directly (outside of "
 "the VPN tunnel)"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:64
 msgid "Remote Ports to Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:64
 msgid "Remote ports to trigger VPN Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/buttons.htm:44
 msgid "Restart"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:36
 msgid "Running"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:47
 msgid "Service Status"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:46
 msgid "Service Status [%s %s]"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/buttons.htm:41
 msgid "Start"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/view/vpnbypass/buttons.htm:47
 msgid "Stop"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:38
 msgid "Stopped"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua:4
 msgid "VPN"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/controller/vpnbypass.lua:7
 msgid "VPN Bypass"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:55
 msgid "VPN Bypass Rules"
 msgstr ""
 
+#: applications/luci-app-vpnbypass/luasrc/model/cbi/vpnbypass.lua:44
 msgid "VPN Bypass Settings"
 msgstr ""
diff --git a/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json b/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json
new file mode 100644
index 0000000000..6dc1cb6a3f
--- /dev/null
+++ b/applications/luci-app-vpnbypass/root/usr/share/rpcd/acl.d/luci-app-vpnbypass.json
@@ -0,0 +1,40 @@
+{
+	"luci-app-vpnbypass": {
+		"description": "Grant UCI and file access for luci-app-vpnbypass",
+		"read": {
+			"cgi-io": [
+				"exec"
+			],
+			"file": {
+				"/usr/lib/opkg/status": [
+					"read"
+				],
+				"/etc/init.d/vpnbypass *": [
+					"exec"
+				],
+				"/etc/init.d/dnsmasq restart *": [
+					"exec"
+				],
+				"/usr/bin/grep *": [
+					"exec"
+				],
+				"/usr/sbin/grep *": [
+					"exec"
+				],
+				"/usr/sbin/iptables *": [
+					"exec"
+				]
+			},
+			"uci": [
+				"dhcp",
+				"vpnbypass"
+			]
+		},
+		"write": {
+			"uci": [
+				"dhcp",
+				"vpnbypass"
+			]
+		}
+	}
+}
\ No newline at end of file
-- 
2.30.2