aqhomecontrol/apps/aqhome-cgi/modules/common/mmodules.c

/****************************************************************************
 * This file is part of the project AqHome.
 * AqHome (c) by 2025 Martin Preuss, all rights reserved.
 *
 * The license for this file can be found in the file COPYING which you
 * should have received along with this file.
 ****************************************************************************/

#ifdef HAVE_CONFIG_H
# include <config.h>
#endif


#include "./mmodules.h"

#include "aqhome-cgi/service/module.h"

#include <gwenhywfar/debug.h>
#include <gwenhywfar/timestamp.h>



/* ------------------------------------------------------------------------------------------------
 * defs and enums
 * ------------------------------------------------------------------------------------------------
 */

/* ------------------------------------------------------------------------------------------------
 * global vars
 * ------------------------------------------------------------------------------------------------
 */

/* ------------------------------------------------------------------------------------------------
 * forward declarations
 * ------------------------------------------------------------------------------------------------
 */

static void _createPermDefList(AQH_MODULE *m);
static void _createRoleList(AQH_MODULE *m);

static AQH_MODULE *_loadSubModule(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sModuleName);
static int _handleRequest(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sLastPathElem);
static int _handleRqIndex(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqEditMod(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqEditModGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqEditModPost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);

//static int _handleRqEditPerm(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
//static int _handleRqEditPermGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
//static int _handleRqEditPermPost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);

static int _handleRqAddRole(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqAddRoleGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqAddRolePost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);

static int _handleRqEditRole(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqEditRoleGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _handleRqEditRolePost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);
static int _getHighestUsedRoleId(const AQH_ROLE_LIST *roleList);

static int _handleRqDeleteRole(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf);

static void _writeEditModForm(const AQH_MODULE *currentMod, const char *sModName, GWEN_BUFFER *dbuf);
//static void _writePermDefListToForm(const AQH_PERMDEF_LIST *permDefList, const char *sModName, GWEN_BUFFER *dbuf);
static void _writeRoleListToForm(const AQH_ROLE_LIST *roleList,
				 const char *sModName,
				 const AQH_PERMDEF_LIST *permDefList,
				 GWEN_BUFFER *dbuf);

static void _setLocationHeaderForMod(AQCGI_REQUEST *rq, const char *page, const char *sModName);
static void _writePermissionsToForm(const AQH_PERMDEF_LIST *permDefList, uint32_t perms, GWEN_BUFFER *dbuf);
static void _writeEnabledPermissions(const AQH_PERMDEF_LIST *permDefList, uint32_t perms, GWEN_BUFFER *dbuf);
static uint32_t _readPermissionsFromForm(GWEN_DB_NODE *dbPost, const AQH_PERMDEF_LIST *permDefList);



/* ------------------------------------------------------------------------------------------------
 * code
 * ------------------------------------------------------------------------------------------------
 */

void AQH_ModAdmModules_Extend(AQH_MODULE *m, AQH_SERVICE *sv, const char *baseFolder)
{
  AQH_ModService_Extend(m, sv, baseFolder);
  AQH_ModService_SetHandleRequestFn(m, _handleRequest);
  AQH_ModService_SetLoadSubModuleFn(m, _loadSubModule);
}



int AQH_ModAdmModules_Create(AQH_SERVICE *sv)
{
  AQH_MODULE *m;
  int rv;

  m=AQH_Module_new();
  AQH_Module_SetName(m, "modules");
  AQH_Module_SetDescr(m, "modules administration module");
  AQH_Module_SetGuestPerms(m, 0);

  _createPermDefList(m);
  _createRoleList(m);

  rv=AQH_Service_AddModule(sv, m);
  if (rv<0) {
    DBG_INFO(NULL, "here (%d)", rv);
  }
  AQH_Module_free(m);
  return rv;
}



void _createPermDefList(AQH_MODULE *m)
{
  AQH_PERMDEF_LIST *permDefList;

  permDefList=AQH_PermDef_List_new();

  AQH_ModService_AddPermDef(permDefList, "ModuleRead",  0x001, "Read modules");
  AQH_ModService_AddPermDef(permDefList, "ModuleWrite", 0x002, "Modify modules");
  AQH_ModService_AddPermDef(permDefList, "ModuleAdd",   0x004, "Add modules");
  AQH_ModService_AddPermDef(permDefList, "ModuleDel",   0x008, "Remove modules");

  AQH_Module_SetPermDefList(m, permDefList);
}



void _createRoleList(AQH_MODULE *m)
{
  AQH_ROLE_LIST *roleList;
  int id=0;

  roleList=AQH_Role_List_new();
  AQH_ModService_AddRole(roleList, id++, "admin",
                         AQH_MODADMMODULES_PERMS_MODULESREAD |
                         AQH_MODADMMODULES_PERMS_MODULESWRITE |
                         AQH_MODADMMODULES_PERMS_MODULESADD |
                         AQH_MODADMMODULES_PERMS_MODULESDEL,
                         "Administrator Role");
  AQH_Module_SetRoleList(m, roleList);
}



AQH_MODULE *_loadSubModule(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sModuleName)
{
  /* no sub-modules */
  return NULL;
}



int _handleRequest(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, const char *sLastPathElem)
{
  GWEN_BUFFER *dbuf;

  dbuf=GWEN_Buffer_new(0, 256, 0, 1);
  AQH_ModService_AddHeader(m, "en", dbuf);

  if (strcasecmp(sLastPathElem, "index.html")==0)
    _handleRqIndex(m, rq, session, dbuf);
  else if (strcasecmp(sLastPathElem, "editmodule.html")==0)
    _handleRqEditMod(m, rq, session, dbuf);
  else if (strcasecmp(sLastPathElem, "addrole.html")==0)
    _handleRqAddRole(m, rq, session, dbuf);
  else if (strcasecmp(sLastPathElem, "editrole.html")==0)
    _handleRqEditRole(m, rq, session, dbuf);
  else if (strcasecmp(sLastPathElem, "delrole.html")==0)
    _handleRqDeleteRole(m, rq, session, dbuf);
  else {
    AQCGI_Request_SetResponseCode(rq, 404);
    AQCGI_Request_SetResponseText(rq, "Not Found");
  }
  AQH_ModService_AddFooter(m, "en", dbuf);
  AQCGI_Request_SetBufferResponseBody(rq, dbuf);
  AQCGI_Request_AddResponseHeaderData(rq, "Content-type: text/html");

  return AQCGI_SendResponse(rq);
}



int _handleRqIndex(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  uint32_t perms;

  perms=AQH_ModService_GetUserPerms(m);
  DBG_ERROR(NULL, "Perms=%08x", perms);
  if (perms & AQH_MODADMMODULES_PERMS_MODULESREAD) {
    AQH_SERVICE *sv;
    GWEN_STRINGLIST *slModules;

    sv=AQH_ModService_GetService(m);
    slModules=AQH_Service_ListModules(sv);
    if (slModules) {
      GWEN_STRINGLISTENTRY *se;

      GWEN_Buffer_AppendString(dbuf, "<h1>Modules</h1>\n");
      GWEN_Buffer_AppendString(dbuf,
                               "<table class=\"datatable\">\n"
                               "<thead>"
                               "<tr><th>Id</th><th>Name</th><th>Description</th><th>Actions</th></tr>\n"
                               "</thead>\n"
                               "<tbody>\n");
      se=GWEN_StringList_FirstEntry(slModules);
      while(se) {
        const char *sModName;

        sModName=GWEN_StringListEntry_Data(se);
        if (sModName && *sModName) {
          AQH_MODULE *currentMod;

          currentMod=AQH_Service_LoadModule(sv, sModName);
          if (currentMod) {
            const char *s;
            const char *sName;

            sName=AQH_Module_GetName(currentMod);
            GWEN_Buffer_AppendString(dbuf, "<tr>");
            GWEN_Buffer_AppendArgs(dbuf, "<td>%lu</td>", (unsigned long int) AQH_Module_GetId(currentMod));
            GWEN_Buffer_AppendArgs(dbuf, "<td>%s</td>", sName?sName:"");
            s=AQH_Module_GetDescr(currentMod);
            GWEN_Buffer_AppendArgs(dbuf, "<td>%s</td>", s?s:"");

            GWEN_Buffer_AppendString(dbuf, "<td>");
            if (perms & AQH_MODADMMODULES_PERMS_MODULESWRITE)
              GWEN_Buffer_AppendArgs(dbuf,
                                     "<a href=\"editmodule.html?name=%s\"><img src=\"/pics/edit.png\"></a>",
                                     sName?sName:"");
            GWEN_Buffer_AppendArgs(dbuf, "</td>\n");
            GWEN_Buffer_AppendArgs(dbuf, "</tr>\n");
            AQH_Module_free(currentMod);
          }
        }
        se=GWEN_StringListEntry_Next(se);
      }
      GWEN_Buffer_AppendString(dbuf,
                               "</tbody>\n"
                               "</table>\n");
      GWEN_StringList_free(slModules);
    }
    GWEN_Buffer_AppendString(dbuf, "<hr><a href=\"addmodule.html\">Add Module</a>");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>No permissions to read module list.</p>");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqEditMod(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  uint32_t perms;

  perms=AQH_ModService_GetUserPerms(m);
  DBG_ERROR(NULL, "Perms=%08x", perms);
  if (perms & AQH_MODADMMODULES_PERMS_MODULESWRITE) {
    if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_GET)
      return _handleRqEditModGet(m, rq, session, dbuf);
    else if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_POST)
      return _handleRqEditModPost(m, rq, session, dbuf);
    else {
      DBG_ERROR(NULL, "Invalid request method %d", AQCGI_Request_GetRequestMethod(rq));
      AQCGI_Request_SetResponseCode(rq, 405);
      AQCGI_Request_SetResponseText(rq, "Method Not Allowed");
    }
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>No permissions to edit modules.</p>");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqEditModGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  AQH_SERVICE *sv;
  GWEN_DB_NODE *dbQuery;
  const char *sModName;
  AQH_MODULE *currentMod;

  sv=AQH_ModService_GetService(m);
  dbQuery=AQCGI_Request_GetDbQuery(rq);
  sModName=dbQuery?GWEN_DB_GetCharValue(dbQuery, "name", 0, NULL):NULL;
  currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
  if (currentMod) {
    _writeEditModForm(currentMod, sModName, dbuf);
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
    AQH_Module_free(currentMod);
  }
  else {
    AQCGI_Request_AddResponseHeaderData(rq, "Location: index.html");
    AQCGI_Request_SetResponseCode(rq, 303);
    AQCGI_Request_SetResponseText(rq, "See other");
  }
  return 0;
}



void _writeEditModForm(const AQH_MODULE *currentMod, const char *sModName, GWEN_BUFFER *dbuf)
{
  const char *sName;
  const char *sDescr;
  const AQH_PERMDEF_LIST *permDefList;
  const AQH_ROLE_LIST *roleList;

  permDefList=AQH_Module_GetPermDefList(currentMod);
  roleList=AQH_Module_GetRoleList(currentMod);
  sName=AQH_Module_GetName(currentMod);
  sDescr=AQH_Module_GetDescr(currentMod);
  /* write module info */
  GWEN_Buffer_AppendString(dbuf, "<h2>Module Info</h2>\n");
  GWEN_Buffer_AppendArgs(dbuf,
			 "<form action=\"editmodule.html\" method=\"post\">\n"
			 "<table class=\"formtable\">\n"
			 "<tr>"
			 "<td><label for=\"name\">Name:</label></td>"
			 "<td><input type=\"text\" name=\"name\" value=\"%s\"></td>"
			 "</tr>\n"
			 "<tr>"
			 "<td><label for=\"descr\">Description:</label></td>"
			 "<td><input type=\"text\" name=\"descr\" value=\"%s\"></td>"
			 "</tr>\n",
			 sName?sName:"", sDescr?sDescr:"");
  
  if (permDefList) {
    GWEN_Buffer_AppendArgs(dbuf,
			   "<tr>"
			   "<td><label>Guest Permissions:</label></td>\n"
			   "<td>");
    _writePermissionsToForm(permDefList, AQH_Module_GetGuestPerms(currentMod), dbuf);
    GWEN_Buffer_AppendArgs(dbuf, "</td>" "</tr>");
  }
  
  GWEN_Buffer_AppendString(dbuf, "</table>\n");
  
  GWEN_Buffer_AppendArgs(dbuf, "<input type=\"hidden\" name=\"module\" value=\"%s\">\n", sModName?sModName:"");
  GWEN_Buffer_AppendString(dbuf, "<input type=\"submit\" value=\"Save\">\n</form>\n\n");

  /* write role list */
  GWEN_Buffer_AppendString(dbuf, "<h2>User Roles</h2>\n");
  if (roleList)
    _writeRoleListToForm(roleList, sModName, permDefList, dbuf);
  else
    GWEN_Buffer_AppendString(dbuf, "<p>none</p>");
  GWEN_Buffer_AppendArgs(dbuf,
			 "<a href=\"addrole.html?mod=%s\">"
			 "<img src=\"/pics/plus.png\">Add Role</a>\n",
			 sModName?sModName:"");
}



void _writeRoleListToForm(const AQH_ROLE_LIST *roleList,
			  const char *sModName,
			  const AQH_PERMDEF_LIST *permDefList,
			  GWEN_BUFFER *dbuf)
{
  const AQH_ROLE *role;

  GWEN_Buffer_AppendString(dbuf,
			   "<table class=\"datatable\">\n"
			   "<thead>"
			   "<tr><th>Id</th><th>Name</th><th>Permissions</th><th>Description</th><th>Actions</th></tr>\n"
			   "</thead>\n"
			   "<tbody>\n");
  role=AQH_Role_List_First(roleList);
  while(role) {
    uint8_t id;
    const char *s;

    GWEN_Buffer_AppendString(dbuf, "<tr>");
    /* id */
    id=AQH_Role_GetId(role);
    GWEN_Buffer_AppendArgs(dbuf, "<td>%d</td>", id);
    /* name */
    s=AQH_Role_GetName(role);
    GWEN_Buffer_AppendArgs(dbuf, "<td>%s</td>", s?s:"");
    /* permissions */
    GWEN_Buffer_AppendString(dbuf, "<td>");
    if (permDefList)
      _writeEnabledPermissions(permDefList, AQH_Role_GetPerms(role), dbuf);
    GWEN_Buffer_AppendString(dbuf, "</td>");
    /* description */
    s=AQH_Role_GetDescr(role);
    GWEN_Buffer_AppendArgs(dbuf, "<td>%s</td>", s?s:"");
    /* actions */
    GWEN_Buffer_AppendArgs(dbuf, "<td>");
    GWEN_Buffer_AppendArgs(dbuf,
			   "<a href=\"editrole.html?mod=%s&id=%d\">"
			   "<img src=\"/pics/edit.png\"></a>",
			   sModName?sModName:"", id);
    GWEN_Buffer_AppendArgs(dbuf,
			   "<a href=\"delrole.html?mod=%s&id=%d\">"
			   "<img src=\"/pics/minus.png\"></a>",
			   sModName?sModName:"", id);
    GWEN_Buffer_AppendArgs(dbuf, "</td>");

    GWEN_Buffer_AppendString(dbuf, "</tr>\n");
    role=AQH_Role_List_Next(role);
  }

  GWEN_Buffer_AppendString(dbuf,
			   "</tbody>\n"
			   "</table>\n");
}




int _handleRqEditModPost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  AQH_SERVICE *sv;
  GWEN_DB_NODE *dbPost;
  const char *sModName;
  AQH_MODULE *currentMod;

  DBG_ERROR(NULL, "Post request received");
  sv=AQH_ModService_GetService(m);
  dbPost=AQCGI_Request_GetDbPostBody(rq);
  sModName=dbPost?GWEN_DB_GetCharValue(dbPost, "module", 0, NULL):NULL;
  currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
  if (currentMod) {
    const char *sNewModName;
    const char *sDescr;
    int rv;
    uint32_t perms;
    const AQH_PERMDEF_LIST *permDefList;

    permDefList=AQH_Module_GetPermDefList(currentMod);
    sNewModName=GWEN_DB_GetCharValue(dbPost, "name", 0, NULL);
    sDescr=GWEN_DB_GetCharValue(dbPost, "descr", 0, NULL);
    perms=_readPermissionsFromForm(dbPost, permDefList);
    if (sNewModName && *sNewModName)
      AQH_Module_SetName(currentMod, sNewModName);
    AQH_Module_SetDescr(currentMod, sDescr);
    AQH_Module_SetGuestPerms(currentMod, perms);

    rv=AQH_Service_SaveModule(sv, currentMod);
    if (rv<0) {
      GWEN_Buffer_AppendString(dbuf, "<h2>Error</h2><p>Error saving module</p>");
      DBG_ERROR(NULL, "Could not save module \"%s\"", sModName);
      AQCGI_Request_SetResponseCode(rq, 200);
      AQCGI_Request_SetResponseText(rq, "Ok");
      AQH_Module_free(currentMod);
      return 0;
    }
    DBG_ERROR(NULL, "Module \"%s\" saved", sModName);
    AQH_Module_free(currentMod);
    AQCGI_Request_AddResponseHeaderData(rq, "Location: index.html");
    AQCGI_Request_SetResponseCode(rq, 303);
    AQCGI_Request_SetResponseText(rq, "See other");
  }
  else {
    DBG_ERROR(NULL, "Could not load module \"%s\"", sModName?sModName:"<no name>");
    GWEN_Buffer_AppendString(dbuf, "<p>Error loading module.</p>\n");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqAddRole(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  uint32_t perms;

  perms=AQH_ModService_GetUserPerms(m);
  DBG_ERROR(NULL, "Perms=%08x", perms);
  if (perms & AQH_MODADMMODULES_PERMS_MODULESWRITE) {
    if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_GET)
      return _handleRqAddRoleGet(m, rq, session, dbuf);
    else if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_POST)
      return _handleRqAddRolePost(m, rq, session, dbuf);
    else {
      DBG_ERROR(NULL, "Invalid request method %d", AQCGI_Request_GetRequestMethod(rq));
      AQCGI_SendResponseWithStatus(rq, 405, "Method Not Allowed");
      AQCGI_Request_SetResponseCode(rq, 405);
      AQCGI_Request_SetResponseText(rq, "Method Not Allowed");
    }
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>No permissions to edit modules.</p>");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqAddRoleGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  AQH_SERVICE *sv;
  GWEN_DB_NODE *dbQuery;
  const char *sModName;
  AQH_MODULE *currentMod;
  const AQH_PERMDEF_LIST *permDefList;
  uint32_t guestPerms;

  sv=AQH_ModService_GetService(m);
  dbQuery=AQCGI_Request_GetDbQuery(rq);
  sModName=dbQuery?GWEN_DB_GetCharValue(dbQuery, "mod", 0, NULL):NULL;
  currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
  guestPerms=currentMod?AQH_Module_GetGuestPerms(currentMod):0;
  permDefList=currentMod?AQH_Module_GetPermDefList(currentMod):NULL;

  if (currentMod) {
    if (permDefList) {
      GWEN_Buffer_AppendArgs(dbuf, "<h2>Add Role for Module %s</h2>\n", sModName?sModName:"");
      GWEN_Buffer_AppendString(dbuf,
                               "<form action=\"addrole.html\" method=\"post\">\n"
                               "<table class=\"formtable\">\n"
                               "<tr>"
                               "<td><label for=\"name\">Name:</label></td>"
                               "<td><input type=\"text\" name=\"name\"></td>"
                               "<tr>"
                               "<td><label for=\"descr\">Description:</label></td>"
                               "<td><input type=\"text\" name=\"descr\"></td>"
                               "</tr>\n");

      GWEN_Buffer_AppendString(dbuf, "<tr><td><label>Permissions:</label></td><td>");
      _writePermissionsToForm(permDefList, guestPerms, dbuf);
      GWEN_Buffer_AppendString(dbuf, "</td></tr>\n");

#if 0
      GWEN_Buffer_AppendString(dbuf, "<tr><td><label>Explicitly add permissions:</label></td><td>");
      _writePermissionsToForm(permDefList, 0, dbuf);
      GWEN_Buffer_AppendString(dbuf, "</td></tr>\n");

      GWEN_Buffer_AppendString(dbuf, "<tr><td><label>Explicitly sub permissions:</label></td><td>");
      _writePermissionsToForm(permDefList, 0, dbuf);
      GWEN_Buffer_AppendString(dbuf, "</td></tr>\n");
#endif

      GWEN_Buffer_AppendString(dbuf, "</table>\n");
      GWEN_Buffer_AppendArgs(dbuf, "<input type=\"hidden\" name=\"mod\" value=\"%s\">\n", sModName?sModName:"");
      GWEN_Buffer_AppendString(dbuf, "<input type=\"submit\" value=\"Add\">\n");
      GWEN_Buffer_AppendString(dbuf, "</form>\n\n");
      AQCGI_Request_SetResponseCode(rq, 200);
      AQCGI_Request_SetResponseText(rq, "Ok");
    }
    else {
      GWEN_Buffer_AppendString(dbuf, "<p>Please add permission definitions first.</p>\n");
      GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
      AQCGI_Request_SetResponseCode(rq, 200);
      AQCGI_Request_SetResponseText(rq, "Ok");
    }
    AQH_Module_free(currentMod);
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>Error loading module.</p>\n");
    GWEN_Buffer_AppendString(dbuf, "<p><a href=\"index.html\"> back to module list</p>\n");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqAddRolePost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  AQH_SERVICE *sv;
  GWEN_DB_NODE *dbPost;
  const char *sModName;
  AQH_MODULE *currentMod;
  int newId;
  const char *sName;
  const char *sDescr;
  uint32_t perms;
#if 0
  uint32_t explAddPerms;
  uint32_t explDelPerms;
#endif
  AQH_PERMDEF_LIST *permDefList;
  AQH_ROLE_LIST *roleList;
  int rv;

  /* sample data */
  DBG_ERROR(NULL, "Handling POST request");
  sv=AQH_ModService_GetService(m);
  dbPost=AQCGI_Request_GetDbPostBody(rq);
  sModName=dbPost?GWEN_DB_GetCharValue(dbPost, "mod", 0, NULL):NULL;
  currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
  permDefList=currentMod?AQH_Module_GetPermDefList(currentMod):NULL;
  roleList=currentMod?AQH_Module_GetRoleList(currentMod):NULL;
  /* read role values */
  newId=(roleList?_getHighestUsedRoleId(roleList):0)+1;
  sName=dbPost?GWEN_DB_GetCharValue(dbPost, "name", 0, NULL):NULL;
  sDescr=dbPost?GWEN_DB_GetCharValue(dbPost, "descr", 0, NULL):NULL;
  perms=(dbPost && permDefList)?_readPermissionsFromForm(dbPost, permDefList):0;

    /* validate */
  if (!(sName && *sName)) {
    DBG_ERROR(NULL, "Missing value for \"name\"");
    GWEN_Buffer_AppendString(dbuf, "<p>Missing name.</p>\n");
    GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
    return 0;
  }

  if (currentMod) {
    AQH_ROLE *role;

    /* set new values */
    role=AQH_Role_new();
    AQH_Role_SetId(role, newId);
    AQH_Role_SetName(role, sName);
    AQH_Role_SetDescr(role, sDescr);
    AQH_Role_SetPerms(role, perms);
    /* add role */
    if (roleList==NULL) {
      roleList=AQH_Role_List_new();
      AQH_Module_SetRoleList(currentMod, roleList);
    }
    AQH_Role_List_Add(role, roleList);

    /* save module */
    rv=AQH_Service_SaveModule(sv, currentMod);
    if (rv<0) {
      GWEN_Buffer_AppendString(dbuf, "<p>Error saving module.</p>\n");
      GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
      AQCGI_Request_SetResponseCode(rq, 200);
      AQCGI_Request_SetResponseText(rq, "Ok");
      AQH_Module_free(currentMod);
      return 0;
    }
    _setLocationHeaderForMod(rq, "editmodule.html", sModName);
    AQCGI_Request_SetResponseCode(rq, 303);
    AQCGI_Request_SetResponseText(rq, "See Other");
    AQH_Module_free(currentMod);
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>Error loading module.</p>\n");
    GWEN_Buffer_AppendString(dbuf, "<p><a href=\"index.html\"> back to module list</p>\n");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }

  return 0;
}



int _getHighestUsedRoleId(const AQH_ROLE_LIST *roleList)
{
  int id=0;

  if (roleList) {
    const AQH_ROLE *role;

    role=AQH_Role_List_First(roleList);
    while(role) {
      int rid;

      rid=AQH_Role_GetId(role);
      id=(rid>id)?rid:id;
      role=AQH_Role_List_Next(role);
    }
  }
  return id;
}



int _handleRqEditRole(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  uint32_t perms;

  perms=AQH_ModService_GetUserPerms(m);
  DBG_ERROR(NULL, "Perms=%08x", perms);
  if (perms & AQH_MODADMMODULES_PERMS_MODULESWRITE) {
    if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_GET)
      return _handleRqEditRoleGet(m, rq, session, dbuf);
    else if (AQCGI_Request_GetRequestMethod(rq)==AQCGI_REQUEST_METHOD_POST)
      return _handleRqEditRolePost(m, rq, session, dbuf);
    else {
      DBG_ERROR(NULL, "Invalid request method %d", AQCGI_Request_GetRequestMethod(rq));
      AQCGI_Request_SetResponseCode(rq, 405);
      AQCGI_Request_SetResponseText(rq, "Method Not Allowed");
    }
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>No permissions to edit modules.</p>");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqEditRoleGet(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  AQH_SERVICE *sv;
  GWEN_DB_NODE *dbQuery;
  const char *sModName;
  int id;
  const char *sName;
  const char *sDescr;
  uint32_t perms;
#if 0
  uint32_t explAddPerms;
  uint32_t explDelPerms;
#endif
  AQH_MODULE *currentMod;
  const AQH_PERMDEF_LIST *permDefList;
  const AQH_ROLE_LIST *roleList;
  const AQH_ROLE *role;

  sv=AQH_ModService_GetService(m);
  dbQuery=AQCGI_Request_GetDbQuery(rq);
  sModName=dbQuery?GWEN_DB_GetCharValue(dbQuery, "mod", 0, NULL):NULL;
  id=dbQuery?GWEN_DB_GetIntValue(dbQuery, "id", 0, 0):0;
  currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
  permDefList=currentMod?AQH_Module_GetPermDefList(currentMod):NULL;
  roleList=currentMod?AQH_Module_GetRoleList(currentMod):NULL;
  role=roleList?AQH_Role_List_GetById(roleList, id):NULL;
  sName=role?AQH_Role_GetName(role):NULL;
  sDescr=role?AQH_Role_GetDescr(role):NULL;
  perms=role?AQH_Role_GetPerms(role):0;
#if 0
  explAddPerms=role?AQH_Role_GetExplAddPerms(role):0;
  explDelPerms=role?AQH_Role_GetExplDelPerms(role):0;
#endif

  if (role) {
    GWEN_Buffer_AppendArgs(dbuf, "<h2>Edit Role for Module %s</h2>\n", sModName?sModName:"");
    GWEN_Buffer_AppendArgs(dbuf,
			   "<form action=\"editrole.html\" method=\"post\">\n"
			   "<table class=\"formtable\">\n"
			   "<tr>\n"
			   "<td><label for=\"name\">Name:</label></td>"
			   "<td><input type=\"text\" name=\"name\" value=\"%s\"></td>"
			   "</tr>\n"
			   "<tr>"
			   "<td><label for=\"descr\">Description:</label></td>"
			   "<td><input type=\"text\" name=\"descr\" value=\"%s\"></td>"
			   "</tr>\n",
			   sName, sDescr?sDescr:"");

    GWEN_Buffer_AppendString(dbuf, "<tr><td><label>Permissions:</label></td><td>");
    _writePermissionsToForm(permDefList, perms, dbuf);
    GWEN_Buffer_AppendString(dbuf, "</td></tr>\n");

#if 0
    GWEN_Buffer_AppendString(dbuf, "<tr><td><label>Explicitly add permissions:</label></td><td>");
    _writePermissionsToForm(permDefList, explAddPerms, dbuf);
    GWEN_Buffer_AppendString(dbuf, "</td></tr>\n");

    GWEN_Buffer_AppendString(dbuf, "<tr><td><label>Explicitly sub permissions:</label></td><td>");
    _writePermissionsToForm(permDefList, explDelPerms, dbuf);
    GWEN_Buffer_AppendString(dbuf, "</td></tr>\n");
#endif

    GWEN_Buffer_AppendString(dbuf, "</table>\n");

    GWEN_Buffer_AppendArgs(dbuf, "<input type=\"hidden\" name=\"mod\" value=\"%s\">\n", sModName?sModName:"");
    GWEN_Buffer_AppendArgs(dbuf, "<input type=\"hidden\" name=\"oldId\" value=\"%d\">\n", id);
    GWEN_Buffer_AppendString(dbuf, "<input type=\"submit\" value=\"Save\">\n");
    GWEN_Buffer_AppendString(dbuf, "</form>\n\n");
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>Role not found.</p>\n");
    GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
  }
  AQCGI_Request_SetResponseCode(rq, 200);
  AQCGI_Request_SetResponseText(rq, "Ok");
  return 0;
}



int _handleRqEditRolePost(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  AQH_SERVICE *sv;
  GWEN_DB_NODE *dbPost;
  const char *sModName;
  AQH_MODULE *currentMod;
  int oldId;
  const char *sName;
  const char *sDescr;
  uint32_t perms;
#if 0
  uint32_t explAddPerms;
  uint32_t explDelPerms;
#endif
  AQH_PERMDEF_LIST *permDefList;
  AQH_ROLE_LIST *roleList;
  AQH_ROLE *role;
  int rv;

  /* sample data */
  sv=AQH_ModService_GetService(m);
  dbPost=AQCGI_Request_GetDbPostBody(rq);
  sModName=dbPost?GWEN_DB_GetCharValue(dbPost, "mod", 0, NULL):NULL;
  currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
  permDefList=currentMod?AQH_Module_GetPermDefList(currentMod):NULL;
  roleList=currentMod?AQH_Module_GetRoleList(currentMod):NULL;
  /* read role data */
  oldId=dbPost?GWEN_DB_GetIntValue(dbPost, "oldId", 0, -1):-1;
  sName=dbPost?GWEN_DB_GetCharValue(dbPost, "name", 0, NULL):NULL;
  sDescr=dbPost?GWEN_DB_GetCharValue(dbPost, "descr", 0, NULL):NULL;
  role=roleList?AQH_Role_List_GetById(roleList, oldId):NULL;
  perms=(dbPost && permDefList)?_readPermissionsFromForm(dbPost, permDefList):0;

  /* validate */
  if (!(sName && *sName)) {
    DBG_ERROR(NULL, "Missing value for \"name\"");
    GWEN_Buffer_AppendString(dbuf, "<p>Missing name.</p>\n");
    GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
    return 0;
  }
  if (role==NULL) {
    DBG_ERROR(NULL, "Role %d not found", oldId);
    GWEN_Buffer_AppendString(dbuf, "<p>Role not found.</p>\n");
    GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
    return 0;
  }

  if (currentMod) {
    /* set new values */
    AQH_Role_SetName(role, sName);
    AQH_Role_SetDescr(role, sDescr);
    AQH_Role_SetPerms(role, perms);

    /* save module */
    rv=AQH_Service_SaveModule(sv, currentMod);
    if (rv<0) {
      GWEN_Buffer_AppendString(dbuf, "<p>Error saving module.</p>\n");
      GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
      AQCGI_Request_SetResponseCode(rq, 200);
      AQCGI_Request_SetResponseText(rq, "Ok");
      AQH_Module_free(currentMod);
      return 0;
    }

    _setLocationHeaderForMod(rq, "editmodule.html", sModName);
    AQCGI_Request_SetResponseCode(rq, 303);
    AQCGI_Request_SetResponseText(rq, "See Other");
    AQH_Module_free(currentMod);
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>Error loading module.</p>\n");
    GWEN_Buffer_AppendString(dbuf, "<p><a href=\"index.html\"> back to module list</p>\n");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



int _handleRqDeleteRole(AQH_MODULE *m, AQCGI_REQUEST *rq, AQH_SESSION *session, GWEN_BUFFER *dbuf)
{
  uint32_t perms;

  perms=AQH_ModService_GetUserPerms(m);
  DBG_ERROR(NULL, "Perms=%08x", perms);
  if (perms & AQH_MODADMMODULES_PERMS_MODULESWRITE) {
    AQH_SERVICE *sv;
    GWEN_DB_NODE *dbQuery;
    const char *sModName;
    int id;
    AQH_MODULE *currentMod;
    const AQH_ROLE_LIST *roleList;
    AQH_ROLE *role;

    sv=AQH_ModService_GetService(m);
    dbQuery=AQCGI_Request_GetDbQuery(rq);
    sModName=dbQuery?GWEN_DB_GetCharValue(dbQuery, "mod", 0, NULL):NULL;
    id=dbQuery?GWEN_DB_GetIntValue(dbQuery, "id", 0, 0):0;
    currentMod=(sModName && *sModName)?AQH_Service_LoadModule(sv, sModName):NULL;
    if (currentMod) {
      roleList=currentMod?AQH_Module_GetRoleList(currentMod):NULL;
      role=roleList?AQH_Role_List_GetById(roleList, id):NULL;
      if (role) {
        int rv;

        AQH_Role_List_Del(role);
        AQH_Role_free(role);

        /* save module */
        rv=AQH_Service_SaveModule(sv, currentMod);
        if (rv<0) {
          GWEN_Buffer_AppendString(dbuf, "<p>Error saving module.</p>\n");
          GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
          AQCGI_Request_SetResponseCode(rq, 200);
          AQCGI_Request_SetResponseText(rq, "Ok");
          AQH_Module_free(currentMod);
          return 0;
        }

        _setLocationHeaderForMod(rq, "editmodule.html", sModName);
        AQCGI_Request_SetResponseCode(rq, 303);
        AQCGI_Request_SetResponseText(rq, "See Other");
      }
      else {
        GWEN_Buffer_AppendString(dbuf, "<p>Role not found.</p>\n");
        GWEN_Buffer_AppendArgs(dbuf, "<p><a href=\"editmodule.html?name=\"%s\"> back to module</p>\n", sModName?sModName:"");
        AQCGI_Request_SetResponseCode(rq, 200);
        AQCGI_Request_SetResponseText(rq, "Ok");
      }
      AQH_Module_free(currentMod);
    }
    else {
      GWEN_Buffer_AppendString(dbuf, "<p>Error loading module.</p>\n");
      GWEN_Buffer_AppendString(dbuf, "<p><a href=\"index.html\"> back to module list</p>\n");
      AQCGI_Request_SetResponseCode(rq, 200);
      AQCGI_Request_SetResponseText(rq, "Ok");
    }
  }
  else {
    GWEN_Buffer_AppendString(dbuf, "<p>No permissions to edit modules.</p>");
    AQCGI_Request_SetResponseCode(rq, 200);
    AQCGI_Request_SetResponseText(rq, "Ok");
  }
  return 0;
}



void _setLocationHeaderForMod(AQCGI_REQUEST *rq, const char *page, const char *sModName)
{
  GWEN_BUFFER *tbuf;

  tbuf=GWEN_Buffer_new(0, 256, 0, 1);
  GWEN_Buffer_AppendArgs(tbuf, "Location: %s?name=%s", page?page:"", sModName?sModName:"");
  AQCGI_Request_AddResponseHeaderData(rq, GWEN_Buffer_GetStart(tbuf));
  GWEN_Buffer_free(tbuf);
}













void _writePermissionsToForm(const AQH_PERMDEF_LIST *permDefList, uint32_t perms, GWEN_BUFFER *dbuf)
{
  if (permDefList) {
    const AQH_PERMDEF *permDef;

    permDef=AQH_PermDef_List_First(permDefList);
    while(permDef) {
      const char *s;
      uint32_t mask;

      s=AQH_PermDef_GetId(permDef);
      mask=AQH_PermDef_GetMask(permDef);
      if (perms & mask)
	GWEN_Buffer_AppendArgs(dbuf, "<input type=\"checkbox\" name=\"%s\" checked>", s?s:"");
      else
	GWEN_Buffer_AppendArgs(dbuf, "<input type=\"checkbox\" name=\"%s\">", s?s:"");
      GWEN_Buffer_AppendArgs(dbuf, "<label for=\"%s\">%s</label>", s?s:"", s?s:"");

      permDef=AQH_PermDef_List_Next(permDef);
    }
  }
}



void _writeEnabledPermissions(const AQH_PERMDEF_LIST *permDefList, uint32_t perms, GWEN_BUFFER *dbuf)
{
  if (permDefList) {
    const AQH_PERMDEF *permDef;

    permDef=AQH_PermDef_List_First(permDefList);
    while(permDef) {
      const char *s;
      uint32_t mask;

      s=AQH_PermDef_GetId(permDef);
      mask=AQH_PermDef_GetMask(permDef);
      if (perms & mask)
	GWEN_Buffer_AppendArgs(dbuf, "%s ", s?s:"");
      permDef=AQH_PermDef_List_Next(permDef);
    }
  }
}



uint32_t _readPermissionsFromForm(GWEN_DB_NODE *dbPost, const AQH_PERMDEF_LIST *permDefList)
{
  uint32_t result=0;

  if (permDefList) {
    const AQH_PERMDEF *permDef;

    permDef=AQH_PermDef_List_First(permDefList);
    while(permDef) {
      const char *id;
      uint32_t mask;
      const char *s;

      id=AQH_PermDef_GetId(permDef);
      mask=AQH_PermDef_GetMask(permDef);
      s=GWEN_DB_GetCharValue(dbPost, id, 0, NULL);
      if (s && *s)
	result|=mask;
      permDef=AQH_PermDef_List_Next(permDef);
    }
  }

  return result;
}