#include <dpl/exception.h>
#include <string>
#include <vector>
+#include <map>
+
+#include "security-manager.h"
namespace SecurityManager {
+enum class Bucket
+{
+ PRIVACY_MANAGER,
+ MAIN,
+ USER_TYPE_ADMIN,
+ USER_TYPE_NORMAL,
+ USER_TYPE_GUEST,
+ USER_TYPE_SYSTEM,
+ ADMIN,
+ MANIFESTS
+};
+
class CynaraException
{
public:
DECLARE_EXCEPTION_TYPE(Base, InvalidParam)
DECLARE_EXCEPTION_TYPE(Base, ServiceNotAvailable)
DECLARE_EXCEPTION_TYPE(Base, UnknownError)
+ DECLARE_EXCEPTION_TYPE(Base, BucketNotFound)
};
struct CynaraAdminPolicy : cynara_admin_policy
};
CynaraAdminPolicy(const std::string &client, const std::string &user,
- const std::string &privilege, Operation operation,
+ const std::string &privilege, int operation,
const std::string &bucket = std::string(CYNARA_ADMIN_DEFAULT_BUCKET));
CynaraAdminPolicy(const std::string &client, const std::string &user,
/* Move constructor is the way to go. */
CynaraAdminPolicy(CynaraAdminPolicy &&that);
+ CynaraAdminPolicy& operator=(CynaraAdminPolicy &&that);
~CynaraAdminPolicy();
};
class CynaraAdmin
{
public:
+
+ typedef std::map<Bucket, const std::string > BucketsMap;
+ static BucketsMap Buckets;
+
+ typedef std::map<int, std::string> TypeToDescriptionMap;
+ typedef std::map<std::string, int> DescriptionToTypeMap;
+
virtual ~CynaraAdmin();
static CynaraAdmin &getInstance();
const std::vector<std::string> &oldPrivileges,
const std::vector<std::string> &newPrivileges);
+ /**
+ * Depending on user type, create link between MAIN bucket and appropriate
+ * USER_TYPE_* bucket for newly added user uid to apply permissions for that
+ * user type.
+ * @throws CynaraException::InvalidParam.
+ *
+ * @param uid new user uid
+ * @param userType type as enumerated in security-manager.h
+ */
+ void UserInit(uid_t uid, security_manager_user_type userType);
+
+ /**
+ * Removes all entries for a user from cynara database
+ *
+ * @param uid removed user uid
+ */
+ void UserRemove(uid_t uid);
+
+ /**
+ * List Cynara policies that match selected criteria in given bucket.
+ *
+ * @param bucketName name of the bucket to search policies in
+ * @param appId string with id of app to match in search
+ * @param user user string to match in search
+ * @param privilege privilege string to match in search
+ * @param policies empty vector for results of policies filtering.
+ *
+ */
+ void ListPolicies(const std::string &bucketName,
+ const std::string &appId,
+ const std::string &user,
+ const std::string &privilege,
+ std::vector<CynaraAdminPolicy> &policies);
+
+ /**
+ * Wrapper for Cynara API function cynara_admin_list_policies_descriptions.
+ * It collects all policies descriptions, extracts names
+ * of policies and returns as std strings. Caller is responsible for clearing
+ * vector passed as argument.
+ *
+ * @param policiesDescriptions empty vector for policies descriptions.
+ */
+ void ListPoliciesDescriptions(std::vector<std::string> &policiesDescriptions);
+
+ /**
+ * Function translates internal Cynara policy type integer to string
+ * description. Descriptions are retrieved from Cynara using
+ * ListPoliciesDescriptions() function. Caller can force refetching of
+ * descriptions list from Cynara on each call.
+ *
+ * @throws std::out_of_range
+ *
+ * @param policyType Cynara policy result type.
+ * @param forceRefresh switch to force refetching of descriptions from Cynara.
+ */
+ std::string convertToPolicyDescription(const int policyType, bool forceRefresh = false);
+
+ /**
+ * Function translates Cynara policy result string
+ * description to internal Cynara policy type integer.
+ * Descriptions are retrieved from Cynara using
+ * ListPoliciesDescriptions() function. Caller can force refetching of
+ * descriptions list from Cynara on each call.
+ *
+ * @throws std::out_of_range
+ *
+ * @param policy Cynara policy result string description.
+ * @param forceRefresh switch to force refetching of descriptions from Cynara.
+ */
+ int convertToPolicyType(const std::string &policy, bool forceRefresh = false);
+
private:
CynaraAdmin();
+
+ /**
+ * Empty bucket using filter - matching rules will be removed
+ *
+ * @param bucketName name of the bucket to be emptied
+ * @param recursive flag to remove privileges recursively
+ * @param client client name
+ * @param user user name
+ * @param privilege privilege name
+ */
+ void EmptyBucket(const std::string &bucketName, bool recursive,
+ const std::string &client, const std::string &user, const std::string &privilege);
+
+ /**
+ * Get Cynara policies result descriptions and cache them in std::map
+ *
+ * @param forceRefresh true if you want to reinitialize mappings
+ */
+ void FetchCynaraPolicyDescriptions(bool forceRefresh = false);
+
struct cynara_admin *m_CynaraAdmin;
+
+ static TypeToDescriptionMap TypeToDescription;
+ static DescriptionToTypeMap DescriptionToType;
+ bool m_policyDescriptionsInitialized;
};
class Cynara