From 20da67358337e39b98f521f5cbe3e8119e4be053 Mon Sep 17 00:00:00 2001 From: Boris Tasevski Date: Wed, 6 Jul 2022 09:45:21 +0200 Subject: [PATCH] implement LabelPermissions specific methods --- src/auth/models.cpp | 68 +++++++++++++++++++++++++++++++++------------ src/auth/models.hpp | 25 +++++++++-------- 2 files changed, 63 insertions(+), 30 deletions(-) diff --git a/src/auth/models.cpp b/src/auth/models.cpp index 2a45735c8..153303e0c 100644 --- a/src/auth/models.cpp +++ b/src/auth/models.cpp @@ -98,12 +98,7 @@ std::string PermissionLevelToString(PermissionLevel level) { } } -Permissions::Permissions(uint64_t grants, uint64_t denies) : grants_(grants & (~denies)), denies_(denies) { - // // The deny bitmask has higher priority than the grant bitmask. - // denies_ = denies; - // // Mask out the grant bitmask to make sure that it is correct. - // grants_ = grants & (~denies); -} +Permissions::Permissions(uint64_t grants, uint64_t denies) : grants_(grants & (~denies)), denies_(denies) {} PermissionLevel Permissions::Has(Permission permission) const { // Check for the deny first because it has greater priority than a grant. @@ -183,24 +178,62 @@ bool operator==(const Permissions &first, const Permissions &second) { bool operator!=(const Permissions &first, const Permissions &second) { return !(first == second); } -//////////////////////////////// -LabelPermissions::LabelPermissions(const std::vector &grants, const std::vector &denies) +LabelPermissions::LabelPermissions(const std::unordered_set &grants, + const std::unordered_set &denies) : grants_(grants), denies_(denies) {} -PermissionLevel LabelPermissions::Has(LabelPermissions permission) const { - // Check for the deny first because it has greater priority than a grant. +PermissionLevel LabelPermissions::Has(const std::string &permission) const { + if (denies_.find(permission) != denies_.end()) { + return PermissionLevel::DENY; + } + + if (grants_.find(permission) != denies_.end()) { + return PermissionLevel::GRANT; + } + return PermissionLevel::NEUTRAL; } -void LabelPermissions::Grant(LabelPermissions permission) {} +void LabelPermissions::Grant(const std::string &permission) { + auto deniedPermissionIter = denies_.find(permission); -void LabelPermissions::Revoke(LabelPermissions permission) {} + if (deniedPermissionIter != denies_.end()) { + denies_.erase(deniedPermissionIter); + } -void LabelPermissions::Deny(LabelPermissions permission) {} + if (grants_.find(permission) == grants_.end()) { + grants_.insert(permission); + } +} -std::vector LabelPermissions::GetGrants() const { return grants_; } +void LabelPermissions::Revoke(const std::string &permission) { + auto deniedPermissionIter = denies_.find(permission); + auto grantedPermissionIter = grants_.find(permission); -std::vector LabelPermissions::GetDenies() const { return denies_; } + if (deniedPermissionIter != denies_.end()) { + denies_.erase(deniedPermissionIter); + } + + if (grantedPermissionIter != grants_.end()) { + grants_.erase(grantedPermissionIter); + } +} + +void LabelPermissions::Deny(const std::string &permission) { + auto grantedPermissionIter = grants_.find(permission); + + if (grantedPermissionIter != grants_.end()) { + grants_.erase(grantedPermissionIter); + } + + if (denies_.find(permission) == denies_.end()) { + denies_.insert(permission); + } +} + +std::unordered_set LabelPermissions::GetGrants() const { return grants_; } + +std::unordered_set LabelPermissions::GetDenies() const { return denies_; } nlohmann::json LabelPermissions::Serialize() const { nlohmann::json data = nlohmann::json::object(); @@ -220,15 +253,14 @@ LabelPermissions LabelPermissions::Deserialize(const nlohmann::json &data) { return LabelPermissions(data["grants"], data["denies"]); } -std::vector LabelPermissions::grants() const { return grants_; } -std::vector LabelPermissions::denies() const { return denies_; } +std::unordered_set LabelPermissions::grants() const { return grants_; } +std::unordered_set LabelPermissions::denies() const { return denies_; } bool operator==(const LabelPermissions &first, const LabelPermissions &second) { return first.grants() == second.grants() && first.denies() == second.denies(); } bool operator!=(const LabelPermissions &first, const LabelPermissions &second) { return !(first == second); } -//////////////////////////////// Role::Role(const std::string &rolename) : rolename_(utils::ToLowerCase(rolename)) {} diff --git a/src/auth/models.hpp b/src/auth/models.hpp index 464d4f829..b3faee63e 100644 --- a/src/auth/models.hpp +++ b/src/auth/models.hpp @@ -10,6 +10,7 @@ #include #include +#include #include @@ -90,31 +91,31 @@ bool operator!=(const Permissions &first, const Permissions &second); class LabelPermissions final { public: - explicit LabelPermissions(const std::vector &grants = {}, const std::vector &denies = {}); + explicit LabelPermissions(const std::unordered_set &grants = {}, + const std::unordered_set &denies = {}); - PermissionLevel Has(LabelPermissions permission) const; + PermissionLevel Has(const std::string &permission) const; - void Grant(LabelPermissions permission); + void Grant(const std::string &permission); - void Revoke(LabelPermissions permission); + void Revoke(const std::string &permission); - void Deny(LabelPermissions permission); + void Deny(const std::string &permission); - std::vector GetGrants() const; - - std::vector GetDenies() const; + std::unordered_set GetGrants() const; + std::unordered_set GetDenies() const; nlohmann::json Serialize() const; /// @throw AuthException if unable to deserialize. static LabelPermissions Deserialize(const nlohmann::json &data); - std::vector grants() const; - std::vector denies() const; + std::unordered_set grants() const; + std::unordered_set denies() const; private: - std::vector grants_{}; - std::vector denies_{}; + std::unordered_set grants_{}; + std::unordered_set denies_{}; }; bool operator==(const LabelPermissions &first, const LabelPermissions &second);