Leosac
0.8.0
Open Source Access Control
|
A SecurityContext is used to query permission while doing an operation. More...
#include <SecurityContext.hpp>
Classes | |
struct | AccessPointActionParam |
union | ActionParam |
struct | CredentialActionParam |
struct | DoorActionParam |
struct | GroupActionParam |
struct | HardwareDeviceActionParam |
struct | MembershipActionParam |
struct | ScheduleActionParam |
struct | UserActionParam |
struct | ZoneActionParam |
Public Member Functions | |
SecurityContext (DBServicePtr dbsrv) | |
virtual | ~SecurityContext ()=default |
virtual bool | check_permission (Action a, const ActionParam &ap) const |
Check for the permission to perform action a with parameters ap . More... | |
bool | check_permission (Action a) const |
Check for the permission to perform a given action. More... | |
void | enforce_permission (Action a, const ActionParam &ap) const |
Similar to check_permission(), but throws is the permission is denied. More... | |
void | enforce_permission (Action a) const |
Make sure that we have the permission to perform action a , otherwise throws. More... | |
Protected Attributes | |
DBServicePtr | dbsrv_ |
Private Member Functions | |
virtual bool | check_permission_impl (Action a, const ActionParam &ap) const =0 |
Reimplement this method to provide permission checking. More... | |
A SecurityContext is used to query permission while doing an operation.
For example, JSON serializers could use a SecurityContext to determine what to serialize.
todo: fix doc
Definition at line 40 of file SecurityContext.hpp.
|
strong |
Enumerator | |
---|---|
IS_ADMIN | A workaround permission that requires the user to be administrator. |
IS_MANAGER | Requires that the user be at least manager. |
USER_CREATE | |
USER_READ | |
USER_READ_EMAIL | |
USER_UPDATE | |
USER_CHANGE_PASSWORD | |
USER_SEARCH | |
USER_UPDATE_RANK | Editing rank means being able to become administrator. |
USER_MANAGE_VALIDITY | Can we enable/disable the user or change its validity period ? |
USER_DELETE | |
GROUP_CREATE | |
GROUP_READ | |
GROUP_UPDATE | |
GROUP_DELETE | |
GROUP_SEARCH | |
GROUP_LIST_MEMBERSHIP | Ability to list member of a group. The ability to list membership gives USER_READ access against the user whose membership is listed. |
GROUP_MEMBERSHIP_JOINED | |
GROUP_MEMBERSHIP_LEFT | |
MEMBERSHIP_READ | |
CREDENTIAL_READ | |
CREDENTIAL_UPDATE | |
CREDENTIAL_CREATE | |
CREDENTIAL_DELETE | |
SCHEDULE_READ | |
SCHEDULE_UPDATE | |
SCHEDULE_CREATE | |
SCHEDULE_DELETE | |
SCHEDULE_SEARCH | |
DOOR_READ | |
DOOR_UPDATE | |
DOOR_CREATE | |
DOOR_DELETE | |
DOOR_SEARCH | |
ACCESS_POINT_READ | |
ACCESS_POINT_CREATE | |
ACCESS_POINT_UPDATE | |
ACCESS_POINT_DELETE | |
ACCESS_POINT_SEARCH | |
ZONE_READ | |
ZONE_UPDATE | |
ZONE_CREATE | |
ZONE_DELETE | |
ZONE_SEARCH | |
SMTP_GETCONFIG | Retrieve SMTP configuration. |
SMTP_SETCONFIG | Edit the SMTP configuration. |
SMTP_SENDMAIL | |
LOG_READ | |
AUDIT_READ | Read the audit log. |
AUDIT_READ_FULL | Read the audit log and access additional information, such as the JSON "before" and "after" field. |
ACCESS_OVERVIEW | Overview of users/doors access permission. |
RESTART_SERVER | Perform to restart the Leosac server. |
HARDWARE_READ | Permissions for hardware devices. For now all hardware devices share the same permission set. todo: Permission should probably redesigned in a more extensible way. |
HARDWARE_UPDATE | |
HARDWARE_CREATE | |
HARDWARE_DELETE | |
HARDWARE_SEARCH |
Definition at line 45 of file SecurityContext.hpp.
|
explicit |
Definition at line 25 of file SecurityContext.cpp.
|
virtualdefault |
bool SecurityContext::check_permission | ( | SecurityContext::Action | a | ) | const |
Check for the permission to perform a given action.
Definition at line 43 of file SecurityContext.cpp.
|
virtual |
Check for the permission to perform action a
with parameters ap
.
Returns true if the permission is granted, false otherwise.
Definition at line 30 of file SecurityContext.cpp.
|
privatepure virtual |
Reimplement this method to provide permission checking.
Implemented in Leosac::SystemSecurityContext, Leosac::NullSecurityContext, and Leosac::UserSecurityContext.
void SecurityContext::enforce_permission | ( | SecurityContext::Action | a | ) | const |
Make sure that we have the permission to perform action a
, otherwise throws.
Definition at line 48 of file SecurityContext.cpp.
void SecurityContext::enforce_permission | ( | SecurityContext::Action | a, |
const ActionParam & | ap | ||
) | const |
Similar to check_permission(), but throws is the permission is denied.
Definition at line 36 of file SecurityContext.cpp.
|
protected |
Definition at line 273 of file SecurityContext.hpp.