Leosac  0.8.0
Open Source Access Control
SecurityContext.hpp
Go to the documentation of this file.
1 /*
2  Copyright (C) 2014-2016 Leosac
3 
4  This file is part of Leosac.
5 
6  Leosac is free software: you can redistribute it and/or modify
7  it under the terms of the GNU Affero General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  Leosac is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU Affero General Public License for more details.
15 
16  You should have received a copy of the GNU Affero General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 
20 #pragma once
21 
22 #include "core/audit/AuditFwd.hpp"
23 #include "core/auth/AuthFwd.hpp"
25 #include "hardware/HardwareFwd.hpp"
26 #include "tools/ToolsFwd.hpp"
27 #include "tools/db/db_fwd.hpp"
28 
29 namespace Leosac
30 {
41 {
42  public:
43  // Forward declare the union so we can write cast operator.
44  union ActionParam;
45  enum class Action
46  {
50  IS_ADMIN,
54  IS_MANAGER,
55 
56 
58  USER_READ,
63 
74 
76  GROUP_READ,
80 
90 
95 
101 
102  DOOR_READ,
103  DOOR_UPDATE,
104  DOOR_CREATE,
105  DOOR_DELETE,
106  DOOR_SEARCH,
107 
113 
114  ZONE_READ,
115  ZONE_UPDATE,
116  ZONE_CREATE,
117  ZONE_DELETE,
118  ZONE_SEARCH,
119 
129 
130  LOG_READ,
131 
135  AUDIT_READ,
141 
146 
151 
163  };
164 
166  {
168 
169  operator ActionParam();
170  };
171 
173  {
175 
176  operator ActionParam();
177  };
178 
180  {
182 
183  operator ActionParam();
184  };
185 
187  {
189  Auth::GroupId group_id; // for create/delete
190  Auth::UserId user_id; // for create/delete
191  Auth::GroupRank rank; // for create
192 
193  operator ActionParam();
194  };
195 
197  {
199 
200  operator ActionParam();
201  };
202 
204  {
206 
207  operator ActionParam();
208  };
209 
211  {
213 
214  operator ActionParam();
215  };
216 
218  {
220 
221  operator ActionParam();
222  };
223 
225  {
227 
228  operator ActionParam();
229  };
230 
231  union ActionParam {
241  };
242 
243  explicit SecurityContext(DBServicePtr dbsrv);
244  virtual ~SecurityContext() = default;
245 
252  virtual bool check_permission(Action a, const ActionParam &ap) const;
253 
258  bool check_permission(Action a) const;
259 
264  void enforce_permission(Action a, const ActionParam &ap) const;
265 
270  void enforce_permission(Action a) const;
271 
272  protected:
274 
275  private:
279  virtual bool check_permission_impl(Action a, const ActionParam &ap) const = 0;
280 };
281 
288 {
289  public:
290  explicit SystemSecurityContext(DBServicePtr dbsrv);
291 
292  static SecurityContext &instance();
293  virtual bool check_permission_impl(Action a,
294  const ActionParam &ap) const override;
295 };
296 
302 {
303  explicit ExecutionContext(SecurityContext &sc);
304 
306 
307 
312 
318 };
319 
321 {
323 };
324 }
Leosac::SecurityContext::Action::ZONE_SEARCH
@ ZONE_SEARCH
Leosac::SecurityContext::ScheduleActionParam
Definition: SecurityContext.hpp:196
Leosac::SecurityContext::Action::DOOR_READ
@ DOOR_READ
Leosac::SecurityContext::Action::GROUP_READ
@ GROUP_READ
Leosac::SystemSecurityContext::instance
static SecurityContext & instance()
Definition: SecurityContext.cpp:64
Leosac::SecurityContext::Action::HARDWARE_CREATE
@ HARDWARE_CREATE
Leosac::ExecutionContext::sec
SecurityContext & sec
The SecurityContext of the caller.
Definition: SecurityContext.hpp:311
Leosac::SecurityContext::ActionParam::sched
ScheduleActionParam sched
Definition: SecurityContext.hpp:236
Leosac::SecurityContext::GroupActionParam
Definition: SecurityContext.hpp:165
Leosac::Auth::ZoneId
unsigned long ZoneId
Definition: AuthFwd.hpp:119
Leosac::SecurityContext::Action::HARDWARE_DELETE
@ HARDWARE_DELETE
Leosac::SecurityContext::Action::SCHEDULE_CREATE
@ SCHEDULE_CREATE
Leosac::SecurityContext::check_permission
virtual bool check_permission(Action a, const ActionParam &ap) const
Check for the permission to perform action a with parameters ap.
Definition: SecurityContext.cpp:30
Leosac::SystemSecurityContext
A security context for system operation.
Definition: SecurityContext.hpp:287
AuthFwd.hpp
Leosac::SecurityContext::Action::ZONE_READ
@ ZONE_READ
Leosac::SecurityContext::HardwareDeviceActionParam::device_id
Hardware::DeviceId device_id
Definition: SecurityContext.hpp:226
Leosac::SecurityContext::Action::ACCESS_OVERVIEW
@ ACCESS_OVERVIEW
Overview of users/doors access permission.
Leosac::SecurityContext::Action::SCHEDULE_READ
@ SCHEDULE_READ
Leosac::SecurityContext::Action::GROUP_UPDATE
@ GROUP_UPDATE
Leosac::SecurityContext::AccessPointActionParam
Definition: SecurityContext.hpp:217
Leosac::SecurityContext::UserActionParam
Definition: SecurityContext.hpp:172
Leosac::SecurityContext::Action::ACCESS_POINT_CREATE
@ ACCESS_POINT_CREATE
Leosac::SecurityContext::ActionParam::access_point
AccessPointActionParam access_point
Definition: SecurityContext.hpp:238
Leosac::SecurityContext::Action::USER_READ
@ USER_READ
Leosac::SecurityContext::ActionParam::group
GroupActionParam group
Definition: SecurityContext.hpp:232
Leosac::Audit::IAuditEntryPtr
std::shared_ptr< IAuditEntry > IAuditEntryPtr
Definition: AuditFwd.hpp:40
Leosac::SecurityContext::MembershipActionParam::membership_id
Auth::UserGroupMembershipId membership_id
Definition: SecurityContext.hpp:188
Leosac::SecurityContext::Action::MEMBERSHIP_READ
@ MEMBERSHIP_READ
Leosac::SecurityContext::CredentialActionParam::credential_id
Cred::CredentialId credential_id
Definition: SecurityContext.hpp:181
Leosac::SecurityContext::Action::ZONE_CREATE
@ ZONE_CREATE
Leosac::SecurityContext::Action::GROUP_SEARCH
@ GROUP_SEARCH
Leosac::SecurityContext::Action::SMTP_GETCONFIG
@ SMTP_GETCONFIG
Retrieve SMTP configuration.
Leosac::SecurityContext::Action::DOOR_CREATE
@ DOOR_CREATE
Leosac::SecurityContext::ActionParam
Definition: SecurityContext.hpp:231
Leosac::SecurityContext::DoorActionParam
Definition: SecurityContext.hpp:203
Leosac::SystemExecutionContext
Definition: SecurityContext.hpp:320
Leosac::SecurityContext::Action::USER_CREATE
@ USER_CREATE
Leosac::SecurityContext::MembershipActionParam::rank
Auth::GroupRank rank
Definition: SecurityContext.hpp:191
Leosac::SecurityContext::ZoneActionParam
Definition: SecurityContext.hpp:210
Leosac::SecurityContext::MembershipActionParam::group_id
Auth::GroupId group_id
Definition: SecurityContext.hpp:189
Leosac::SecurityContext::Action::IS_ADMIN
@ IS_ADMIN
A workaround permission that requires the user to be administrator.
Leosac::SystemSecurityContext::check_permission_impl
virtual bool check_permission_impl(Action a, const ActionParam &ap) const override
Reimplement this method to provide permission checking.
Definition: SecurityContext.cpp:58
Leosac::SecurityContext::Action::RESTART_SERVER
@ RESTART_SERVER
Perform to restart the Leosac server.
Leosac::SecurityContext::Action::HARDWARE_READ
@ HARDWARE_READ
Permissions for hardware devices.
Leosac::SecurityContext::Action::USER_READ_EMAIL
@ USER_READ_EMAIL
Leosac::SecurityContext::Action::CREDENTIAL_UPDATE
@ CREDENTIAL_UPDATE
ToolsFwd.hpp
Leosac::SecurityContext::ScheduleActionParam::schedule_id
Tools::ScheduleId schedule_id
Definition: SecurityContext.hpp:198
Leosac::SecurityContext::check_permission_impl
virtual bool check_permission_impl(Action a, const ActionParam &ap) const =0
Reimplement this method to provide permission checking.
Leosac::SecurityContext::Action::GROUP_MEMBERSHIP_JOINED
@ GROUP_MEMBERSHIP_JOINED
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition: APIStatusCode.hpp:22
Leosac::ExecutionContext
An ExecutionContext is passed around to service so they have context about who is making the call and...
Definition: SecurityContext.hpp:301
Leosac::SecurityContext::Action::DOOR_UPDATE
@ DOOR_UPDATE
Leosac::SecurityContext::ZoneActionParam::zone_id
Auth::ZoneId zone_id
Definition: SecurityContext.hpp:212
Leosac::SecurityContext::GroupActionParam::group_id
Auth::GroupId group_id
Definition: SecurityContext.hpp:167
Leosac::SecurityContext::Action::USER_DELETE
@ USER_DELETE
Leosac::Auth::DoorId
unsigned long DoorId
Definition: AuthFwd.hpp:107
Leosac::Auth::UserGroupMembershipId
unsigned long UserGroupMembershipId
Definition: AuthFwd.hpp:82
Leosac::SecurityContext::Action::HARDWARE_UPDATE
@ HARDWARE_UPDATE
Leosac::DBServicePtr
std::shared_ptr< DBService > DBServicePtr
Definition: db_fwd.hpp:34
Leosac::SecurityContext::DoorActionParam::door_id
Auth::DoorId door_id
Definition: SecurityContext.hpp:205
Leosac::SecurityContext::~SecurityContext
virtual ~SecurityContext()=default
Leosac::SecurityContext::ActionParam::zone
ZoneActionParam zone
Definition: SecurityContext.hpp:239
Leosac::SecurityContext::Action::GROUP_CREATE
@ GROUP_CREATE
Leosac::SecurityContext::Action::SMTP_SETCONFIG
@ SMTP_SETCONFIG
Edit the SMTP configuration.
Leosac::SecurityContext::Action::GROUP_DELETE
@ GROUP_DELETE
Leosac::SecurityContext::Action::IS_MANAGER
@ IS_MANAGER
Requires that the user be at least manager.
Leosac::SecurityContext::ActionParam::membership
MembershipActionParam membership
Definition: SecurityContext.hpp:233
Leosac::Tools::ScheduleId
unsigned long ScheduleId
Definition: ToolsFwd.hpp:33
Leosac::SecurityContext::ActionParam::device
HardwareDeviceActionParam device
Definition: SecurityContext.hpp:240
Leosac::SecurityContext::Action::CREDENTIAL_DELETE
@ CREDENTIAL_DELETE
Leosac::ExecutionContext::audit
Audit::IAuditEntryPtr audit
An optional audit object that would act as parent for the audit trail.
Definition: SecurityContext.hpp:317
Leosac::SecurityContext::Action::HARDWARE_SEARCH
@ HARDWARE_SEARCH
Leosac::SecurityContext::Action
Action
Definition: SecurityContext.hpp:45
Leosac::SecurityContext::ActionParam::door
DoorActionParam door
Definition: SecurityContext.hpp:237
HardwareFwd.hpp
Leosac::SecurityContext::AccessPointActionParam::ap_id
Auth::AccessPointId ap_id
Definition: SecurityContext.hpp:219
Leosac::SecurityContext::Action::GROUP_MEMBERSHIP_LEFT
@ GROUP_MEMBERSHIP_LEFT
Leosac::SecurityContext::Action::DOOR_DELETE
@ DOOR_DELETE
Leosac::SecurityContext::enforce_permission
void enforce_permission(Action a, const ActionParam &ap) const
Similar to check_permission(), but throws is the permission is denied.
Definition: SecurityContext.cpp:36
Leosac::SecurityContext::Action::SCHEDULE_SEARCH
@ SCHEDULE_SEARCH
Leosac::SecurityContext::Action::GROUP_LIST_MEMBERSHIP
@ GROUP_LIST_MEMBERSHIP
Ability to list member of a group.
Leosac::SecurityContext::Action::USER_UPDATE_RANK
@ USER_UPDATE_RANK
Editing rank means being able to become administrator.
Leosac::SecurityContext::Action::ACCESS_POINT_READ
@ ACCESS_POINT_READ
Leosac::SecurityContext::CredentialActionParam
Definition: SecurityContext.hpp:179
Leosac::Cred::CredentialId
unsigned long CredentialId
Definition: CredentialFwd.hpp:35
Leosac::Auth::GroupId
unsigned long GroupId
Definition: AuthFwd.hpp:41
Leosac::SecurityContext::MembershipActionParam::user_id
Auth::UserId user_id
Definition: SecurityContext.hpp:190
Leosac::SecurityContext::Action::ZONE_DELETE
@ ZONE_DELETE
Leosac::SecurityContext::SecurityContext
SecurityContext(DBServicePtr dbsrv)
Definition: SecurityContext.cpp:25
Leosac::SecurityContext::Action::USER_CHANGE_PASSWORD
@ USER_CHANGE_PASSWORD
db_fwd.hpp
Leosac::SecurityContext::Action::ACCESS_POINT_UPDATE
@ ACCESS_POINT_UPDATE
Leosac::SecurityContext::Action::ACCESS_POINT_SEARCH
@ ACCESS_POINT_SEARCH
Leosac::SystemExecutionContext::SystemExecutionContext
SystemExecutionContext()
Definition: SecurityContext.cpp:145
Leosac::Auth::UserId
unsigned long UserId
Definition: AuthFwd.hpp:34
Leosac::SecurityContext::Action::AUDIT_READ
@ AUDIT_READ
Read the audit log.
Leosac::SecurityContext::Action::ZONE_UPDATE
@ ZONE_UPDATE
Leosac::Auth::GroupRank
GroupRank
The rank of an User inside a Group.
Definition: AuthFwd.hpp:49
Leosac::SecurityContext::Action::USER_MANAGE_VALIDITY
@ USER_MANAGE_VALIDITY
Can we enable/disable the user or change its validity period ?
CredentialFwd.hpp
Leosac::SecurityContext::Action::USER_SEARCH
@ USER_SEARCH
Leosac::SecurityContext::Action::SCHEDULE_DELETE
@ SCHEDULE_DELETE
Leosac::SecurityContext::ActionParam::cred
CredentialActionParam cred
Definition: SecurityContext.hpp:235
Leosac::SecurityContext::Action::SCHEDULE_UPDATE
@ SCHEDULE_UPDATE
Leosac::SecurityContext::dbsrv_
DBServicePtr dbsrv_
Definition: SecurityContext.hpp:273
AuditFwd.hpp
Leosac::SecurityContext::Action::CREDENTIAL_READ
@ CREDENTIAL_READ
Leosac::SecurityContext::Action::ACCESS_POINT_DELETE
@ ACCESS_POINT_DELETE
Leosac::SecurityContext::MembershipActionParam
Definition: SecurityContext.hpp:186
Leosac::SecurityContext::UserActionParam::user_id
Auth::UserId user_id
Definition: SecurityContext.hpp:174
Leosac::SecurityContext::Action::CREDENTIAL_CREATE
@ CREDENTIAL_CREATE
Leosac::SecurityContext::Action::AUDIT_READ_FULL
@ AUDIT_READ_FULL
Read the audit log and access additional information, such as the JSON "before" and "after" field.
Leosac::SecurityContext::Action::USER_UPDATE
@ USER_UPDATE
Leosac::SecurityContext
A SecurityContext is used to query permission while doing an operation.
Definition: SecurityContext.hpp:40
Leosac::SecurityContext::HardwareDeviceActionParam
Definition: SecurityContext.hpp:224
Leosac::UUID
Thin wrapper around boost::uuids::uuid.
Definition: Uuid.hpp:35
Leosac::SecurityContext::Action::LOG_READ
@ LOG_READ
Leosac::SecurityContext::Action::DOOR_SEARCH
@ DOOR_SEARCH
Leosac::ExecutionContext::ExecutionContext
ExecutionContext(SecurityContext &sc)
Definition: SecurityContext.cpp:133
Leosac::Auth::AccessPointId
unsigned long AccessPointId
Definition: AuthFwd.hpp:128
Leosac::SecurityContext::Action::SMTP_SENDMAIL
@ SMTP_SENDMAIL
Leosac::SystemSecurityContext::SystemSecurityContext
SystemSecurityContext(DBServicePtr dbsrv)
Definition: SecurityContext.cpp:53
Leosac::SecurityContext::ActionParam::user
UserActionParam user
Definition: SecurityContext.hpp:234