tursom/memgraph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added LabelPermission class to model.hpp; added dummy implementation to model.cpp

Browse Source
This commit is contained in:
Boris Tasevski 2022-07-05 16:36:04 +02:00
parent 3e0e17d469
commit ca95ac253b
2 changed files with 111 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/auth/models.cpp
View File

@ -98,11 +98,11 @@ std::string PermissionLevelToString(PermissionLevel level) {
}
}
Permissions::Permissions(uint64_t grants, uint64_t denies) {
// The deny bitmask has higher priority than the grant bitmask.
denies_ = denies;
// Mask out the grant bitmask to make sure that it is correct.
grants_ = grants & (~denies);
Permissions::Permissions(uint64_t grants, uint64_t denies) : grants_(grants & (~denies)), denies_(denies) {
// // The deny bitmask has higher priority than the grant bitmask.
// denies_ = denies;
// // Mask out the grant bitmask to make sure that it is correct.
// grants_ = grants & (~denies);
}
PermissionLevel Permissions::Has(Permission permission) const {
@ -183,10 +183,57 @@ bool operator==(const Permissions &first, const Permissions &second) {
bool operator!=(const Permissions &first, const Permissions &second) { return !(first == second); }
////////////////////////////////
LabelPermissions::LabelPermissions(const std::vector<std::string> &grants, const std::vector<std::string> &denies)
: grants_(grants), denies_(denies) {}
PermissionLevel LabelPermissions::Has(LabelPermissions permission) const {
// Check for the deny first because it has greater priority than a grant.
return PermissionLevel::NEUTRAL;
}
void LabelPermissions::Grant(LabelPermissions permission) {}
void LabelPermissions::Revoke(LabelPermissions permission) {}
void LabelPermissions::Deny(LabelPermissions permission) {}
std::vector<std::string> LabelPermissions::GetGrants() const { return grants_; }
std::vector<std::string> LabelPermissions::GetDenies() const { return denies_; }
nlohmann::json LabelPermissions::Serialize() const {
nlohmann::json data = nlohmann::json::object();
data["grants"] = grants_;
data["denies"] = denies_;
return data;
}
LabelPermissions LabelPermissions::Deserialize(const nlohmann::json &data) {
if (!data.is_object()) {
throw AuthException("Couldn't load permissions data!");
}
if (!data["grants"].is_number_unsigned() || !data["denies"].is_number_unsigned()) {
throw AuthException("Couldn't load permissions data!");
}
return LabelPermissions(data["grants"], data["denies"]);
}
std::vector<std::string> LabelPermissions::grants() const { return grants_; }
std::vector<std::string> LabelPermissions::denies() const { return denies_; }
bool operator==(const LabelPermissions &first, const LabelPermissions &second) {
return first.grants() == second.grants() && first.denies() == second.denies();
}
bool operator!=(const LabelPermissions &first, const LabelPermissions &second) { return !(first == second); }
////////////////////////////////
Role::Role(const std::string &rolename) : rolename_(utils::ToLowerCase(rolename)) {}
Role::Role(const std::string &rolename, const Permissions &permissions)
: rolename_(utils::ToLowerCase(rolename)), permissions_(permissions) {}
Role::Role(const std::string &rolename, const Permissions &permissions, const LabelPermissions &labelPermissions)
: rolename_(utils::ToLowerCase(rolename)), permissions_(permissions), labelPermissions_(labelPermissions) {}
const std::string &Role::rolename() const { return rolename_; }
const Permissions &Role::permissions() const { return permissions_; }
@ -196,6 +243,7 @@ nlohmann::json Role::Serialize() const {
nlohmann::json data = nlohmann::json::object();
data["rolename"] = rolename_;
data["permissions"] = permissions_.Serialize();
data["labelPermissions"] = labelPermissions_.Serialize();
return data;
}
@ -207,7 +255,8 @@ Role Role::Deserialize(const nlohmann::json &data) {
throw AuthException("Couldn't load role data!");
}
auto permissions = Permissions::Deserialize(data["permissions"]);
return {data["rolename"], permissions};
auto labelPermissions = LabelPermissions::Deserialize(data["labelPermissions"]);
return {data["rolename"], permissions, labelPermissions};
}
bool operator==(const Role &first, const Role &second) {
@ -216,8 +265,12 @@ bool operator==(const Role &first, const Role &second) {
User::User(const std::string &username) : username_(utils::ToLowerCase(username)) {}
User::User(const std::string &username, const std::string &password_hash, const Permissions &permissions)
: username_(utils::ToLowerCase(username)), password_hash_(password_hash), permissions_(permissions) {}
User::User(const std::string &username, const std::string &password_hash, const Permissions &permissions,
const LabelPermissions &labelPermissions)
: username_(utils::ToLowerCase(username)),
password_hash_(password_hash),
permissions_(permissions),
labelPermissions_(labelPermissions) {}
bool User::CheckPassword(const std::string &password) {
if (password_hash_.empty()) return true;
@ -260,8 +313,8 @@ void User::ClearRole() { role_ = std::nullopt; }
Permissions User::GetPermissions() const {
if (role_) {
return Permissions(permissions_.grants() | role_->permissions().grants(),
permissions_.denies() | role_->permissions().denies());
return {permissions_.grants() | role_->permissions().grants(),
permissions_.denies() | role_->permissions().denies()};
}
return permissions_;
}
@ -295,7 +348,8 @@ User User::Deserialize(const nlohmann::json &data) {
throw AuthException("Couldn't load user data!");
}
auto permissions = Permissions::Deserialize(data["permissions"]);
return {data["username"], data["password_hash"], permissions};
auto labelPermissions = LabelPermissions::Deserialize(data["labelPermissions"]);
return {data["username"], data["password_hash"], permissions, labelPermissions};
}
bool operator==(const User &first, const User &second) {

46
src/auth/models.hpp
View File

@ -88,16 +88,52 @@ bool operator==(const Permissions &first, const Permissions &second);
bool operator!=(const Permissions &first, const Permissions &second);
class LabelPermissions final {
public:
explicit LabelPermissions(const std::vector<std::string> &grants = {}, const std::vector<std::string> &denies = {});
PermissionLevel Has(LabelPermissions permission) const;
void Grant(LabelPermissions permission);
void Revoke(LabelPermissions permission);
void Deny(LabelPermissions permission);
std::vector<std::string> GetGrants() const;
std::vector<std::string> GetDenies() const;
nlohmann::json Serialize() const;
/// @throw AuthException if unable to deserialize.
static LabelPermissions Deserialize(const nlohmann::json &data);
std::vector<std::string> grants() const;
std::vector<std::string> denies() const;
private:
std::vector<std::string> grants_{};
std::vector<std::string> denies_{};
};
bool operator==(const LabelPermissions &first, const LabelPermissions &second);
bool operator!=(const LabelPermissions &first, const LabelPermissions &second);
class Role final {
public:
Role(const std::string &rolename);
Role(const std::string &rolename, const Permissions &permissions);
Role(const std::string &rolename, const Permissions &permissions, const LabelPermissions &labelPermissions);
const std::string &rolename() const;
const Permissions &permissions() const;
Permissions &permissions();
const LabelPermissions &labelPermissions() const;
LabelPermissions &labelPermissions();
nlohmann::json Serialize() const;
/// @throw AuthException if unable to deserialize.
@ -108,6 +144,7 @@ class Role final {
private:
std::string rolename_;
Permissions permissions_;
LabelPermissions labelPermissions_;
};
bool operator==(const Role &first, const Role &second);
@ -117,7 +154,8 @@ class User final {
public:
User(const std::string &username);
User(const std::string &username, const std::string &password_hash, const Permissions &permissions);
User(const std::string &username, const std::string &password_hash, const Permissions &permissions,
const LabelPermissions &labelPermissions);
/// @throw AuthException if unable to verify the password.
bool CheckPassword(const std::string &password);
@ -136,6 +174,9 @@ class User final {
const Permissions &permissions() const;
Permissions &permissions();
const LabelPermissions &labelPermissions() const;
Permissions &labelPermissions();
const Role *role() const;
nlohmann::json Serialize() const;
@ -149,6 +190,7 @@ class User final {
std::string username_;
std::string password_hash_;
Permissions permissions_;
LabelPermissions labelPermissions_;
std::optional<Role> role_;
};