tursom/memgraph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

implement LabelPermissions specific methods

Browse Source
This commit is contained in:
Boris Tasevski 2022-07-06 09:45:21 +02:00
parent ca95ac253b
commit 20da673583
2 changed files with 63 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/auth/models.cpp
View File

@ -98,12 +98,7 @@ std::string PermissionLevelToString(PermissionLevel level) {
}
}
Permissions::Permissions(uint64_t grants, uint64_t denies) : grants_(grants & (~denies)), denies_(denies) {
// // The deny bitmask has higher priority than the grant bitmask.
// denies_ = denies;
// // Mask out the grant bitmask to make sure that it is correct.
// grants_ = grants & (~denies);
}
Permissions::Permissions(uint64_t grants, uint64_t denies) : grants_(grants & (~denies)), denies_(denies) {}
PermissionLevel Permissions::Has(Permission permission) const {
// Check for the deny first because it has greater priority than a grant.
@ -183,24 +178,62 @@ bool operator==(const Permissions &first, const Permissions &second) {
bool operator!=(const Permissions &first, const Permissions &second) { return !(first == second); }
////////////////////////////////
LabelPermissions::LabelPermissions(const std::vector<std::string> &grants, const std::vector<std::string> &denies)
LabelPermissions::LabelPermissions(const std::unordered_set<std::string> &grants,
const std::unordered_set<std::string> &denies)
: grants_(grants), denies_(denies) {}
PermissionLevel LabelPermissions::Has(LabelPermissions permission) const {
// Check for the deny first because it has greater priority than a grant.
PermissionLevel LabelPermissions::Has(const std::string &permission) const {
if (denies_.find(permission) != denies_.end()) {
return PermissionLevel::DENY;
}
if (grants_.find(permission) != denies_.end()) {
return PermissionLevel::GRANT;
}
return PermissionLevel::NEUTRAL;
}
void LabelPermissions::Grant(LabelPermissions permission) {}
void LabelPermissions::Grant(const std::string &permission) {
auto deniedPermissionIter = denies_.find(permission);
void LabelPermissions::Revoke(LabelPermissions permission) {}
if (deniedPermissionIter != denies_.end()) {
denies_.erase(deniedPermissionIter);
}
void LabelPermissions::Deny(LabelPermissions permission) {}
if (grants_.find(permission) == grants_.end()) {
grants_.insert(permission);
}
}
std::vector<std::string> LabelPermissions::GetGrants() const { return grants_; }
void LabelPermissions::Revoke(const std::string &permission) {
auto deniedPermissionIter = denies_.find(permission);
auto grantedPermissionIter = grants_.find(permission);
std::vector<std::string> LabelPermissions::GetDenies() const { return denies_; }
if (deniedPermissionIter != denies_.end()) {
denies_.erase(deniedPermissionIter);
}
if (grantedPermissionIter != grants_.end()) {
grants_.erase(grantedPermissionIter);
}
}
void LabelPermissions::Deny(const std::string &permission) {
auto grantedPermissionIter = grants_.find(permission);
if (grantedPermissionIter != grants_.end()) {
grants_.erase(grantedPermissionIter);
}
if (denies_.find(permission) == denies_.end()) {
denies_.insert(permission);
}
}
std::unordered_set<std::string> LabelPermissions::GetGrants() const { return grants_; }
std::unordered_set<std::string> LabelPermissions::GetDenies() const { return denies_; }
nlohmann::json LabelPermissions::Serialize() const {
nlohmann::json data = nlohmann::json::object();
@ -220,15 +253,14 @@ LabelPermissions LabelPermissions::Deserialize(const nlohmann::json &data) {
return LabelPermissions(data["grants"], data["denies"]);
}
std::vector<std::string> LabelPermissions::grants() const { return grants_; }
std::vector<std::string> LabelPermissions::denies() const { return denies_; }
std::unordered_set<std::string> LabelPermissions::grants() const { return grants_; }
std::unordered_set<std::string> LabelPermissions::denies() const { return denies_; }
bool operator==(const LabelPermissions &first, const LabelPermissions &second) {
return first.grants() == second.grants() && first.denies() == second.denies();
}
bool operator!=(const LabelPermissions &first, const LabelPermissions &second) { return !(first == second); }
////////////////////////////////
Role::Role(const std::string &rolename) : rolename_(utils::ToLowerCase(rolename)) {}

25
src/auth/models.hpp
View File

@ -10,6 +10,7 @@
#include <optional>
#include <string>
#include <unordered_set>
#include <json/json.hpp>
@ -90,31 +91,31 @@ bool operator!=(const Permissions &first, const Permissions &second);
class LabelPermissions final {
public:
explicit LabelPermissions(const std::vector<std::string> &grants = {}, const std::vector<std::string> &denies = {});
explicit LabelPermissions(const std::unordered_set<std::string> &grants = {},
const std::unordered_set<std::string> &denies = {});
PermissionLevel Has(LabelPermissions permission) const;
PermissionLevel Has(const std::string &permission) const;
void Grant(LabelPermissions permission);
void Grant(const std::string &permission);
void Revoke(LabelPermissions permission);
void Revoke(const std::string &permission);
void Deny(LabelPermissions permission);
void Deny(const std::string &permission);
std::vector<std::string> GetGrants() const;
std::vector<std::string> GetDenies() const;
std::unordered_set<std::string> GetGrants() const;
std::unordered_set<std::string> GetDenies() const;
nlohmann::json Serialize() const;
/// @throw AuthException if unable to deserialize.
static LabelPermissions Deserialize(const nlohmann::json &data);
std::vector<std::string> grants() const;
std::vector<std::string> denies() const;
std::unordered_set<std::string> grants() const;
std::unordered_set<std::string> denies() const;
private:
std::vector<std::string> grants_{};
std::vector<std::string> denies_{};
std::unordered_set<std::string> grants_{};
std::unordered_set<std::string> denies_{};
};
bool operator==(const LabelPermissions &first, const LabelPermissions &second);