Remove drbac and related classes.

This commit is contained in:
Relintai 2022-07-07 00:48:57 +02:00
parent 3f481f6eba
commit 9d5828a6bd
12 changed files with 4 additions and 1439 deletions

View File

@ -3,8 +3,8 @@
#include "web/http/web_node.h"
#include "core/string.h"
#include "core/containers/vector.h"
#include "core/string.h"
class Request;
class FormValidator;
@ -12,7 +12,7 @@ class AdminNode;
class AdminPanel : public WebNode {
RCPP_OBJECT(AdminPanel, WebNode);
public:
void handle_request_main(Request *request);
@ -46,7 +46,7 @@ protected:
static AdminPanel *_self;
Vector<AdminPanelSection> _controllers;
Vector<AdminPanelSection> _controllers;
String _default_headers;
String _default_main_body_top;
@ -54,4 +54,4 @@ protected:
String _default_footer;
};
#endif
#endif

View File

@ -1,872 +0,0 @@
#include "rbac_controller.h"
#include "core/error_macros.h"
#include "web/html/form_validator.h"
#include "web/html/html_builder.h"
#include "web/http/cookie.h"
#include "web/http/http_session.h"
#include "web/http/request.h"
#include "web/http/session_manager.h"
#include "rbac_default_permissions.h"
#include "web_modules/users/user.h"
#include "database/database.h"
#include "database/database_manager.h"
#include "database/query_builder.h"
#include "database/query_result.h"
#include "database/table_builder.h"
void RBACController::handle_request_main(Request *request) {
}
void RBACController::create_validators() {
}
void RBACController::admin_handle_request_main(Request *request) {
String seg = request->get_current_path_segment();
if (seg == "") {
admin_render_rank_list(request);
return;
} else if (seg == "new_rank") {
request->push_path();
admin_handle_new_rank(request);
} else if (seg == "edit_rank") {
request->push_path();
admin_handle_edit_rank(request);
} else if (seg == "permission_editor") {
request->push_path();
admin_permission_editor(request);
}
}
void RBACController::admin_handle_new_rank(Request *request) {
if (request->get_method() == HTTP_METHOD_POST) {
Ref<RBACRank> rank;
rank.instance();
rank->name = request->get_parameter("name");
rank->name_internal = request->get_parameter("name_internal");
rank->settings = request->get_parameter("settings");
int base_permissions = 0;
for (int i = 0; i < _registered_permissions.size(); ++i) {
String param = request->get_parameter("perm_check_" + String::num(i));
if (param != "") {
base_permissions |= _registered_permissions[i].value;
}
}
rank->base_permissions = base_permissions;
int rank_permissions = 0;
for (int i = 0; i < _registered_rank_permissions.size(); ++i) {
String param = request->get_parameter("perm_rank_check_" + String::num(i));
if (param != "") {
rank_permissions |= _registered_rank_permissions[i].value;
}
}
rank->rank_permissions = rank_permissions;
db_save_rank(rank);
_ranks[rank->id] = rank;
request->send_redirect(request->get_url_root_parent() + "edit_rank/" + String::num(rank->id));
return;
}
RBACAdminRankViewData data;
render_rank_view(request, &data);
}
void RBACController::admin_handle_edit_rank(Request *request) {
String seg = request->get_current_path_segment();
//check whether it's numeric
//if (!seg.is)
int id = seg.to_int();
if (id == 0) {
RLOG_MSG("RBACController::admin_handle_edit_rank: id == 0!\n");
request->send_redirect(request->get_url_root_parent());
return;
}
Ref<RBACRank> rank = _ranks[id];
if (!rank.is_valid()) {
RLOG_MSG("RBACController::admin_handle_edit_rank: !rank.is_valid()\n");
request->send_redirect(request->get_url_root_parent());
return;
}
RBACAdminRankViewData data;
data.rank = rank;
if (request->get_method() == HTTP_METHOD_POST) {
rank->name = request->get_parameter("name");
rank->name_internal = request->get_parameter("name_internal");
rank->settings = request->get_parameter("settings");
int base_permissions = 0;
for (int i = 0; i < _registered_permissions.size(); ++i) {
String param = request->get_parameter("perm_check_" + String::num(i));
if (param != "") {
base_permissions |= _registered_permissions[i].value;
}
}
rank->base_permissions = base_permissions;
int rank_permissions = 0;
for (int i = 0; i < _registered_rank_permissions.size(); ++i) {
String param = request->get_parameter("perm_rank_check_" + String::num(i));
if (param != "") {
rank_permissions |= _registered_rank_permissions[i].value;
}
}
rank->rank_permissions = rank_permissions;
db_save_rank(rank);
data.messages.push_back("Save Success!");
}
render_rank_view(request, &data);
}
void RBACController::render_rank_view(Request *request, RBACAdminRankViewData *data) {
int id = 0;
String name = "";
String name_internal = "";
String settings = "";
int base_permissions = 0;
int rank_permissions = 0;
if (data->rank.is_valid()) {
id = data->rank->id;
name = data->rank->name;
name_internal = data->rank->name_internal;
settings = data->rank->settings;
base_permissions = data->rank->base_permissions;
rank_permissions = data->rank->rank_permissions;
}
HTMLBuilder b;
b.h4()->f()->a()->href(request->get_url_root_parent())->f()->w("<- Back")->ca()->ch4();
b.h4()->f()->w("RBAC Editor")->ch4();
b.div()->cls("messages");
for (int i = 0; i < data->messages.size(); ++i) {
b.w(data->messages[i])->br();
}
b.cdiv();
b.form()->method("POST")->action(request->get_url_root() + String::num(id));
{
b.csrf_token(request);
//b.input()->type("hidden")->name("id")->value(String::num(id))->f()->cinput();
b.w("Name:")->br();
b.input()->type("text")->name("name")->value(name)->f()->br();
b.w("Name (Internal):")->br();
b.input()->type("text")->name("name_internal")->value(name_internal)->f()->cinput()->br();
b.w("Custom Settings:")->br();
b.input()->type("text")->name("settings")->value(settings)->f()->cinput()->br();
b.w("Base Permissions:")->br();
for (int i = 0; i < _registered_permissions.size(); ++i) {
String checkbox_name = "perm_check_" + String::num(i);
b.input()->type("checkbox")->name(checkbox_name)->value(checkbox_name)->id(checkbox_name)->checked((base_permissions & _registered_permissions[i].value) != 0);
b.label()->fora(checkbox_name)->f()->w(_registered_permissions[i].name)->clabel();
}
b.br();
b.w("Rank Permissions:")->br();
for (int i = 0; i < _registered_rank_permissions.size(); ++i) {
String checkbox_name = "perm_rank_check_" + String::num(i);
b.input()->type("checkbox")->name(checkbox_name)->value(checkbox_name)->id(checkbox_name)->checked((rank_permissions & _registered_rank_permissions[i].value) != 0);
b.label()->fora(checkbox_name)->f()->w(_registered_rank_permissions[i].name)->clabel();
}
b.br();
b.input()->type("submit")->value("Save");
}
b.cform();
request->body += b.result;
}
void RBACController::admin_permission_editor(Request *request) {
String seg = request->get_current_path_segment();
//check whether it's numeric
//if (!seg.is)
int id = seg.to_int();
if (id == 0) {
RLOG_MSG("RBACController::admin_permission_editor: id == 0!\n");
request->send_redirect(request->get_url_root_parent());
return;
}
Ref<RBACRank> rank = _ranks[id];
if (!rank.is_valid()) {
RLOG_MSG("RBACController::admin_permission_editor: !rank.is_valid()\n");
request->send_redirect(request->get_url_root_parent());
return;
}
RBACAdminEditPermissionView data;
data.rank = rank;
request->push_path();
String segn = request->get_current_path_segment();
if (segn == "") {
admin_render_permission_editor_main_view(request, &data);
return;
}
if (segn == "new") {
request->push_path();
if (request->get_method() == HTTP_METHOD_POST) {
if (admin_process_permission_editor_entry_edit_create_post(request, &data)) {
return;
}
}
admin_render_permission_editor_entry_edit_create_view(request, &data);
return;
}
if (segn.is_uint()) {
int perm_index = segn.to_int();
request->push_path();
if (perm_index < 0 || perm_index >= rank->permissions.size()) {
RLOG_ERR("(perm_index < 0 || perm_index >= rank->permissions.size())!\n");
request->send_redirect(request->get_url_root_parent());
return;
}
data.permission = rank->permissions[perm_index];
if (!data.permission.is_valid()) {
RLOG_ERR("(!data.permission.is_valid()\n");
request->send_error(503);
return;
}
if (request->get_method() == HTTP_METHOD_POST) {
if (admin_process_permission_editor_entry_edit_create_post(request, &data)) {
return;
}
}
admin_render_permission_editor_entry_edit_create_view(request, &data);
return;
}
request->send_error(404);
}
void RBACController::admin_render_permission_editor_main_view(Request *request, RBACAdminEditPermissionView *data) {
HTMLBuilder b;
Ref<RBACRank> rank = data->rank;
b.h4()->f()->a()->href(request->get_url_root_parent(2))->f()->w("<- Back")->ca()->ch4();
b.h4()->f()->w("RBAC Editor")->ch4();
b.div()->cls("heading");
{
b.w("[ Id ]: ")->wn(rank->id)->w(", [ Name ]: ")->w(rank->name)->w(", [ Name Internal ]: ")->w(rank->name_internal);
}
b.cdiv();
b.br();
for (int i = 0; i < rank->permissions.size(); ++i) {
Ref<RBACPermission> perm = rank->permissions[i];
if (!perm.is_valid()) {
RLOG_ERR("RBACController::admin_render_permission_editor_main_view: !perm.is_valid()\n");
continue;
}
b.div()->cls("row");
{
b.a()->href(request->get_url_root() + String::num(i));
b.w("-- Rank: [ Id ]: ")->wn(perm->id)->w(", [ Rank Id ]: ")->wn(perm->rank_id)->w(", [ Name ]: ")->w(perm->name);
b.w(" [ URL ]: ")->w(perm->url)->w(", [ Sort Order ]: ")->wn(perm->sort_order);
b.w(" [ Permissions ]: ");
int pcount = 0;
int perms = perm->permissions;
for (int i = 0; i < _registered_permissions.size(); ++i) {
if ((_registered_permissions[i].value & perms) != 0) {
if (pcount > 0) {
b.w(", ");
}
b.w(_registered_permissions[i].name);
++pcount;
}
}
if (pcount == 0) {
b.w("- None -");
}
b.ca();
}
b.cdiv();
}
b.br();
b.a()->href(request->get_url_root("new"));
b.w("New Permission");
b.ca();
request->body += b.result;
}
void RBACController::admin_render_permission_editor_entry_edit_create_view(Request *request, RBACAdminEditPermissionView *data) {
HTMLBuilder b;
Ref<RBACRank> rank = data->rank;
Ref<RBACPermission> perm = data->permission;
String name;
String url;
int sort_order = 0;
int permissions = 0;
if (perm.is_valid()) {
name = perm->name;
url = perm->url;
sort_order = perm->sort_order;
permissions = perm->permissions;
}
b.h4()->f()->a()->href(request->get_url_root_parent())->f()->w("<- Back")->ca()->ch4();
b.h4()->f()->w("RBAC Editor")->ch4();
b.br();
b.div()->cls("messages");
for (int i = 0; i < data->messages.size(); ++i) {
b.w(data->messages[i])->br();
}
b.cdiv();
b.br();
b.div()->cls("heading");
{
b.w("Rank: [ Id ]: ")->wn(rank->id)->w(", [ Name ]: ")->w(rank->name)->w(", [ Name Internal ]: ")->w(rank->name_internal);
}
b.cdiv();
b.br();
b.form()->method("POST")->action(request->get_url_root());
{
b.csrf_token(request);
b.w("Name:")->br();
b.input()->type("text")->name("name")->value(name)->f()->br();
b.w("URL:")->br();
b.input()->type("text")->name("url")->value(url)->f()->cinput()->br();
b.w("Permissions:")->br();
for (int i = 0; i < _registered_permissions.size(); ++i) {
String checkbox_name = "perm_check_" + String::num(i);
b.input()->type("checkbox")->name(checkbox_name)->value(checkbox_name)->id(checkbox_name)->checked((permissions & _registered_permissions[i].value) != 0);
b.label()->fora(checkbox_name)->f()->w(_registered_permissions[i].name)->clabel();
}
b.br();
b.input()->type("submit")->value("Save");
}
b.cform();
request->body += b.result;
}
bool RBACController::admin_process_permission_editor_entry_edit_create_post(Request *request, RBACAdminEditPermissionView *data) {
Ref<RBACRank> rank = data->rank;
Ref<RBACPermission> perm = data->permission;
if (!perm.is_valid()) {
perm.instance();
perm->rank_id = rank->id;
if (rank->permissions.size() > 0) {
Ref<RBACPermission> p = rank->permissions[rank->permissions.size() - 1];
perm->sort_order = p->sort_order + 1;
}
rank->permissions.push_back(perm);
}
perm->name = request->get_parameter("name");
perm->url = request->get_parameter("url");
int permissions = 0;
for (int i = 0; i < _registered_permissions.size(); ++i) {
String param = request->get_parameter("perm_check_" + String::num(i));
if (param != "") {
permissions |= _registered_permissions[i].value;
}
}
perm->permissions = permissions;
//set this up in the form by default
//perm->sort_order = request->get_parameter("sort_order").to_int();
db_save_permission(perm);
if (perm->id == 0) {
RLOG_ERR("RBACController::admin_process_permission_editor_entry_edit_create_post: perm->id == 0!\n");
}
request->send_redirect(request->get_url_root_parent());
return true;
}
void RBACController::admin_render_rank_list(Request *request) {
HTMLBuilder b;
b.h4()->f()->a()->href(request->get_url_root_parent())->f()->w("<- Back")->ca()->ch4();
b.h4()->f()->w("RBAC Editor")->ch4();
for (std::map<int, Ref<RBACRank> >::iterator p = _ranks.begin(); p != _ranks.end(); p++) {
Ref<RBACRank> r = p->second;
if (!r.is_valid()) {
continue;
}
b.div()->cls("row");
{
b.a()->href(request->get_url_root("permission_editor/") + String::num(r->id));
b.w("[ Id ]: ")->wn(r->id)->w(", [ Name ]: ")->w(r->name)->w(", [ Name Internal ]: ")->w(r->name_internal);
b.w(", [ Base Permissions ]: ");
int pcount = 0;
int perms = r->base_permissions;
for (int i = 0; i < _registered_permissions.size(); ++i) {
if ((_registered_permissions[i].value & perms) != 0) {
if (pcount > 0) {
b.w(", ");
}
b.w(_registered_permissions[i].name);
++pcount;
}
}
if (pcount == 0) {
b.w("- None -");
}
b.w(", [ Rank Permissions ]: ");
pcount = 0;
perms = r->rank_permissions;
for (int i = 0; i < _registered_rank_permissions.size(); ++i) {
if ((_registered_rank_permissions[i].value & perms) != 0) {
if (pcount > 0) {
b.w(", ");
}
b.w(_registered_rank_permissions[i].name);
++pcount;
}
}
if (pcount == 0) {
b.w("- None -");
}
b.ca();
b.w(" - ");
b.a()->href(request->get_url_root("edit_rank/") + String::num(r->id));
b.w("[ Edit ]");
b.ca();
}
b.cdiv();
}
b.br();
b.a()->href(request->get_url_root("new_rank"));
b.w("New Rank");
b.ca();
request->body += b.result;
}
void RBACController::admin_render_rank_editor(Request *request) {
}
String RBACController::admin_get_section_name() {
return "Role Based Access Control";
}
void RBACController::admin_add_section_links(Vector<AdminSectionLinkInfo> *links) {
links->push_back(AdminSectionLinkInfo("Editor", ""));
}
void RBACController::register_permission(const String &name, const int val) {
_registered_permissions.push_back(PermissionEntry(name, val));
}
void RBACController::register_rank_permission(const String &name, const int val) {
_registered_rank_permissions.push_back(PermissionEntry(name, val));
}
void RBACController::clear_registered_permissions() {
_registered_permissions.clear();
_registered_rank_permissions.clear();
}
void RBACController::initialize() {
_ranks = db_load_ranks();
_default_rank_id = db_get_default_rank();
_default_user_rank_id = db_get_default_user_rank();
register_permissions();
}
void RBACController::register_permissions() {
register_permission("Create", User::PERMISSION_CREATE);
register_permission("Read", User::PERMISSION_READ);
register_permission("Update", User::PERMISSION_UPDATE);
register_permission("Delete", User::PERMISSION_DELETE);
register_rank_permission("Admin Panel", RBAC_RANK_PERMISSION_ADMIN_PANEL);
register_rank_permission("Use Redirect", RBAC_RANK_PERMISSION_USE_REDIRECT);
}
Ref<RBACRank> RBACController::get_rank(int rank_id) {
return _ranks[rank_id];
}
int RBACController::get_default_user_rank_id() {
return _default_user_rank_id;
}
Ref<RBACRank> RBACController::get_default_user_rank() {
return _ranks[get_default_user_rank_id()];
}
int RBACController::get_default_rank_id() {
return _default_rank_id;
}
Ref<RBACRank> RBACController::get_default_rank() {
return _ranks[get_default_rank_id()];
}
String &RBACController::get_redirect_url() {
return _redirect_url;
}
bool RBACController::continue_on_missing_default_rank() {
//todo, add setting
return false;
}
//DB
std::map<int, Ref<RBACRank> > RBACController::db_load_ranks() {
std::map<int, Ref<RBACRank> > ranks;
Ref<QueryBuilder> qb = get_query_builder();
qb->select("id,name,name_internal,settings,base_permissions,rank_permissions")->from(_rbac_ranks_table);
Ref<QueryResult> res = qb->run();
while (res->next_row()) {
Ref<RBACRank> r;
r.instance();
r->id = res->get_cell_int(0);
r->name = res->get_cell_str(1);
r->name_internal = res->get_cell_str(2);
r->settings = res->get_cell_str(3);
r->base_permissions = res->get_cell_int(4);
r->rank_permissions = res->get_cell_int(5);
ranks[r->id] = r;
}
qb->reset();
qb->select("id,rank_id,name,url,sort_order,permissions")->from(_rbac_permissions_table);
res = qb->run();
while (res->next_row()) {
Ref<RBACPermission> p;
p.instance();
p->id = res->get_cell_int(0);
p->rank_id = res->get_cell_int(1);
p->name = res->get_cell_str(2);
p->url = res->get_cell_str(3);
p->sort_order = res->get_cell_int(4);
p->permissions = res->get_cell_int(5);
Ref<RBACRank> r = ranks[p->rank_id];
if (!r.is_valid()) {
RLOG_ERR("RBACModel::load_permissions: !r.is_valid()!");
continue;
}
r->permissions.push_back(p);
}
for (std::map<int, Ref<RBACRank> >::iterator i = ranks.begin(); i != ranks.end(); ++i) {
Ref<RBACRank> r = i->second;
if (r.is_valid()) {
r->sort_permissions();
}
}
return ranks;
}
void RBACController::db_save(const Ref<RBACRank> &rank) {
db_save_rank(rank);
for (int i = 0; i < rank->permissions.size(); ++i) {
Ref<RBACPermission> permission = rank->permissions[i];
int rid = rank->id;
if (permission->rank_id != rid) {
permission->rank_id = rid;
}
db_save_permission(permission);
}
}
void RBACController::db_save_rank(const Ref<RBACRank> &rank) {
Ref<QueryBuilder> qb = get_query_builder();
if (rank->id == 0) {
qb->insert(_rbac_ranks_table, "name,name_internal,settings,base_permissions,rank_permissions")->values();
qb->val(rank->name)->val(rank->name_internal)->val(rank->settings)->val(rank->base_permissions)->val(rank->rank_permissions);
qb->cvalues();
qb->select_last_insert_id();
Ref<QueryResult> res = qb->run();
//qb->print();
Ref<RBACRank> r = rank;
r->id = res->get_last_insert_rowid();
} else {
qb->update(_rbac_ranks_table)->set();
qb->setp("name", rank->name);
qb->setp("name_internal", rank->name_internal);
qb->setp("settings", rank->settings);
qb->setp("base_permissions", rank->base_permissions);
qb->setp("rank_permissions", rank->rank_permissions);
qb->cset();
qb->where()->wp("id", rank->id);
qb->end_command();
qb->run_query();
//qb->print();
}
}
void RBACController::db_save_permission(const Ref<RBACPermission> &permission) {
Ref<QueryBuilder> qb = get_query_builder();
if (permission->id == 0) {
qb->insert(_rbac_permissions_table, "rank_id,name,url,sort_order,permissions")->values();
qb->val(permission->rank_id)->val(permission->name)->val(permission->url);
qb->val(permission->sort_order)->val(permission->permissions);
qb->cvalues();
qb->select_last_insert_id();
Ref<QueryResult> res = qb->run();
//qb->print();
Ref<RBACPermission> r = permission;
r->id = res->get_last_insert_rowid();
} else {
qb->update(_rbac_permissions_table)->set();
qb->setp("rank_id", permission->rank_id);
qb->setp("name", permission->name);
qb->setp("url", permission->url);
qb->setp("sort_order", permission->sort_order);
qb->setp("permissions", permission->permissions);
qb->cset();
qb->where()->wp("id", permission->id);
qb->end_command();
qb->run_query();
//qb->print();
}
}
int RBACController::db_get_default_rank() {
//todo, load this, and save it to a table (probably a new settings class)
return 3;
}
int RBACController::db_get_default_user_rank() {
//todo, load this, and save it to a table (probably a new settings class)
return 2;
}
String RBACController::db_get_redirect_url() {
//todo, load this, and save it to a table (probably a new settings class)
return String("/user/login");
}
void RBACController::create_table() {
Ref<TableBuilder> tb = get_table_builder();
tb->create_table(_rbac_ranks_table);
tb->integer("id")->auto_increment()->next_row();
tb->varchar("name", 60)->not_null()->next_row();
tb->varchar("name_internal", 100)->not_null()->next_row();
tb->varchar("settings", 200)->not_null()->next_row();
tb->integer("base_permissions")->not_null()->next_row();
tb->integer("rank_permissions")->not_null()->next_row();
tb->primary_key("id");
tb->ccreate_table();
//tb->run_query();
//tb->print();
//tb->result = "";
tb->create_table(_rbac_permissions_table);
tb->integer("id")->auto_increment()->next_row();
tb->integer("rank_id")->not_null()->next_row();
tb->varchar("name", 60)->not_null()->next_row();
tb->varchar("url", 100)->not_null()->next_row();
tb->integer("sort_order")->not_null()->next_row();
tb->integer("permissions")->not_null()->next_row();
tb->primary_key("id");
tb->foreign_key("rank_id")->references(_rbac_ranks_table, "id");
tb->ccreate_table();
tb->run_query();
//tb->print();
}
void RBACController::drop_table() {
Ref<TableBuilder> tb = get_table_builder();
tb->drop_table_if_exists(_rbac_permissions_table)->drop_table_if_exists(_rbac_ranks_table)->run_query();
//tb->print();
}
void RBACController::create_default_entries() {
Ref<RBACRank> admin;
admin.instance();
admin->name = "Admin";
admin->base_permissions = User::PERMISSION_ALL;
admin->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;
db_save_rank(admin);
Ref<RBACRank> user;
user.instance();
user->name = "User";
//user->base_permissions = User::PERMISSION_READ;
//user->rank_permissions = 0;
//temporary!
user->base_permissions = User::PERMISSION_ALL;
user->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;
db_save_rank(user);
Ref<RBACRank> guest;
guest.instance();
guest->name = "Guest";
guest->base_permissions = User::PERMISSION_READ;
guest->rank_permissions = RBAC_RANK_PERMISSION_USE_REDIRECT;
db_save_rank(guest);
}
RBACController *RBACController::get_singleton() {
return _self;
}
RBACController::RBACController() :
AdminNode() {
if (_self) {
printf("RBACController::RBACController(): Error! self is not null!/n");
}
_default_rank_id = 0;
_default_user_rank_id = 0;
_rbac_ranks_table = "rbac_ranks";
_rbac_permissions_table = "rbac_permissions";
_self = this;
}
RBACController::~RBACController() {
if (_self == this) {
_self = nullptr;
}
}
RBACController *RBACController::_self = nullptr;

View File

@ -1,127 +0,0 @@
#ifndef RBAC_CONTROLLER_H
#define RBAC_CONTROLLER_H
#include <map>
#include "web_modules/admin_panel/admin_node.h"
#include "core/containers/vector.h"
#include "core/string.h"
#include "rbac_permission.h"
#include "rbac_rank.h"
class Request;
class FormValidator;
class RBACController : public AdminNode {
RCPP_OBJECT(RBACController, AdminNode);
public:
void handle_request_main(Request *request);
void create_validators();
void admin_handle_request_main(Request *request);
String admin_get_section_name();
void admin_add_section_links(Vector<AdminSectionLinkInfo> *links);
struct RBACAdminRankViewData {
Ref<RBACRank> rank;
Vector<String> messages;
int id = 0;
String name = "";
String name_internal = "";
String settings = "";
int rank_permissions = 0;
};
void admin_handle_new_rank(Request *request);
void admin_handle_edit_rank(Request *request);
void render_rank_view(Request *request, RBACAdminRankViewData *data);
struct RBACAdminEditPermissionView {
Ref<RBACRank> rank;
Ref<RBACPermission> permission;
Vector<String> messages;
int rank_id = 0;
int permission_id = 0;
};
void admin_permission_editor(Request *request);
void admin_render_permission_editor_main_view(Request *request, RBACAdminEditPermissionView *data);
void admin_render_permission_editor_entry_edit_create_view(Request *request, RBACAdminEditPermissionView *data);
bool admin_process_permission_editor_entry_edit_create_post(Request *request, RBACAdminEditPermissionView *data);
void admin_render_rank_list(Request *request);
void admin_render_rank_editor(Request *request);
void register_permission(const String &name, const int val);
void register_rank_permission(const String &name, const int val);
void clear_registered_permissions();
void initialize();
virtual void register_permissions();
Ref<RBACRank> get_rank(int rank_id);
int get_default_user_rank_id();
Ref<RBACRank> get_default_user_rank();
int get_default_rank_id();
Ref<RBACRank> get_default_rank();
String &get_redirect_url();
bool continue_on_missing_default_rank();
// db
virtual std::map<int, Ref<RBACRank> > db_load_ranks();
virtual void db_save(const Ref<RBACRank> &rank);
virtual void db_save_rank(const Ref<RBACRank> &rank);
virtual void db_save_permission(const Ref<RBACPermission> &permission);
virtual int db_get_default_rank();
virtual int db_get_default_user_rank();
virtual String db_get_redirect_url();
void create_table();
void drop_table();
void create_default_entries();
static RBACController *get_singleton();
RBACController();
~RBACController();
protected:
static RBACController *_self;
int _default_rank_id;
int _default_user_rank_id;
std::map<int, Ref<RBACRank> > _ranks;
String _redirect_url;
struct PermissionEntry {
String name;
int value;
PermissionEntry() {
}
PermissionEntry(const String &p_name, const int p_val) {
name = p_name;
value = p_val;
}
};
String _rbac_ranks_table;
String _rbac_permissions_table;
Vector<PermissionEntry> _registered_permissions;
Vector<PermissionEntry> _registered_rank_permissions;
};
#endif

View File

@ -1,9 +0,0 @@
#ifndef RBAC_DEFAULT_PERMISSIONS_H
#define RBAC_DEFAULT_PERMISSIONS_H
enum RBACDefaultRankPermissions {
RBAC_RANK_PERMISSION_ADMIN_PANEL = 1 << 0,
RBAC_RANK_PERMISSION_USE_REDIRECT = 1 << 1,
};
#endif

View File

@ -1,21 +0,0 @@
#include "rbac_permission.h"
bool RBACPermission::is_smaller(const Ref<RBACPermission> &b) const {
if (!b.is_valid()) {
return true;
}
return sort_order < b->sort_order;
}
RBACPermission::RBACPermission() :
Resource() {
id = 0;
rank_id = 0;
sort_order = 0;
permissions = 0;
}
RBACPermission::~RBACPermission() {
}

View File

@ -1,25 +0,0 @@
#ifndef RBAC_PERMISSION_H
#define RBAC_PERMISSION_H
#include "core/string.h"
#include "core/resource.h"
class RBACPermission : public Resource {
RCPP_OBJECT(RBACPermission, Resource);
public:
int id;
int rank_id;
String name;
String url;
int sort_order;
int permissions;
bool is_smaller(const Ref<RBACPermission> &b) const;
RBACPermission();
~RBACPermission();
};
#endif

View File

@ -1,77 +0,0 @@
#include "rbac_rank.h"
#include "web/http/request.h"
Ref<RBACPermission> RBACRank::match_request(Request *request) {
const String &full_path = request->get_path_full();
Ref<RBACPermission> perm;
int current_max = 0;
for (int i = 0; i < permissions.size(); ++i) {
Ref<RBACPermission> p;
if (!p.is_valid()) {
continue;
}
int c = full_path.first_difference_index(p->url);
if (c > current_max) {
perm = p;
current_max = c;
}
}
return perm;
}
bool RBACRank::get_permissions(Request *request) {
int perm = base_permissions;
Ref<RBACPermission> match = match_request(request);
if (match.is_valid()) {
perm = match->permissions;
}
return perm;
}
bool RBACRank::has_permission(Request *request, const int permission) {
int perm = base_permissions;
Ref<RBACPermission> match = match_request(request);
if (match.is_valid()) {
perm = match->permissions;
}
return (perm & permission) != 0;
}
bool RBACRank::has_rank_permission(const int permission) {
return (rank_permissions & permission) != 0;
}
void RBACRank::sort_permissions() {
for (int i = 0; i < permissions.size(); ++i) {
for (int j = i + 1; j < permissions.size(); ++j) {
if (permissions[j]->is_smaller(permissions[i])) {
permissions.swap(i, j);
}
}
}
}
RBACRank::RBACRank() :
Resource() {
id = 0;
base_permissions = 0;
rank_permissions = 0;
}
RBACRank::~RBACRank() {
permissions.clear();
}

View File

@ -1,40 +0,0 @@
#ifndef RBAC_RANK_H
#define RBAC_RANK_H
#include "core/string.h"
#include "core/containers/vector.h"
#include "core/resource.h"
#include "rbac_permission.h"
class Request;
class RBACRank : public Resource {
RCPP_OBJECT(RBACRank, Resource);
public:
int id;
String name;
String name_internal;
String settings;
int base_permissions;
int rank_permissions;
Vector<Ref<RBACPermission> > permissions;
Ref<RBACPermission> match_request(Request *request);
bool get_permissions(Request *request);
bool has_permission(Request *request, const int permission);
bool has_rank_permission(const int permission);
void sort_permissions();
RBACRank();
~RBACRank();
};
#endif

View File

@ -1,37 +0,0 @@
#include "rbac_user.h"
int RBACUser::get_permissions(Request *request) {
if (!rbac_rank.is_valid()) {
return 0;
}
return rbac_rank->get_permissions(request);
}
bool RBACUser::has_permission(Request *request, const int permission) {
if (!rbac_rank.is_valid()) {
return false;
}
return rbac_rank->has_permission(request, permission);
}
int RBACUser::get_additional_permissions(Request *request) {
if (!rbac_rank.is_valid()) {
return 0;
}
return rbac_rank->rank_permissions;
}
bool RBACUser::has_additional_permission(Request *request, const int permission) {
if (!rbac_rank.is_valid()) {
return false;
}
return rbac_rank->rank_permissions & permission;
}
RBACUser::RBACUser() :
User() {
}
RBACUser::~RBACUser() {
}

View File

@ -1,27 +0,0 @@
#ifndef RBAC_USER_H
#define RBAC_USER_H
#include "core/string.h"
#include "web_modules/users/user.h"
#include "web_modules/rbac/rbac_rank.h"
class Request;
class FormValidator;
class RBACUser : public User {
RCPP_OBJECT(RBACUser, User);
public:
Ref<RBACRank> rbac_rank;
int get_permissions(Request *request);
bool has_permission(Request *request, const int permission);
int get_additional_permissions(Request *request);
bool has_additional_permission(Request *request, const int permission);
RBACUser();
~RBACUser();
};
#endif

View File

@ -1,146 +0,0 @@
#include "rbac_user_controller.h"
#include "web/http/http_session.h"
#include "web/http/request.h"
#include "web_modules/rbac/rbac_controller.h"
#include "web_modules/rbac/rbac_default_permissions.h"
#include "rbac_user.h"
Ref<User> RBACUserController::db_get_user(const int id) {
Ref<RBACUser> u = UserController::db_get_user(id);
if (u.is_valid()) {
u->rbac_rank = RBACController::get_singleton()->get_rank(u->rank);
}
return u;
}
Ref<User> RBACUserController::db_get_user(const String &user_name_input) {
Ref<RBACUser> u = UserController::db_get_user(user_name_input);
if (u.is_valid()) {
u->rbac_rank = RBACController::get_singleton()->get_rank(u->rank);
}
return u;
}
Vector<Ref<User> > RBACUserController::db_get_all() {
Vector<Ref<User> > users = UserController::db_get_all();
for (int i = 0; i < users.size(); ++i) {
Ref<RBACUser> u = users[i];
if (u.is_valid()) {
u->rbac_rank = RBACController::get_singleton()->get_rank(u->rank);
}
}
return users;
}
Ref<User> RBACUserController::create_user() {
Ref<RBACUser> u;
u.instance();
u->rank = RBACController::get_singleton()->get_default_user_rank_id();
u->rbac_rank = RBACController::get_singleton()->get_rank(u->rank);
return u;
}
RBACUserController::RBACUserController() :
UserController() {
}
RBACUserController::~RBACUserController() {
}
// returnring true means handled, false means continue
bool RBACUserSessionSetupMiddleware::on_before_handle_request_main(Request *request) {
if (request->session.is_valid()) {
int user_id = request->session->get_int("user_id");
if (user_id != 0) {
Ref<RBACUser> u = UserController::get_singleton()->db_get_user(user_id);
if (u.is_valid()) {
request->reference_data["user"] = u;
} else {
// log
request->session->remove("user_id");
}
}
}
return false;
}
RBACUserSessionSetupMiddleware::RBACUserSessionSetupMiddleware() {
}
RBACUserSessionSetupMiddleware::~RBACUserSessionSetupMiddleware() {
}
// returnring true means handled, false means continue
bool RBACDefaultUserSessionSetupMiddleware::on_before_handle_request_main(Request *request) {
// note: add a new file handler middleware func, so basic file handling is easy to set up before this
Ref<RBACRank> rank;
if (request->session.is_valid()) {
int user_id = request->session->get_int("user_id");
if (user_id != 0) {
Ref<RBACUser> u = UserController::get_singleton()->db_get_user(user_id);
if (u.is_valid()) {
rank = u->rbac_rank;
request->reference_data["user"] = u;
} else {
// log
request->session->remove("user_id");
}
}
}
if (!rank.is_valid()) {
rank = RBACController::get_singleton()->get_default_rank();
if (!rank.is_valid()) {
if (RBACController::get_singleton()->continue_on_missing_default_rank()) {
RLOG_ERR("get_default_rank() has not been set up properly!!! Continuing!");
return false;
} else {
RLOG_ERR("get_default_rank() has not been set up properly!!! Sending 404!");
request->send_error(404);
return true;
}
}
}
if (!rank->has_permission(request, User::PERMISSION_READ)) {
if (rank->has_rank_permission(RBAC_RANK_PERMISSION_USE_REDIRECT)) {
// Note this can make the webapp prone to enumerations, if not done correctly
// e.g. redirect from /admin, but sending 404 on a non existing uri, which does not have
// a special rbac entry
request->send_redirect(RBACController::get_singleton()->get_redirect_url());
return true;
}
request->send_error(404);
return true;
}
return false;
}
RBACDefaultUserSessionSetupMiddleware::RBACDefaultUserSessionSetupMiddleware() {
}
RBACDefaultUserSessionSetupMiddleware::~RBACDefaultUserSessionSetupMiddleware() {
}

View File

@ -1,54 +0,0 @@
#ifndef RBAC_USER_CONTROLLER_H
#define RBAC_USER_CONTROLLER_H
#include "web_modules/users/user_controller.h"
#include "web/http/middleware.h"
class Request;
class RBACUserController : public UserController {
RCPP_OBJECT(RBACUserController, UserController);
public:
// db
Ref<User> db_get_user(const int id);
Ref<User> db_get_user(const String &user_name_input);
Vector<Ref<User> > db_get_all();
Ref<User> create_user();
RBACUserController();
~RBACUserController();
protected:
};
// just session setup
class RBACUserSessionSetupMiddleware : public Middleware {
RCPP_OBJECT(RBACUserSessionSetupMiddleware, Middleware);
public:
//returnring true means handled, false means continue
bool on_before_handle_request_main(Request *request);
RBACUserSessionSetupMiddleware();
~RBACUserSessionSetupMiddleware();
};
// this one also handles missing read permission / redirect
class RBACDefaultUserSessionSetupMiddleware : public Middleware {
RCPP_OBJECT(RBACDefaultUserSessionSetupMiddleware, Middleware);
public:
//returnring true means handled, false means continue
bool on_before_handle_request_main(Request *request);
RBACDefaultUserSessionSetupMiddleware();
~RBACDefaultUserSessionSetupMiddleware();
};
#endif