Wrapper for cynara_admin_check.

Asks Cynara for permission and allows to specify in
which policy bucket to start search.

Change-Id: I127057249437c8aa2c719e498239f8f0ef3f8ed9
Signed-off-by: Michal Eljasiewicz <m.eljasiewic@samsung.com>

diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index 6620708..de48f90 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -464,6 +464,24 @@ int CynaraAdmin::convertToPolicyType(const std::string &policy, bool forceRefres
 
     return DescriptionToType.at(policy);
 }
+void CynaraAdmin::Check(const std::string &label, const std::string &privilege, const std::string &user,
+    const std::string &bucket, int &result, std::string &resultExtra, const bool recursive)
+{
+    char *resultExtraCstr = nullptr;
+
+    checkCynaraError(
+        cynara_admin_check(m_CynaraAdmin, bucket.c_str(), recursive, label.c_str(),
+            user.c_str(), privilege.c_str(), &result, &resultExtraCstr),
+        "Error while asking cynara admin API for permission for app label: " + label + ", user: "
+            + user + " privilege: " + privilege + " bucket: " + bucket);
+
+    if (resultExtraCstr == nullptr)
+        resultExtra = "";
+    else {
+        resultExtra = std::string(resultExtraCstr);
+        free(resultExtraCstr);
+    }
+}
 
 Cynara::Cynara()
 {

diff --git a/src/common/include/cynara.h b/src/common/include/cynara.h
index 5ac9e42..720e2f4 100644 (file)
--- a/src/common/include/cynara.h
+++ b/src/common/include/cynara.h
@@ -200,6 +200,29 @@ public:
      */
     int convertToPolicyType(const std::string &policy, bool forceRefresh = false);
 
+    /**
+     * Ask Cynara for permission starting the search at specified bucket.
+     * Essentialy a wrapper on cynara_admin_check.
+     *
+     * @param label application Smack label
+     * @param privilege privilege string to match in search
+     * @param user user string to match in search
+     * @param bucket name of the bucket to search policies in
+     * @param result integer to return policy result
+     * @param resultExtra string to return additional information about policy
+     *        result. If result is Bucket then resultExtra is the name of
+     *        bucket.
+     * @param recursive flag to indicate if check should be done recursively in
+     *        all buckets linked with bucket provided
+     */
+    void Check(const std::string &label,
+        const std::string &privilege,
+        const std::string &user,
+        const std::string &bucket,
+        int &result,
+        std::string &resultExtra,
+        const bool recursive);
+
 private:
     CynaraAdmin();