From: Andrea Zagli Date: Thu, 24 Jun 2010 20:34:40 +0000 (+0200) Subject: Managed role's parents. X-Git-Tag: 0.0.1~14 X-Git-Url: https://saetta.ns0.it/gitweb?a=commitdiff_plain;h=f8e9e4fdb8594629bca69b756873a29b1da4ca29;p=zakautho%2Flibzakautho Managed role's parents. --- diff --git a/src/autoz.c b/src/autoz.c index f4070bb..c52fa99 100644 --- a/src/autoz.c +++ b/src/autoz.c @@ -28,14 +28,14 @@ typedef struct _Role Role; struct _Role { AutozIRole *irole; - GList *parents; + GList *parents; /* struct Role */ }; typedef struct _Resource Resource; struct _Resource { AutozIResource *iresource; - GList *parents; + GList *parents; /* struct Resource */ }; typedef struct _Rule Rule; @@ -62,10 +62,10 @@ static void autoz_get_property (GObject *object, typedef struct _AutozPrivate AutozPrivate; struct _AutozPrivate { - GHashTable *roles; - GHashTable *resources; + GHashTable *roles; /* struct Role */ + GHashTable *resources; /* struct Resource */ - GHashTable *rules; + GHashTable *rules; /* struct Rule */ }; G_DEFINE_TYPE (Autoz, autoz, G_TYPE_OBJECT) @@ -207,7 +207,48 @@ autoz_allow (Autoz *autoz, AutozIRole *irole, AutozIResource *iresource) g_hash_table_insert (priv->rules, str_id, r); } } - + +static gboolean +_autoz_is_allowed (Autoz *autoz, Role *role, Resource *resource) +{ + gboolean ret; + + gchar *str_id; + + AutozPrivate *priv = AUTOZ_GET_PRIVATE (autoz); + + ret = FALSE; + + str_id = g_strconcat (autoz_irole_get_role_id (role->irole), + "|", + autoz_iresource_get_resource_id (resource->iresource), + NULL); + + if (g_hash_table_lookup (priv->rules, str_id) != NULL) + { + ret = TRUE; + } + else if (role->parents != NULL) + { + /* trying parents */ + GList *parents; + + parents = g_list_first (role->parents); + while (parents != NULL) + { + if (_autoz_is_allowed (autoz, (Role *)parents->data, resource)) + { + ret = TRUE; + break; + } + + parents = g_list_next (parents); + } + } + + return ret; +} + gboolean autoz_is_allowed (Autoz *autoz, AutozIRole *irole, AutozIResource *iresource) { @@ -242,6 +283,23 @@ autoz_is_allowed (Autoz *autoz, AutozIRole *irole, AutozIResource *iresource) { ret = TRUE; } + else if (role->parents != NULL) + { + /* trying parents */ + GList *parents; + + parents = g_list_first (role->parents); + while (parents != NULL) + { + if (_autoz_is_allowed (autoz, (Role *)parents->data, resource)) + { + ret = TRUE; + break; + } + + parents = g_list_next (parents); + } + } return ret; } diff --git a/tests/test.c b/tests/test.c index e8597e2..8559638 100644 --- a/tests/test.c +++ b/tests/test.c @@ -37,7 +37,9 @@ main (int argc, char **argv) autoz_add_role (autoz, AUTOZ_IROLE (role_writer)); role_writer_child = autoz_role_new ("writer-child"); - autoz_add_role_with_parents (autoz, AUTOZ_IROLE (role_writer_child), AUTOZ_IROLE (role_writer), NULL); + autoz_add_role_with_parents (autoz, AUTOZ_IROLE (role_writer_child), + AUTOZ_IROLE (role_writer), + NULL); role_read_only = autoz_role_new ("read-only"); autoz_add_role (autoz, AUTOZ_IROLE (role_read_only));