src/src/Data/Tmfs/tmfs_permissions.cpp

   1
   2 /******************************************************************************
   3 * MODULE     : tmfs_permissions.cpp
   4 * DESCRIPTION: permissions for reading, writing or modifying properties
   5 * COPYRIGHT  : (C) 2007  Joris van der Hoeven
   6 *******************************************************************************
   7 * This software falls under the GNU general public license version 3 or later.
   8 * It comes WITHOUT ANY WARRANTY WHATSOEVER. For details, see the file LICENSE
   9 * in the root directory or <http://www.gnu.org/licenses/gpl-3.0.html>.
  10 ******************************************************************************/
  11
  12 #include "tmfs.hpp"
  13
  14 static string tmfs_user= "root";
  15 static hashmap<string,bool> empty_map (false);
  16 static hashmap<string,hashmap<string,bool> > tmfs_permissions (empty_map);
  17 static hashmap<string,bool> tmfs_cycle_table (false);
  18
  19 string property_append (property p);
  20
  21 /******************************************************************************
  22 * User management
  23 ******************************************************************************/
  24
  25 string
  26 tmfs_create_user (string name) {
  27   if (N (tmfs_search_user (name)) != 0) return "";
  28   string user= tmfs_create_ressource ();
  29   string home= tmfs_create_file (name * " - home", "", user);
  30   properties ps;
  31   ps << seq ("user", user)
  32      << seq ("name", user, name)
  33      << seq ("owner", user, user)
  34      << seq ("in", user, user)
  35      << seq ("read", user, user)
  36      << seq ("write", user, user)
  37      << seq ("home", user, home);
  38   tmfs_save_ressource (user, "", ps);
  39   return user;
  40 }
  41
  42 collection
  43 tmfs_search_user (string name) {
  44   properties ps; ps << seq ("name", "?user", name) << seq ("user", "?user");
  45   return as_collection (tmfs_get_solutions (ps), "?user");
  46 }
  47
  48 void
  49 tmfs_set_user (string user) {
  50   tmfs_user= user;
  51 }
  52
  53 string
  54 tmfs_get_user () {
  55   return tmfs_user;
  56 }
  57
  58 /******************************************************************************
  59 * Determine permissions
  60 ******************************************************************************/
  61
  62 bool tmfs_allows (string id, string type, string user);
  63
  64 bool
  65 tmfs_allows_via (string id, string type, string user, string via) {
  66   (void) id;
  67   //cout << "Allows? " << id << ", " << type << ", " << user
  68   //<< " via " << via << LF;
  69   if (user == via) return true;
  70   if (is_identifier (via)) return tmfs_allows (via, type, user);
  71   return false;
  72 }
  73
  74 bool
  75 tmfs_allows_compute (string id, string type, string user) {
  76   if (user == "root") return true;
  77   property query= seq (type, id, "?user");
  78   solutions sols= tmfs_get_solutions (query);
  79   strings a= as_strings (as_collection (sols, query));
  80   for (int i=0; i<N(a); i++)
  81     if (tmfs_allows_via (id, type, user, a[i]))
  82       return true;
  83   return false;
  84 }
  85
  86 bool
  87 tmfs_allows (string id, string type, string user) {
  88   string s= property_append (seq (id, user));
  89   if (!tmfs_permissions[type]->contains (s)) {
  90     //cout << "Allows? " << id << ", " << type << ", " << user << INDENT << LF;
  91     if (!tmfs_permissions->contains (type))
  92       tmfs_permissions (type)= hashmap<string,bool> (false);
  93     if (tmfs_cycle_table[s]) {
  94       //cout << UNINDENT << "Aborted" << LF;
  95       return false;
  96     }
  97     tmfs_cycle_table(s)= true;
  98     bool ok= tmfs_allows_compute (id, type, user);
  99     tmfs_permissions[type](s)= ok;
 100     tmfs_cycle_table(s)= false;
 101     //cout << UNINDENT << "Allows? " << id << ", " << type << ", " << user
 102     //<< " -> " << tmfs_permissions[type][s] << LF;
 103   }
 104   return tmfs_permissions[type][s];
 105 }
 106
 107 /******************************************************************************
 108 * Permission property and solution permissions
 109 ******************************************************************************/
 110
 111 bool
 112 tmfs_allows (string id, string type) {
 113   return tmfs_allows (id, type, tmfs_user);
 114 }
 115
 116 bool
 117 tmfs_allows (property p, string type) {
 118   for (int i=0; i<N(p); i++)
 119     if (is_identifier (p[i]) && !tmfs_allows (p[i], type))
 120       return false;
 121   return true;
 122 }
 123
 124 bool
 125 tmfs_allows (solution sol, string type) {
 126   iterator<string> it= iterate (sol);
 127   while (it->busy ()) {
 128     string s= sol[it->next ()];
 129     if (is_identifier (s) && !tmfs_allows (s, type))
 130       return false;
 131   }
 132   return true;
 133 }
 134
 135 strings
 136 tmfs_filter (strings ss, string type) {
 137   strings r;
 138   for (int i=0; i<N(ss); i++)
 139     if (tmfs_allows (ss[i], type))
 140       r << ss[i];
 141   return r;
 142 }
 143
 144 properties
 145 tmfs_filter (properties ps, string type) {
 146   properties qs;
 147   for (int i=0; i<N(ps); i++)
 148     if (tmfs_allows (ps[i], type))
 149       qs << ps[i];
 150   return qs;
 151 }
 152
 153 solutions
 154 tmfs_filter (solutions sols, string type) {
 155   solutions r;
 156   for (int i=0; i<N(sols); i++)
 157     if (tmfs_allows (sols[i], type))
 158       r << sols[i];
 159   return r;
 160 }
 161
 162 /******************************************************************************
 163 * Setting attributes (i.e. properties with checked permissions)
 164 ******************************************************************************/
 165
 166 void
 167 tmfs_set_attributes (string ressource, properties ps) {
 168   if (tmfs_allows (ressource, "owner"))
 169     tmfs_save_ressource (ressource, tmfs_load_ressource_file (ressource), ps);
 170 }
 171
 172 properties
 173 tmfs_get_attributes (string ressource) {
 174   if (tmfs_allows (ressource, "read"))
 175     return tmfs_load_ressource_properties (ressource);
 176   return properties ();
 177 }
 178
 179 void
 180 tmfs_add_attributes (string ressource, properties add_ps) {
 181   properties ps= tmfs_get_attributes (ressource);
 182   ps= reset (ps, add_ps);
 183   ps << add_ps;
 184   tmfs_set_attributes (ressource, ps);
 185 }
 186
 187 void
 188 tmfs_remove_attributes (string ressource, properties sub_ps) {
 189   properties ps= tmfs_get_attributes (ressource);
 190   ps= reset (ps, sub_ps);
 191   tmfs_set_attributes (ressource, ps);
 192 }
 193
 194 void
 195 tmfs_change_attributes (string ressource, properties mod_ps) {
 196   properties ps= tmfs_get_attributes (ressource);
 197   ps= reset (ps, widen (mod_ps));
 198   ps << mod_ps;
 199   tmfs_set_attributes (ressource, ps);
 200 }
 201
 202 /******************************************************************************
 203 * Querying properties with permission checking
 204 ******************************************************************************/
 205
 206 solutions
 207 tmfs_query (property query) {
 208   if (!tmfs_allows (query, "read")) return solutions ();
 209   solutions sols= tmfs_get_solutions (query);
 210   return tmfs_filter (sols, "read");
 211 }
 212
 213 collection
 214 tmfs_query (property query, string unknown) {
 215   return as_collection (tmfs_query (query), unknown);
 216 }
 217
 218 solutions
 219 tmfs_query (properties queries) {
 220   if (N(tmfs_filter (queries, "read")) != N(queries)) return solutions ();
 221   solutions sols= tmfs_get_solutions (queries);
 222   return tmfs_filter (sols, "read");
 223 }
 224
 225 collection
 226 tmfs_query (properties queries, string unknown) {
 227   return as_collection (tmfs_query (queries), unknown);
 228 }