Statistics
| Branch: | Tag: | Revision:

one / src / authm / AclRule.cc @ bfaabf35

History | View | Annotate | Download (4.36 KB)

1
/* -------------------------------------------------------------------------- */
2
/* Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org)             */
3
/*                                                                            */
4
/* Licensed under the Apache License, Version 2.0 (the "License"); you may    */
5
/* not use this file except in compliance with the License. You may obtain    */
6
/* a copy of the License at                                                   */
7
/*                                                                            */
8
/* http://www.apache.org/licenses/LICENSE-2.0                                 */
9
/*                                                                            */
10
/* Unless required by applicable law or agreed to in writing, software        */
11
/* distributed under the License is distributed on an "AS IS" BASIS,          */
12
/* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   */
13
/* See the License for the specific language governing permissions and        */
14
/* limitations under the License.                                             */
15
/* -------------------------------------------------------------------------- */
16

    
17
#include "AclRule.h"
18
#include "AuthManager.h"
19
#include "NebulaLog.h"
20

    
21
/* -------------------------------------------------------------------------- */
22
/* -------------------------------------------------------------------------- */
23

    
24
const long long AclRule::INDIVIDUAL_ID  = 0x100000000LL;
25
const long long AclRule::GROUP_ID       = 0x200000000LL;
26
const long long AclRule::ALL_ID         = 0x400000000LL;
27

    
28
/* -------------------------------------------------------------------------- */
29
/* -------------------------------------------------------------------------- */
30

    
31
string AclRule::to_str() const
32
{
33
    ostringstream oss;
34

    
35
    oss << "USER:";
36
    if ( (user & GROUP_ID) != 0 )
37
    {
38
        oss << "@" << user_id();
39
    }
40
    else if ( (user & INDIVIDUAL_ID) != 0 )
41
    {
42
        oss << "#" << user_id();
43
    }
44
    else
45
    {
46
        oss << "*";
47
    }
48

    
49
    oss << " RESOURCE:";
50

    
51
    AuthRequest::Object objects[] = {
52
            AuthRequest::VM,
53
            AuthRequest::HOST,
54
            AuthRequest::NET,
55
            AuthRequest::IMAGE,
56
            AuthRequest::USER,
57
            AuthRequest::TEMPLATE,
58
            AuthRequest::GROUP,
59
            AuthRequest::ACL
60
    };
61

    
62
    bool prefix = false;
63

    
64
    for ( int i = 0; i < 8; i++ )
65
    {
66
        if ( (resource & objects[i]) != 0 )
67
        {
68
            if ( prefix )
69
            {
70
                oss << "+";
71
            }
72

    
73
            oss << AuthRequest::Object_to_str( objects[i] );
74
            prefix = true;
75
        }
76
    }
77

    
78
    oss << "/";
79

    
80
    if ( (resource & GROUP_ID) != 0 )
81
    {
82
        oss << "@" << resource_id();
83
    }
84
    else if ( (resource & INDIVIDUAL_ID) != 0 )
85
    {
86
        oss << "#" << resource_id();
87
    }
88
    else
89
    {
90
        oss << "*";
91
    }
92

    
93
    oss << " OPERATION:";
94

    
95

    
96
    AuthRequest::Operation operations[] = {
97
            AuthRequest::CREATE,
98
            AuthRequest::DELETE,
99
            AuthRequest::USE,
100
            AuthRequest::MANAGE,
101
            AuthRequest::INFO,
102
            AuthRequest::INFO_POOL,
103
            AuthRequest::INFO_POOL_MINE,
104
            AuthRequest::INSTANTIATE,
105
            AuthRequest::CHOWN
106
    };
107

    
108
    prefix = false;
109

    
110
    for ( int i = 0; i < 10; i++ )
111
    {
112
        if ( (rights & operations[i]) != 0 )
113
        {
114
            if ( prefix )
115
            {
116
                oss << "+";
117
            }
118

    
119
            oss << AuthRequest::Operation_to_str( operations[i] );
120
            prefix = true;
121
        }
122
    }
123

    
124
    return oss.str();
125
}
126

    
127
/* -------------------------------------------------------------------------- */
128
/* -------------------------------------------------------------------------- */
129

    
130
string& AclRule::to_xml(string& xml) const
131
{
132
    ostringstream   oss;
133

    
134
    oss <<
135
    "<RULE>"
136
       "<USER>"     << hex << user      << "</USER>"        <<
137
       "<RESOURCE>" << hex << resource  << "</RESOURCE>"    <<
138
       "<RIGHTS>"   << hex << rights    << "</RIGHTS>"      <<
139

    
140
       // TODO: Element DEBUG contains a human friendly string
141
       "<DEBUG>"    << to_str()         << "</DEBUG>"       <<
142

    
143
       "</RULE>";
144

    
145
    xml = oss.str();
146

    
147
    return xml;
148
}
149

    
150
/* -------------------------------------------------------------------------- */
151
/* -------------------------------------------------------------------------- */