|
Leosac
0.8.0
Open Source Access Control
|
Go to the documentation of this file.
21 #include "core/auth/Group_odb.h"
23 #include "core/auth/User_odb.h"
169 if (group->member_has(
user_id_, &rank))
184 return ugm->user_id() ==
user_id_ ||
214 if (group->member_has(
user_id_, &rank))
234 auto group = membership->group().load();
235 auto target_user = membership->user().load();
242 if (group && group->member_has(
user_id_, &my_rank))
266 for (
const auto &mapping : sched->mapping())
268 if (mapping->has_user_indirect(
self()))
283 for (
const auto &mapping : door->lazy_mapping())
285 auto loaded_mapping = mapping.load();
286 if (loaded_mapping->has_user_indirect(
self()))
300 return is_self(cred->owner_id());
An optional transaction is an object that behave like an odb::transaction if there is no currently ac...
void commit()
Commit the transaction, if there was no currently active transaction at the time of this object's cre...
ScheduleActionParam sched
A SecurityContext object for users.
bool can_read_membership(const MembershipActionParam &map) const
virtual bool check_permission(Action a, const ActionParam &ap) const
Check for the permission to perform action a with parameters ap.
bool can_administrate_group(const GroupActionParam &gap) const
bool can_read_group(const GroupActionParam &gap) const
UserSecurityContext(DBServicePtr dbsrv, Auth::UserId id)
bool is_manager() const
Helper function that returns true if the user is at least manager.
Auth::UserId user_id() const
#define ASSERT_LOG(cond, msg)
std::shared_ptr< User > UserPtr
@ ACCESS_OVERVIEW
Overview of users/doors access permission.
bool can_read_door(const DoorActionParam &dap) const
bool can_read_credential(const CredentialActionParam &cap) const
bool can_read_user(const UserActionParam &uap) const
Username, as well as a few basic (firstname, lastname) info are public.
Auth::UserGroupMembershipId membership_id
Cred::CredentialId credential_id
@ SMTP_GETCONFIG
Retrieve SMTP configuration.
Auth::UserPtr self() const
Load the User object that owns this security context.
@ IS_ADMIN
A workaround permission that requires the user to be administrator.
@ RESTART_SERVER
Perform to restart the Leosac server.
Tools::ScheduleId schedule_id
@ GROUP_MEMBERSHIP_JOINED
This is the header file for a generated source file, GitSHA1.cpp.
bool can_update_user(const UserActionParam &uap) const
bool is_self(Auth::UserId id) const
Return true if the owner of the security context is the user whose id is id.
Acts like an odb::transaction, with the exception that it will becomes the active transaction at cons...
std::shared_ptr< DBService > DBServicePtr
@ SMTP_SETCONFIG
Edit the SMTP configuration.
@ IS_MANAGER
Requires that the user be at least manager.
MembershipActionParam membership
std::shared_ptr< IDoor > IDoorPtr
std::shared_ptr< Group > GroupPtr
bool is_admin() const
Helper function that returns true if the user is an administrator.
std::shared_ptr< UserGroupMembership > UserGroupMembershipPtr
bool can_read_user_detail(const UserActionParam &uap) const
@ GROUP_LIST_MEMBERSHIP
Ability to list member of a group.
virtual bool check_permission_impl(Action a, const ActionParam &ap) const override
Reimplement this method to provide permission checking.
@ USER_UPDATE_RANK
Editing rank means being able to become administrator.
@ ADMIN
Site administrator.
@ MANAGER
Can access user management aswel as credential management.
@ AUDIT_READ
Read the audit log.
bool can_read_schedule(const ScheduleActionParam &sap) const
GroupRank
The rank of an User inside a Group.
@ USER_MANAGE_VALIDITY
Can we enable/disable the user or change its validity period ?
bool can_delete_membership(const MembershipActionParam &map) const
Can we leave/kick someone from a group.
virtual bool check_permission_impl(Action a, const ActionParam &ap) const override
Reimplement this method to provide permission checking.
CredentialActionParam cred
bool can_create_membership(const MembershipActionParam &map) const
@ AUDIT_READ_FULL
Read the audit log and access additional information, such as the JSON "before" and "after" field.
A SecurityContext is used to query permission while doing an operation.