Leosac  0.8.0
Open Source Access Control
Leosac::UserSecurityContext Class Reference

A SecurityContext object for users. More...

#include <UserSecurityContext.hpp>

+ Inheritance diagram for Leosac::UserSecurityContext:
+ Collaboration diagram for Leosac::UserSecurityContext:

Public Member Functions

 UserSecurityContext (DBServicePtr dbsrv, Auth::UserId id)
 
virtual bool check_permission_impl (Action a, const ActionParam &ap) const override
 Reimplement this method to provide permission checking. More...
 
bool is_self (Auth::UserId id) const
 Return true if the owner of the security context is the user whose id is id. More...
 
Auth::UserId user_id () const
 
Auth::UserPtr self () const
 Load the User object that owns this security context. More...
 
- Public Member Functions inherited from Leosac::SecurityContext
 SecurityContext (DBServicePtr dbsrv)
 
virtual ~SecurityContext ()=default
 
virtual bool check_permission (Action a, const ActionParam &ap) const
 Check for the permission to perform action a with parameters ap. More...
 
bool check_permission (Action a) const
 Check for the permission to perform a given action. More...
 
void enforce_permission (Action a, const ActionParam &ap) const
 Similar to check_permission(), but throws is the permission is denied. More...
 
void enforce_permission (Action a) const
 Make sure that we have the permission to perform action a, otherwise throws. More...
 

Private Member Functions

bool can_read_group (const GroupActionParam &gap) const
 
bool can_administrate_group (const GroupActionParam &gap) const
 
bool can_read_membership (const MembershipActionParam &map) const
 
bool can_read_user (const UserActionParam &uap) const
 Username, as well as a few basic (firstname, lastname) info are public. More...
 
bool can_read_user_detail (const UserActionParam &uap) const
 
bool can_update_user (const UserActionParam &uap) const
 
bool can_create_membership (const MembershipActionParam &map) const
 
bool can_delete_membership (const MembershipActionParam &map) const
 Can we leave/kick someone from a group. More...
 
bool can_read_credential (const CredentialActionParam &cap) const
 
bool can_read_schedule (const ScheduleActionParam &sap) const
 
bool can_read_door (const DoorActionParam &dap) const
 
bool is_admin () const
 Helper function that returns true if the user is an administrator. More...
 
bool is_manager () const
 Helper function that returns true if the user is at least manager. More...
 

Private Attributes

Auth::UserId user_id_
 

Additional Inherited Members

- Public Types inherited from Leosac::SecurityContext
enum  Action {
  Action::IS_ADMIN, Action::IS_MANAGER, Action::USER_CREATE, Action::USER_READ,
  Action::USER_READ_EMAIL, Action::USER_UPDATE, Action::USER_CHANGE_PASSWORD, Action::USER_SEARCH,
  Action::USER_UPDATE_RANK, Action::USER_MANAGE_VALIDITY, Action::USER_DELETE, Action::GROUP_CREATE,
  Action::GROUP_READ, Action::GROUP_UPDATE, Action::GROUP_DELETE, Action::GROUP_SEARCH,
  Action::GROUP_LIST_MEMBERSHIP, Action::GROUP_MEMBERSHIP_JOINED, Action::GROUP_MEMBERSHIP_LEFT, Action::MEMBERSHIP_READ,
  Action::CREDENTIAL_READ, Action::CREDENTIAL_UPDATE, Action::CREDENTIAL_CREATE, Action::CREDENTIAL_DELETE,
  Action::SCHEDULE_READ, Action::SCHEDULE_UPDATE, Action::SCHEDULE_CREATE, Action::SCHEDULE_DELETE,
  Action::SCHEDULE_SEARCH, Action::DOOR_READ, Action::DOOR_UPDATE, Action::DOOR_CREATE,
  Action::DOOR_DELETE, Action::DOOR_SEARCH, Action::ACCESS_POINT_READ, Action::ACCESS_POINT_CREATE,
  Action::ACCESS_POINT_UPDATE, Action::ACCESS_POINT_DELETE, Action::ACCESS_POINT_SEARCH, Action::ZONE_READ,
  Action::ZONE_UPDATE, Action::ZONE_CREATE, Action::ZONE_DELETE, Action::ZONE_SEARCH,
  Action::SMTP_GETCONFIG, Action::SMTP_SETCONFIG, Action::SMTP_SENDMAIL, Action::LOG_READ,
  Action::AUDIT_READ, Action::AUDIT_READ_FULL, Action::ACCESS_OVERVIEW, Action::RESTART_SERVER,
  Action::HARDWARE_READ, Action::HARDWARE_UPDATE, Action::HARDWARE_CREATE, Action::HARDWARE_DELETE,
  Action::HARDWARE_SEARCH
}
 
- Protected Attributes inherited from Leosac::SecurityContext
DBServicePtr dbsrv_
 

Detailed Description

A SecurityContext object for users.

Definition at line 31 of file UserSecurityContext.hpp.

Constructor & Destructor Documentation

◆ UserSecurityContext()

UserSecurityContext::UserSecurityContext ( DBServicePtr  dbsrv,
Auth::UserId  id 
)

Definition at line 32 of file UserSecurityContext.cpp.

Member Function Documentation

◆ can_administrate_group()

bool UserSecurityContext::can_administrate_group ( const GroupActionParam gap) const
private

Definition at line 161 of file UserSecurityContext.cpp.

◆ can_create_membership()

bool UserSecurityContext::can_create_membership ( const MembershipActionParam map) const
private

Definition at line 205 of file UserSecurityContext.cpp.

◆ can_delete_membership()

bool UserSecurityContext::can_delete_membership ( const MembershipActionParam map) const
private

Can we leave/kick someone from a group.

Definition at line 225 of file UserSecurityContext.cpp.

◆ can_read_credential()

bool UserSecurityContext::can_read_credential ( const CredentialActionParam cap) const
private

Definition at line 292 of file UserSecurityContext.cpp.

◆ can_read_door()

bool UserSecurityContext::can_read_door ( const DoorActionParam dap) const
private

Definition at line 274 of file UserSecurityContext.cpp.

◆ can_read_group()

bool UserSecurityContext::can_read_group ( const GroupActionParam gap) const
private

Definition at line 151 of file UserSecurityContext.cpp.

◆ can_read_membership()

bool UserSecurityContext::can_read_membership ( const MembershipActionParam map) const
private

Definition at line 176 of file UserSecurityContext.cpp.

◆ can_read_schedule()

bool UserSecurityContext::can_read_schedule ( const ScheduleActionParam sap) const
private

Definition at line 253 of file UserSecurityContext.cpp.

◆ can_read_user()

bool UserSecurityContext::can_read_user ( const UserActionParam uap) const
private

Username, as well as a few basic (firstname, lastname) info are public.

Definition at line 188 of file UserSecurityContext.cpp.

◆ can_read_user_detail()

bool UserSecurityContext::can_read_user_detail ( const UserActionParam uap) const
private

Definition at line 194 of file UserSecurityContext.cpp.

◆ can_update_user()

bool UserSecurityContext::can_update_user ( const UserActionParam uap) const
private

Definition at line 199 of file UserSecurityContext.cpp.

◆ check_permission_impl()

bool UserSecurityContext::check_permission_impl ( Action  a,
const ActionParam ap 
) const
overridevirtual

Reimplement this method to provide permission checking.

Implements Leosac::SecurityContext.

Reimplemented in Leosac::NullSecurityContext.

Definition at line 38 of file UserSecurityContext.cpp.

◆ is_admin()

bool UserSecurityContext::is_admin ( ) const
private

Helper function that returns true if the user is an administrator.

Definition at line 304 of file UserSecurityContext.cpp.

◆ is_manager()

bool UserSecurityContext::is_manager ( ) const
private

Helper function that returns true if the user is at least manager.

Definition at line 312 of file UserSecurityContext.cpp.

◆ is_self()

bool UserSecurityContext::is_self ( Auth::UserId  id) const

Return true if the owner of the security context is the user whose id is id.

Definition at line 320 of file UserSecurityContext.cpp.

◆ self()

Auth::UserPtr UserSecurityContext::self ( ) const

Load the User object that owns this security context.

Definition at line 330 of file UserSecurityContext.cpp.

◆ user_id()

Auth::UserId UserSecurityContext::user_id ( ) const

Definition at line 325 of file UserSecurityContext.cpp.

Member Data Documentation

◆ user_id_

Auth::UserId Leosac::UserSecurityContext::user_id_
private

Definition at line 91 of file UserSecurityContext.hpp.


The documentation for this class was generated from the following files: