qt6/cutelyst3/roleacl_8cpp_source.html

 /*

  * SPDX-FileCopyrightText: (C) 2014-2022 Daniel Nicoletti <dantti12@gmail.com>

  * SPDX-License-Identifier: BSD-3-Clause

  */

 #include "roleacl_p.h"


 #include "common.h"


 #include <Cutelyst/Plugins/Authentication/authentication.h>

 #include <Cutelyst/Controller>

 #include <Cutelyst/Dispatcher>


 using namespace Cutelyst;


 RoleACL::RoleACL(QObject *parent) : Component(new RoleACLPrivate, parent)

 {

 }


 Component::Modifiers RoleACL::modifiers() const

 {

     return AroundExecute;

 }


 bool RoleACL::init(Cutelyst::Application *application, const QVariantHash &args)

 {

     Q_D(RoleACL);

     Q_UNUSED(application)


     const auto attributes = args.value(QLatin1String("attributes")).value<ParamsMultiMap>();

     d->actionReverse = args.value(QLatin1String("reverse")).toString();


     if (!attributes.contains(QLatin1String("RequiresRole")) && !attributes.contains(QLatin1String("AllowedRole"))) {

         qFatal("RoleACL: Action %s requires at least one RequiresRole or AllowedRole attribute", qPrintable(d->actionReverse));

     } else {

         const QStringList required = attributes.values(QLatin1String("RequiresRole"));

         for (const QString &role : required) {

             d->requiresRole.append(role);

         }


         const QStringList allowed = attributes.values(QLatin1String("AllowedRole"));

         for (const QString &role : allowed) {

             d->allowedRole.append(role);

         }

     }


     auto it = attributes.constFind(QLatin1String("ACLDetachTo"));

     if (it == attributes.constEnd() || it.value().isEmpty()) {

         qFatal("RoleACL: Action %s requires the ACLDetachTo(<action>) attribute", qPrintable(d->actionReverse));

     }

     d->aclDetachTo = it.value();


     return true;

 }


 bool RoleACL::aroundExecute(Context *c, QStack<Cutelyst::Component *> stack)

 {

     Q_D(const RoleACL);


     if (canVisit(c)) {

         return Component::aroundExecute(c, stack);

     }


     c->detach(d->detachTo);


     return false;

 }


 bool RoleACL::canVisit(Context *c) const

 {

     Q_D(const RoleACL);


     const QStringList user_has = Authentication::user(c).value(QStringLiteral("roles")).toStringList();


     const QStringList required = d->requiresRole;

     const QStringList allowed = d->allowedRole;


     if (!required.isEmpty() && !allowed.isEmpty()) {

         for (const QString &role : required) {

             if (!user_has.contains(role)) {

                 return false;

             }

         }


         for (const QString &role : allowed) {

             if (user_has.contains(role)) {

                 return true;

             }

         }

     }  else if (!required.isEmpty()) {

         for (const QString &role : required) {

             if (!user_has.contains(role)) {

                 return false;

             }

         }

         return true;

     } else if (!allowed.isEmpty()) {

         for (const QString &role : allowed) {

             if (user_has.contains(role)) {

                 return true;

             }

         }

     }


     return false;

 }


 bool RoleACL::dispatcherReady(const Dispatcher *dispatcher, Cutelyst::Controller *controller)

 {

     Q_D(RoleACL);

     Q_UNUSED(dispatcher)


     d->detachTo = controller->actionFor(d->aclDetachTo);

     if (!d->detachTo) {

         d->detachTo = dispatcher->getActionByPath(d->aclDetachTo);

         if (!d->detachTo) {

             qFatal("RoleACL: Action '%s' requires a valid action set on the ACLDetachTo(%s) attribute",

                    qPrintable(d->actionReverse), qPrintable(d->aclDetachTo));

         }

     }


     return true;

 }


 #include "moc_roleacl.cpp"

Cutelyst::Application
The Cutelyst Application.
Definition: application.h:43

Cutelyst::Authentication::user
static AuthenticationUser user(Context *c)
Definition: authentication.cpp:102

Cutelyst::Component
The Cutelyst Component base class.
Definition: component.h:26

Cutelyst::Component::aroundExecute
virtual bool aroundExecute(Context *c, QStack< Component * > stack)
Definition: component.cpp:101

Cutelyst::Context
The Cutelyst Context.
Definition: context.h:39

Cutelyst::Context::detach
void detach(Action *action=nullptr)
Definition: context.cpp:339

Cutelyst::Controller
Cutelyst Controller base class
Definition: controller.h:90

Cutelyst::Controller::actionFor
Action * actionFor(const QString &name) const
Definition: controller.cpp:37

Cutelyst::Dispatcher
The Cutelyst Dispatcher.
Definition: dispatcher.h:28

Cutelyst::Dispatcher::getActionByPath
Action * getActionByPath(const QString &path) const
Definition: dispatcher.cpp:220

Cutelyst::RoleACL
User role-based authorization action class.
Definition: roleacl.h:19

Cutelyst::RoleACL::canVisit
bool canVisit(Context *c) const
Definition: roleacl.cpp:166

Cutelyst::RoleACL::init
virtual bool init(Application *application, const QVariantHash &args) override
Definition: roleacl.cpp:122

Cutelyst::RoleACL::RoleACL
RoleACL(QObject *parent=nullptr)
Definition: roleacl.cpp:113

Cutelyst::RoleACL::aroundExecute
virtual bool aroundExecute(Context *c, QStack< Component * > stack) override
Definition: roleacl.cpp:153

Cutelyst::RoleACL::modifiers
virtual Modifiers modifiers() const override
Definition: roleacl.cpp:117

Cutelyst::RoleACL::dispatcherReady
virtual bool dispatcherReady(const Dispatcher *dispatcher, Controller *controller) override
Definition: roleacl.cpp:205

Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition: Mainpage.dox:8

Cutelyst::ParamsMultiMap
QMultiMap< QString, QString > ParamsMultiMap
Definition: paramsmultimap.h:23