Leosac
0.8.0
Open Source Access Control
ZoneCRUD.cpp
Go to the documentation of this file.
1
/*
2
Copyright (C) 2014-2016 Leosac
3
4
This file is part of Leosac.
5
6
Leosac is free software: you can redistribute it and/or modify
7
it under the terms of the GNU Affero General Public License as published by
8
the Free Software Foundation, either version 3 of the License, or
9
(at your option) any later version.
10
11
Leosac is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU Affero General Public License for more details.
15
16
You should have received a copy of the GNU Affero General Public License
17
along with this program. If not, see <http://www.gnu.org/licenses/>.
18
*/
19
20
#include "
modules/websock-api/api/ZoneCRUD.hpp
"
21
#include "
core/audit/AuditFactory.hpp
"
22
#include "
core/audit/IZoneEvent.hpp
"
23
#include "
core/auth/Zone.hpp
"
24
#include "core/auth/Zone_odb.h"
25
#include "
core/auth/serializers/ZoneSerializer.hpp
"
26
#include "
modules/websock-api/api/APISession.hpp
"
27
#include "
tools/AssertCast.hpp
"
28
#include "
tools/db/DBService.hpp
"
29
30
using namespace
Leosac
;
31
using namespace
Leosac::Module
;
32
using namespace
Leosac::Module::WebSockAPI
;
33
34
ZoneCRUD::ZoneCRUD
(
RequestContext
ctx)
35
:
CRUDResourceHandler
(ctx)
36
{
37
}
38
39
CRUDResourceHandlerUPtr
ZoneCRUD::instanciate
(
RequestContext
ctx)
40
{
41
auto
instance =
CRUDResourceHandlerUPtr
(
new
ZoneCRUD
(ctx));
42
return
instance;
43
}
44
45
boost::optional<json>
ZoneCRUD::create_impl
(
const
json
&req)
46
{
47
json
rep;
48
DBPtr
db =
ctx_
.
dbsrv
->db();
49
odb::transaction t(db->begin());
50
51
Auth::ZonePtr
new_zone = std::make_shared<Auth::Zone>();
52
ZoneJSONSerializer::unserialize
(*new_zone, req.at(
"attributes"
),
53
security_context
());
54
db->persist(new_zone);
55
56
auto
audit =
Audit::Factory::ZoneEvent
(db, new_zone,
ctx_
.
audit
);
57
audit->event_mask(
Audit::EventType::ZONE_CREATED
);
58
audit->after(
ZoneJSONStringSerializer::serialize
(
59
*new_zone,
SystemSecurityContext::instance
()));
60
61
audit->finalize();
62
63
rep[
"data"
] =
ZoneJSONSerializer::serialize
(*new_zone,
security_context
());
64
t.commit();
65
return
rep;
66
}
67
68
boost::optional<json>
ZoneCRUD::read_impl
(
const
json
&req)
69
{
70
json
rep;
71
72
using
Result
= odb::result<Auth::Zone>;
73
DBPtr
db =
ctx_
.
dbsrv
->db();
74
odb::transaction t(db->begin());
75
auto
zid = req.at(
"zone_id"
).get<
Auth::ZoneId
>();
76
77
if
(zid != 0)
78
{
79
auto
zone =
ctx_
.
dbsrv
->find_zone_by_id(zid,
DBService::THROW_IF_NOT_FOUND
);
80
rep[
"data"
] =
ZoneJSONSerializer::serialize
(*zone,
security_context
());
81
}
82
else
83
{
84
Result
result = db->query<
Auth::Zone
>();
85
rep[
"data"
] = json::array();
86
auto
current_user =
ctx_
.
session
->current_user();
87
88
// fixme: may be rather slow.
89
for
(
const
auto
&zone : result)
90
{
91
SecurityContext::ZoneActionParam
dap{.
zone_id
= zone.id()};
92
if
(
ctx_
.
session
->security_context().check_permission(
93
SecurityContext::Action::ZONE_READ
, dap))
94
{
95
rep[
"data"
].push_back(
96
ZoneJSONSerializer::serialize
(zone,
security_context
()));
97
}
98
}
99
}
100
t.commit();
101
return
rep;
102
}
103
104
boost::optional<json>
ZoneCRUD::update_impl
(
const
json
&req)
105
{
106
json
rep;
107
DBPtr
db =
ctx_
.
dbsrv
->db();
108
odb::transaction t(db->begin());
109
auto
zid = req.at(
"zone_id"
).get<
Auth::ZoneId
>();
110
111
auto
zone =
ctx_
.
dbsrv
->find_zone_by_id(zid,
DBService::THROW_IF_NOT_FOUND
);
112
auto
zone_odb = assert_cast<Auth::ZonePtr>(zone);
113
auto
audit =
Audit::Factory::ZoneEvent
(db, zone,
ctx_
.
audit
);
114
audit->event_mask(
Audit::EventType::ZONE_UPDATED
);
115
audit->before(
ZoneJSONStringSerializer::serialize
(
116
*zone,
SystemSecurityContext::instance
()));
117
118
ZoneJSONSerializer::unserialize
(*zone, req.at(
"attributes"
),
security_context
());
119
120
db->update(zone_odb);
121
audit->after(
ZoneJSONStringSerializer::serialize
(
122
*zone,
SystemSecurityContext::instance
()));
123
124
audit->finalize();
125
rep[
"data"
] =
ZoneJSONSerializer::serialize
(*zone,
security_context
());
126
t.commit();
127
return
rep;
128
}
129
130
boost::optional<json>
ZoneCRUD::delete_impl
(
const
json
&req)
131
{
132
auto
did = req.at(
"zone_id"
).get<
Auth::ZoneId
>();
133
DBPtr
db =
ctx_
.
dbsrv
->db();
134
odb::transaction t(db->begin());
135
136
auto
zone =
ctx_
.
dbsrv
->find_zone_by_id(did,
DBService::THROW_IF_NOT_FOUND
);
137
auto
zone_odb = assert_cast<Auth::ZonePtr>(zone);
138
auto
audit =
Audit::Factory::ZoneEvent
(db, zone,
ctx_
.
audit
);
139
audit->event_mask(
Audit::EventType::ZONE_DELETED
);
140
141
audit->before(
ZoneJSONStringSerializer::serialize
(
142
*zone,
SystemSecurityContext::instance
()));
143
144
audit->finalize();
145
db->erase(zone_odb);
146
t.commit();
147
148
return
json
{};
149
}
150
151
std::vector<CRUDResourceHandler::ActionActionParam>
152
ZoneCRUD::required_permission
(
CRUDResourceHandler::Verb
verb,
const
json
&req)
const
153
{
154
std::vector<CRUDResourceHandler::ActionActionParam> ret;
155
SecurityContext::ZoneActionParam
zap{};
156
try
157
{
158
zap.
zone_id
= req.at(
"zone_id"
).get<
Auth::ZoneId
>();
159
}
160
catch
(
const
json::out_of_range &e)
161
{
162
zap.zone_id = 0;
163
}
164
switch
(verb)
165
{
166
case
Verb::READ
:
167
ret.emplace_back(
SecurityContext::Action::ZONE_READ
, zap);
168
break
;
169
case
Verb::CREATE
:
170
ret.emplace_back(
SecurityContext::Action::ZONE_CREATE
, zap);
171
break
;
172
case
Verb::UPDATE
:
173
ret.emplace_back(
SecurityContext::Action::ZONE_UPDATE
, zap);
174
break
;
175
case
Verb::DELETE
:
176
ret.emplace_back(
SecurityContext::Action::ZONE_DELETE
, zap);
177
break
;
178
}
179
return
ret;
180
}
Leosac::Module::WebSockAPI::ZoneCRUD::create_impl
virtual boost::optional< json > create_impl(const json &req) override
Definition:
ZoneCRUD.cpp:45
AuditFactory.hpp
Leosac::SystemSecurityContext::instance
static SecurityContext & instance()
Definition:
SecurityContext.cpp:64
Leosac::Auth::ZoneId
unsigned long ZoneId
Definition:
AuthFwd.hpp:119
Leosac::Module::WebSockAPI::ZoneCRUD::required_permission
virtual std::vector< ActionActionParam > required_permission(Verb verb, const json &req) const override
Definition:
ZoneCRUD.cpp:152
Leosac::ZoneJSONSerializer::serialize
static json serialize(const Auth::IZone &Zone, const SecurityContext &sc)
Definition:
ZoneSerializer.cpp:30
Leosac::Module::WebSockAPI::CRUDResourceHandlerUPtr
std::unique_ptr< CRUDResourceHandler > CRUDResourceHandlerUPtr
Definition:
WebSockFwd.hpp:39
Leosac::Module::WebSockAPI::RequestContext::dbsrv
DBServicePtr dbsrv
Definition:
RequestContext.hpp:39
Leosac::SecurityContext::Action::ZONE_READ
@ ZONE_READ
Leosac::Module::WebSockAPI::CRUDResourceHandler
Base CRUD handler for use within the websocket module.
Definition:
CRUDResourceHandler.hpp:84
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::DELETE
@ DELETE
Leosac::Audit::EventType::ZONE_CREATED
@ ZONE_CREATED
Leosac::DBPtr
std::shared_ptr< odb::database > DBPtr
Definition:
db_fwd.hpp:31
Leosac::Audit::EventType::ZONE_DELETED
@ ZONE_DELETED
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::CREATE
@ CREATE
Leosac::Module
All modules that provides features to Leosac shall be in this namespace.
IZoneEvent.hpp
Leosac::SecurityContext::Action::ZONE_CREATE
@ ZONE_CREATE
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::READ
@ READ
Leosac::SecurityContext::ZoneActionParam
Definition:
SecurityContext.hpp:210
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::UPDATE
@ UPDATE
Leosac::Audit::Factory::ZoneEvent
static IZoneEventPtr ZoneEvent(const DBPtr &database, Auth::IZonePtr target_zone, IAuditEntryPtr parent)
Definition:
AuditFactory.cpp:171
Leosac::Auth::Zone
A Zone is a container for doors and other zone.
Definition:
Zone.hpp:60
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition:
APIStatusCode.hpp:22
Leosac::ZoneJSONStringSerializer::serialize
static std::string serialize(const Auth::IZone &in, const SecurityContext &sc)
Definition:
ZoneSerializer.cpp:85
Zone.hpp
Leosac::SecurityContext::ZoneActionParam::zone_id
Auth::ZoneId zone_id
Definition:
SecurityContext.hpp:212
Leosac::Module::WebSockAPI::ZoneCRUD::ZoneCRUD
ZoneCRUD(RequestContext ctx)
Definition:
ZoneCRUD.cpp:34
Leosac::Module::WebSockAPI::CRUDResourceHandler::ctx_
RequestContext ctx_
Definition:
CRUDResourceHandler.hpp:95
Leosac::Module::WebSockAPI::ZoneCRUD::instanciate
static CRUDResourceHandlerUPtr instanciate(RequestContext)
Definition:
ZoneCRUD.cpp:39
Leosac::Auth::ZonePtr
std::shared_ptr< Zone > ZonePtr
Definition:
AuthFwd.hpp:124
Leosac::Module::WebSockAPI::ZoneCRUD::update_impl
virtual boost::optional< json > update_impl(const json &req) override
Definition:
ZoneCRUD.cpp:104
Leosac::Module::WebSockAPI::ZoneCRUD::read_impl
virtual boost::optional< json > read_impl(const json &req) override
Definition:
ZoneCRUD.cpp:68
DBService.hpp
Leosac::ZoneJSONSerializer::unserialize
static void unserialize(Auth::IZone &out, const json &in, const SecurityContext &sc)
Definition:
ZoneSerializer.cpp:58
APISession.hpp
Leosac::Module::WebSockAPI::RequestContext::audit
Audit::IAuditEntryPtr audit
The initial audit trail for the request.
Definition:
RequestContext.hpp:55
Leosac::SecurityContext::Action::ZONE_DELETE
@ ZONE_DELETE
Leosac::DBService::THROW_IF_NOT_FOUND
@ THROW_IF_NOT_FOUND
Definition:
DBService.hpp:40
Leosac::Module::WebSockAPI::json
nlohmann::json json
Definition:
AccessOverview.hpp:30
ZoneCRUD.hpp
Leosac::Module::WebSockAPI::RequestContext
Holds valuable pointer to provide context to a request.
Definition:
RequestContext.hpp:36
Leosac::SecurityContext::Action::ZONE_UPDATE
@ ZONE_UPDATE
Leosac::Module::WebSockAPI
Definition:
ActionActionParam.hpp:28
Leosac::Module::WebSockAPI::ZoneCRUD::delete_impl
virtual boost::optional< json > delete_impl(const json &req) override
Definition:
ZoneCRUD.cpp:130
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb
Verb
Definition:
CRUDResourceHandler.hpp:43
ZoneSerializer.hpp
Result
odb::result< Tools::LogEntry > Result
Definition:
LogEntry.cpp:37
Leosac::Module::WebSockAPI::RequestContext::session
APIPtr session
Definition:
RequestContext.hpp:38
AssertCast.hpp
Leosac::Module::WebSockAPI::CRUDResourceHandler::security_context
virtual UserSecurityContext & security_context() const override
Helper function that returns the security context.
Definition:
CRUDResourceHandler.cpp:96
Leosac::Audit::EventType::ZONE_UPDATED
@ ZONE_UPDATED
src
modules
websock-api
api
ZoneCRUD.cpp
Generated on Tue Mar 22 2022 10:48:29 for Leosac by
1.8.17