one/include/PoolObjectAuth.h

/* -------------------------------------------------------------------------- */
/* Copyright 2002-2015, OpenNebula Project, OpenNebula Systems                */
/*                                                                            */
/* Licensed under the Apache License, Version 2.0 (the "License"); you may    */
/* not use this file except in compliance with the License. You may obtain    */
/* a copy of the License at                                                   */
/*                                                                            */
/* http://www.apache.org/licenses/LICENSE-2.0                                 */
/*                                                                            */
/* Unless required by applicable law or agreed to in writing, software        */
/* distributed under the License is distributed on an "AS IS" BASIS,          */
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   */
/* See the License for the specific language governing permissions and        */
/* limitations under the License.                                             */
/* -------------------------------------------------------------------------- */

#ifndef POOL_OBJECT_AUTH_H_
#define POOL_OBJECT_AUTH_H_

#include "PoolObjectSQL.h"

class AclRule;

/**
 *  This class abstracts the authorization attributes of a PoolObject. It is
 *  used to check permissions and access rights of requests
 */
class PoolObjectAuth
{
public:
    /* ------------------- Constructor and Methods -------------------------- */

    PoolObjectAuth():
        oid(-1),
        uid(-1),
        gid(-1),
        cid(-1),
        owner_u(1),
        owner_m(1),
        owner_a(0),
        group_u(0),
        group_m(0),
        group_a(0),
        other_u(0),
        other_m(0),
        other_a(0),
        disable_all_acl(false),
        disable_cluster_acl(false),
        disable_group_acl(false) {};

    void get_acl_rules(AclRule& owner_rule,
                       AclRule& group_rule,
                       AclRule& other_rule,
                       int zone_id) const;

    string type_to_str() const
    {
        return PoolObjectSQL::type_to_str(obj_type);
    };

    /* --------------------------- Attributes ------------------------------- */

    PoolObjectSQL::ObjectType obj_type;

    int oid;
    int uid;
    int gid;
    int cid;

    int owner_u;
    int owner_m;
    int owner_a;

    int group_u;
    int group_m;
    int group_a;

    int other_u;
    int other_m;
    int other_a;

    bool disable_all_acl;     // All objects of this type (e.g. NET/*)
    bool disable_cluster_acl; // All objects in a cluster (e.g. NET/%100)
    bool disable_group_acl;   // All objects own by this group (e.g. NET/@101)
};

#endif /*POOL_OBJECT_AUTH_H_*/
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00			`/* -------------------------------------------------------------------------- */`
Fix copyright in banners 2015-09-23 16:03:22 +03:00			`/* Copyright 2002-2015, OpenNebula Project, OpenNebula Systems */`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00			`/* */`
			`/* Licensed under the Apache License, Version 2.0 (the "License"); you may */`
			`/* not use this file except in compliance with the License. You may obtain */`
			`/* a copy of the License at */`
			`/* */`
			`/* http://www.apache.org/licenses/LICENSE-2.0 */`
			`/* */`
			`/* Unless required by applicable law or agreed to in writing, software */`
			`/* distributed under the License is distributed on an "AS IS" BASIS, */`
			`/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. */`
			`/* See the License for the specific language governing permissions and */`
			`/* limitations under the License. */`
			`/* -------------------------------------------------------------------------- */`

			`#ifndef POOL_OBJECT_AUTH_H_`
			`#define POOL_OBJECT_AUTH_H_`

			`#include "PoolObjectSQL.h"`

Feature #862: Re-factor PoolObjectAuth. Moved ObjectType to PoolObjectSQL. simplified interface for AuthManger::add_auth. 2012-01-03 05:58:23 +04:00			`class AclRule;`

			`/**`
			`* This class abstracts the authorization attributes of a PoolObject. It is`
			`* used to check permissions and access rights of requests`
			`*/`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00			`class PoolObjectAuth`
			`{`
			`public:`
Feature #862: Re-factor PoolObjectAuth. Moved ObjectType to PoolObjectSQL. simplified interface for AuthManger::add_auth. 2012-01-03 05:58:23 +04:00			`/* ------------------- Constructor and Methods -------------------------- */`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00
			`PoolObjectAuth():`
			`oid(-1),`
			`uid(-1),`
			`gid(-1),`
Feature #1565: Add new ACL resource ID bit, '%', for clusters. The reserve lookup is pending 2013-01-16 21:27:36 +04:00			`cid(-1),`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00			`owner_u(1),`
			`owner_m(1),`
			`owner_a(0),`
			`group_u(0),`
			`group_m(0),`
			`group_a(0),`
			`other_u(0),`
			`other_m(0),`
Fix access control for VNET reservations with group Resource Providers 2014-09-17 19:05:01 +04:00			`other_a(0),`
			`disable_all_acl(false),`
			`disable_cluster_acl(false),`
			`disable_group_acl(false) {};`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00
Feature #862: Re-factor PoolObjectAuth. Moved ObjectType to PoolObjectSQL. simplified interface for AuthManger::add_auth. 2012-01-03 05:58:23 +04:00			`void get_acl_rules(AclRule& owner_rule,`
			`AclRule& group_rule,`
Feature #2653: Store zone_id in AclManager and send it to PoolObjectAuth 2014-01-25 23:41:13 +04:00			`AclRule& other_rule,`
			`int zone_id) const;`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00
Feature #862: Re-factor PoolObjectAuth. Moved ObjectType to PoolObjectSQL. simplified interface for AuthManger::add_auth. 2012-01-03 05:58:23 +04:00			`string type_to_str() const`
			`{`
Feature #2653: Store zone_id in AclManager and send it to PoolObjectAuth 2014-01-25 23:41:13 +04:00			`return PoolObjectSQL::type_to_str(obj_type);`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00			`};`

Feature #862: Re-factor PoolObjectAuth. Moved ObjectType to PoolObjectSQL. simplified interface for AuthManger::add_auth. 2012-01-03 05:58:23 +04:00			`/* --------------------------- Attributes ------------------------------- */`

			`PoolObjectSQL::ObjectType obj_type;`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00
			`int oid;`
			`int uid;`
			`int gid;`
Feature #1565: Add new ACL resource ID bit, '%', for clusters. The reserve lookup is pending 2013-01-16 21:27:36 +04:00			`int cid;`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00
			`int owner_u;`
			`int owner_m;`
			`int owner_a;`

			`int group_u;`
			`int group_m;`
			`int group_a;`

			`int other_u;`
			`int other_m;`
			`int other_a;`
Fix access control for VNET reservations with group Resource Providers 2014-09-17 19:05:01 +04:00
			`bool disable_all_acl; // All objects of this type (e.g. NET/*)`
			`bool disable_cluster_acl; // All objects in a cluster (e.g. NET/%100)`
			`bool disable_group_acl; // All objects own by this group (e.g. NET/@101)`
Rename Permissions class to PoolObjectAuth and move it to its own .h file 2012-01-03 00:17:20 +04:00			`};`

			`#endif /POOL_OBJECT_AUTH_H_/`