Leosac  0.8.0
Open Source Access Control
ZoneCRUD.cpp
Go to the documentation of this file.
1 /*
2  Copyright (C) 2014-2016 Leosac
3 
4  This file is part of Leosac.
5 
6  Leosac is free software: you can redistribute it and/or modify
7  it under the terms of the GNU Affero General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  Leosac is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU Affero General Public License for more details.
15 
16  You should have received a copy of the GNU Affero General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 
23 #include "core/auth/Zone.hpp"
24 #include "core/auth/Zone_odb.h"
27 #include "tools/AssertCast.hpp"
28 #include "tools/db/DBService.hpp"
29 
30 using namespace Leosac;
31 using namespace Leosac::Module;
32 using namespace Leosac::Module::WebSockAPI;
33 
35  : CRUDResourceHandler(ctx)
36 {
37 }
38 
40 {
41  auto instance = CRUDResourceHandlerUPtr(new ZoneCRUD(ctx));
42  return instance;
43 }
44 
45 boost::optional<json> ZoneCRUD::create_impl(const json &req)
46 {
47  json rep;
48  DBPtr db = ctx_.dbsrv->db();
49  odb::transaction t(db->begin());
50 
51  Auth::ZonePtr new_zone = std::make_shared<Auth::Zone>();
52  ZoneJSONSerializer::unserialize(*new_zone, req.at("attributes"),
54  db->persist(new_zone);
55 
56  auto audit = Audit::Factory::ZoneEvent(db, new_zone, ctx_.audit);
57  audit->event_mask(Audit::EventType::ZONE_CREATED);
59  *new_zone, SystemSecurityContext::instance()));
60 
61  audit->finalize();
62 
63  rep["data"] = ZoneJSONSerializer::serialize(*new_zone, security_context());
64  t.commit();
65  return rep;
66 }
67 
68 boost::optional<json> ZoneCRUD::read_impl(const json &req)
69 {
70  json rep;
71 
72  using Result = odb::result<Auth::Zone>;
73  DBPtr db = ctx_.dbsrv->db();
74  odb::transaction t(db->begin());
75  auto zid = req.at("zone_id").get<Auth::ZoneId>();
76 
77  if (zid != 0)
78  {
79  auto zone = ctx_.dbsrv->find_zone_by_id(zid, DBService::THROW_IF_NOT_FOUND);
80  rep["data"] = ZoneJSONSerializer::serialize(*zone, security_context());
81  }
82  else
83  {
84  Result result = db->query<Auth::Zone>();
85  rep["data"] = json::array();
86  auto current_user = ctx_.session->current_user();
87 
88  // fixme: may be rather slow.
89  for (const auto &zone : result)
90  {
91  SecurityContext::ZoneActionParam dap{.zone_id = zone.id()};
92  if (ctx_.session->security_context().check_permission(
94  {
95  rep["data"].push_back(
97  }
98  }
99  }
100  t.commit();
101  return rep;
102 }
103 
104 boost::optional<json> ZoneCRUD::update_impl(const json &req)
105 {
106  json rep;
107  DBPtr db = ctx_.dbsrv->db();
108  odb::transaction t(db->begin());
109  auto zid = req.at("zone_id").get<Auth::ZoneId>();
110 
111  auto zone = ctx_.dbsrv->find_zone_by_id(zid, DBService::THROW_IF_NOT_FOUND);
112  auto zone_odb = assert_cast<Auth::ZonePtr>(zone);
113  auto audit = Audit::Factory::ZoneEvent(db, zone, ctx_.audit);
114  audit->event_mask(Audit::EventType::ZONE_UPDATED);
117 
118  ZoneJSONSerializer::unserialize(*zone, req.at("attributes"), security_context());
119 
120  db->update(zone_odb);
123 
124  audit->finalize();
125  rep["data"] = ZoneJSONSerializer::serialize(*zone, security_context());
126  t.commit();
127  return rep;
128 }
129 
130 boost::optional<json> ZoneCRUD::delete_impl(const json &req)
131 {
132  auto did = req.at("zone_id").get<Auth::ZoneId>();
133  DBPtr db = ctx_.dbsrv->db();
134  odb::transaction t(db->begin());
135 
136  auto zone = ctx_.dbsrv->find_zone_by_id(did, DBService::THROW_IF_NOT_FOUND);
137  auto zone_odb = assert_cast<Auth::ZonePtr>(zone);
138  auto audit = Audit::Factory::ZoneEvent(db, zone, ctx_.audit);
139  audit->event_mask(Audit::EventType::ZONE_DELETED);
140 
143 
144  audit->finalize();
145  db->erase(zone_odb);
146  t.commit();
147 
148  return json{};
149 }
150 
151 std::vector<CRUDResourceHandler::ActionActionParam>
153 {
154  std::vector<CRUDResourceHandler::ActionActionParam> ret;
156  try
157  {
158  zap.zone_id = req.at("zone_id").get<Auth::ZoneId>();
159  }
160  catch (const json::out_of_range &e)
161  {
162  zap.zone_id = 0;
163  }
164  switch (verb)
165  {
166  case Verb::READ:
167  ret.emplace_back(SecurityContext::Action::ZONE_READ, zap);
168  break;
169  case Verb::CREATE:
170  ret.emplace_back(SecurityContext::Action::ZONE_CREATE, zap);
171  break;
172  case Verb::UPDATE:
173  ret.emplace_back(SecurityContext::Action::ZONE_UPDATE, zap);
174  break;
175  case Verb::DELETE:
176  ret.emplace_back(SecurityContext::Action::ZONE_DELETE, zap);
177  break;
178  }
179  return ret;
180 }
Leosac::Module::WebSockAPI::ZoneCRUD::create_impl
virtual boost::optional< json > create_impl(const json &req) override
Definition: ZoneCRUD.cpp:45
AuditFactory.hpp
Leosac::SystemSecurityContext::instance
static SecurityContext & instance()
Definition: SecurityContext.cpp:64
Leosac::Auth::ZoneId
unsigned long ZoneId
Definition: AuthFwd.hpp:119
Leosac::Module::WebSockAPI::ZoneCRUD::required_permission
virtual std::vector< ActionActionParam > required_permission(Verb verb, const json &req) const override
Definition: ZoneCRUD.cpp:152
Leosac::ZoneJSONSerializer::serialize
static json serialize(const Auth::IZone &Zone, const SecurityContext &sc)
Definition: ZoneSerializer.cpp:30
Leosac::Module::WebSockAPI::CRUDResourceHandlerUPtr
std::unique_ptr< CRUDResourceHandler > CRUDResourceHandlerUPtr
Definition: WebSockFwd.hpp:39
Leosac::Module::WebSockAPI::RequestContext::dbsrv
DBServicePtr dbsrv
Definition: RequestContext.hpp:39
Leosac::SecurityContext::Action::ZONE_READ
@ ZONE_READ
Leosac::Module::WebSockAPI::CRUDResourceHandler
Base CRUD handler for use within the websocket module.
Definition: CRUDResourceHandler.hpp:84
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::DELETE
@ DELETE
Leosac::Audit::EventType::ZONE_CREATED
@ ZONE_CREATED
Leosac::DBPtr
std::shared_ptr< odb::database > DBPtr
Definition: db_fwd.hpp:31
Leosac::Audit::EventType::ZONE_DELETED
@ ZONE_DELETED
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::CREATE
@ CREATE
Leosac::Module
All modules that provides features to Leosac shall be in this namespace.
IZoneEvent.hpp
Leosac::SecurityContext::Action::ZONE_CREATE
@ ZONE_CREATE
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::READ
@ READ
Leosac::SecurityContext::ZoneActionParam
Definition: SecurityContext.hpp:210
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb::UPDATE
@ UPDATE
Leosac::Audit::Factory::ZoneEvent
static IZoneEventPtr ZoneEvent(const DBPtr &database, Auth::IZonePtr target_zone, IAuditEntryPtr parent)
Definition: AuditFactory.cpp:171
Leosac::Auth::Zone
A Zone is a container for doors and other zone.
Definition: Zone.hpp:60
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition: APIStatusCode.hpp:22
Leosac::ZoneJSONStringSerializer::serialize
static std::string serialize(const Auth::IZone &in, const SecurityContext &sc)
Definition: ZoneSerializer.cpp:85
Zone.hpp
Leosac::SecurityContext::ZoneActionParam::zone_id
Auth::ZoneId zone_id
Definition: SecurityContext.hpp:212
Leosac::Module::WebSockAPI::ZoneCRUD::ZoneCRUD
ZoneCRUD(RequestContext ctx)
Definition: ZoneCRUD.cpp:34
Leosac::Module::WebSockAPI::CRUDResourceHandler::ctx_
RequestContext ctx_
Definition: CRUDResourceHandler.hpp:95
Leosac::Module::WebSockAPI::ZoneCRUD::instanciate
static CRUDResourceHandlerUPtr instanciate(RequestContext)
Definition: ZoneCRUD.cpp:39
Leosac::Auth::ZonePtr
std::shared_ptr< Zone > ZonePtr
Definition: AuthFwd.hpp:124
Leosac::Module::WebSockAPI::ZoneCRUD::update_impl
virtual boost::optional< json > update_impl(const json &req) override
Definition: ZoneCRUD.cpp:104
Leosac::Module::WebSockAPI::ZoneCRUD::read_impl
virtual boost::optional< json > read_impl(const json &req) override
Definition: ZoneCRUD.cpp:68
DBService.hpp
Leosac::ZoneJSONSerializer::unserialize
static void unserialize(Auth::IZone &out, const json &in, const SecurityContext &sc)
Definition: ZoneSerializer.cpp:58
APISession.hpp
Leosac::Module::WebSockAPI::RequestContext::audit
Audit::IAuditEntryPtr audit
The initial audit trail for the request.
Definition: RequestContext.hpp:55
Leosac::SecurityContext::Action::ZONE_DELETE
@ ZONE_DELETE
Leosac::DBService::THROW_IF_NOT_FOUND
@ THROW_IF_NOT_FOUND
Definition: DBService.hpp:40
Leosac::Module::WebSockAPI::json
nlohmann::json json
Definition: AccessOverview.hpp:30
ZoneCRUD.hpp
Leosac::Module::WebSockAPI::RequestContext
Holds valuable pointer to provide context to a request.
Definition: RequestContext.hpp:36
Leosac::SecurityContext::Action::ZONE_UPDATE
@ ZONE_UPDATE
Leosac::Module::WebSockAPI
Definition: ActionActionParam.hpp:28
Leosac::Module::WebSockAPI::ZoneCRUD::delete_impl
virtual boost::optional< json > delete_impl(const json &req) override
Definition: ZoneCRUD.cpp:130
Leosac::Module::WebSockAPI::ICRUDResourceHandler::Verb
Verb
Definition: CRUDResourceHandler.hpp:43
ZoneSerializer.hpp
Result
odb::result< Tools::LogEntry > Result
Definition: LogEntry.cpp:37
Leosac::Module::WebSockAPI::RequestContext::session
APIPtr session
Definition: RequestContext.hpp:38
AssertCast.hpp
Leosac::Module::WebSockAPI::CRUDResourceHandler::security_context
virtual UserSecurityContext & security_context() const override
Helper function that returns the security context.
Definition: CRUDResourceHandler.cpp:96
Leosac::Audit::EventType::ZONE_UPDATED
@ ZONE_UPDATED