support multi privileges

diff --git a/supervisor/Action.cpp b/supervisor/Action.cpp
index 28f9d0779134166c17f93155faa773e435edf319..feec0b49dd9fc44d606a091ccae53d3f9770a530 100644 (file)
--- a/supervisor/Action.cpp
+++ b/supervisor/Action.cpp
@@ -108,14 +108,14 @@ bool Action::isLocked()
        return locked;
 }
 
-void Action::setPrivilege(const std::string &val)
+void Action::setPrivileges(std::list<std::string> privList)
 {
-       privilege = val;
+       privileges = privList;
 }
 
-std::string Action::getPrivilege()
+const std::list<std::string>& Action::getPrivileges()
 {
-       return privilege;
+       return privileges;
 }
 
 void Action::attachObserver(ActionObserver *obs)

diff --git a/supervisor/Action.h b/supervisor/Action.h
index 20242a8f0998d146c76d42fa54f4989eb8952756..262cb05473ca755411113c30a3b62f1c68997e77 100644 (file)
--- a/supervisor/Action.h
+++ b/supervisor/Action.h
@@ -61,8 +61,8 @@ public:
        ActionType getType();
        void setLife(ActionRuleLife val);
        ActionRuleLife getLife();
-       void setPrivilege(const std::string &val);
-       std::string getPrivilege();
+       void setPrivileges(std::list<std::string> privList);
+       const std::list<std::string>& getPrivileges();
        void attachObserver(ActionObserver *obs);
        void detachObserver(ActionObserver *obs);
        std::string backupUndoInfo();
@@ -85,7 +85,7 @@ private:
        static void valueChangedCallback(void *userData);
        void notifyObservers();
        std::string id;
-       std::string privilege;
+       std::list<std::string> privileges;
        bool locked; //Another action(same rule) is restricted(LOCK), It is assigned by ConflictManager
        bool stopOnErr;
        bool subscribed;

diff --git a/supervisor/ActionRule.cpp b/supervisor/ActionRule.cpp
index f16ce16ccba6c6b9a1f957a022a986f2af65434d..f825577e2c50e1a526fda6b1136764f42240ac32 100644 (file)
--- a/supervisor/ActionRule.cpp
+++ b/supervisor/ActionRule.cpp
@@ -40,9 +40,9 @@ Plugin* ActionRule::getPlugin()
        return plugin;
 }
 
-void ActionRule::setPrivilege(const std::string &priv)
+void ActionRule::addPrivilege(const std::string &priv)
 {
-       privilege = priv;
+       privileges.push_back(priv);
 }
 
 void ActionRule::setLife(Action::ActionRuleLife val)

diff --git a/supervisor/ActionRule.h b/supervisor/ActionRule.h
index 824987c2dfa6908b6f00cbd187617cb1e2d91dc1..c912f6747967640c54a49ce3175ec85687fe7684 100644 (file)
--- a/supervisor/ActionRule.h
+++ b/supervisor/ActionRule.h
@@ -15,6 +15,7 @@
  */
 #pragma once
 
+#include <list>
 #include <string>
 #include "mdss.h"
 #include "Plugin.h"
@@ -30,13 +31,13 @@ public:
        std::string getName();
        Plugin* getPlugin();
        void setPlugin(Plugin *pi);
-       void setPrivilege(const std::string &priv);
+       void addPrivilege(const std::string &priv);
        void setLife(Action::ActionRuleLife val);
        virtual Action* makeAction() = 0;
        virtual int addAlias(const std::string &alias, const std::string &value) = 0;
 protected:
        std::string ruleName;
-       std::string privilege;
+       std::list<std::string> privileges;
        Plugin *plugin;
        Action::ActionRuleLife life;
 private:

diff --git a/supervisor/ClientPrivilege.cpp b/supervisor/ClientPrivilege.cpp
index f907f2da64a760d50a6c878c4b31e4d4c0f0f88f..32357643c945f30846c0bc73b01a955334085489 100644 (file)
--- a/supervisor/ClientPrivilege.cpp
+++ b/supervisor/ClientPrivilege.cpp
@@ -63,22 +63,33 @@ ClientPrivilege::~ClientPrivilege()
 
 int ClientPrivilege::check(const Mode &mode)
 {
-       std::list<std::shared_ptr<Action>>::iterator it;
        auto actionList = mode.getActionList();
-       for (it = actionList.begin(); it != actionList.end(); it++) {
-               std::string priv = (*it)->getPrivilege();
-               //No Privilege = Allow All
-               if (priv.empty())
-                       continue;
-               int ret = cynara_check(handle, client, clientSession, user, priv.c_str());
-               if (CYNARA_API_ACCESS_ALLOWED != ret) {
-                       ERR("Action(%s) priv.check(%s) Fail(%d)", (*it)->getRuleName().c_str(), (*it)->getPrivilege().c_str(), ret);
-                       if (ret == CYNARA_API_ACCESS_DENIED)
-                               return MODES_ERROR_PERMISSION_DENIED;
-                       else
-                               return MODES_ERROR_SYSTEM;
+       for (auto it = actionList.begin(); it != actionList.end(); it++) {
+               auto privList = (*it)->getPrivileges();
+               for (auto privIt = privList.begin(); privIt != privList.end(); privIt++) {
+                       //No Privilege = Allow All
+                       if ((*privIt).empty())
+                               continue;
+                       int ret = checkCynara((*it)->getRuleName(), *privIt);
+                       if (MODES_ERROR_NONE != ret)
+                               return ret;
                }
        }
-       DBG("Success!");
        return MODES_ERROR_NONE;
 }
+
+int ClientPrivilege::checkCynara(const std::string &rule, const std::string &priv)
+{
+       int ret = cynara_check(handle, client, clientSession, user, priv.c_str());
+       if (CYNARA_API_ACCESS_ALLOWED != ret) {
+               ERR("Action(%s) priv.check(%s) Fail(%d)", rule.c_str(), priv.c_str(), ret);
+               if (ret == CYNARA_API_ACCESS_DENIED)
+                       return MODES_ERROR_PERMISSION_DENIED;
+               else
+                       return MODES_ERROR_SYSTEM;
+       }
+
+       return MODES_ERROR_NONE;
+}
+
+

diff --git a/supervisor/ClientPrivilege.h b/supervisor/ClientPrivilege.h
index 8a1e813722093ec8aadb500a78689f506e694b2b..c4283628b7618207927eaa93bc6942fc9fd7200c 100644 (file)
--- a/supervisor/ClientPrivilege.h
+++ b/supervisor/ClientPrivilege.h
@@ -29,6 +29,7 @@ public:
        ~ClientPrivilege();
        int check(const Mode &mode);
 private:
+       int checkCynara(const std::string &rule, const std::string &priv);
        cynara *handle;
        char *client;
        char *user;

diff --git a/supervisor/RuleManager.cpp b/supervisor/RuleManager.cpp
index 32bd5a0ce0481a0e20b2a2deb009f5b7e64ee44b..e08cd1c0789613a99cc859f38022dd9af99c547d 100644 (file)
--- a/supervisor/RuleManager.cpp
+++ b/supervisor/RuleManager.cpp
@@ -125,7 +125,7 @@ void RuleManager::parseElement(xmlNodePtr cur, ActionRule *actionRule)
                        ERR("%s : No value", RULE_TAGS[TagElemPrivilege]);
                        return;
                }
-               actionRule->setPrivilege(value);
+               actionRule->addPrivilege(value);
        } else if (MDS_EQUAL == xmlStrcmp(cur->name, RULE_TAGS[TagElemConflict])) {
                // TODO: enhanced feature
                DBG("TBD(%s)", cur->name);

diff --git a/supervisor/TActionRule.h b/supervisor/TActionRule.h
index 303c94eb71540e03293a49f8cfb0480383d657d5..51ee082b18bd3b8a5a0a9822917ab4c2c42e8fb4 100644 (file)
--- a/supervisor/TActionRule.h
+++ b/supervisor/TActionRule.h
@@ -44,7 +44,7 @@ public:
                try {
                        TAction<T> *action = new TAction<T>(ruleName, piAction);
                        action->setValueAliases(valueAliasList);
-                       action->setPrivilege(privilege);
+                       action->setPrivileges(privileges);
                        action->setLife(life);
 
                        return action;