PageRenderTime 25ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/ucengine/src/models/uce_access.erl

http://github.com/AF83/ucengine
Erlang | 126 lines | 100 code | 7 blank | 19 comment | 8 complexity | d776842eb78e4f4d45eab9aa456855fe MD5 | raw file
  1. %%
  2. %% U.C.Engine - Unified Collaboration Engine
  3. %% Copyright (C) 2011 af83
  4. %%
  5. %% This program is free software: you can redistribute it and/or modify
  6. %% it under the terms of the GNU Affero General Public License as published by
  7. %% the Free Software Foundation, either version 3 of the License, or
  8. %% (at your option) any later version.
  9. %%
  10. %% This program is distributed in the hope that it will be useful,
  11. %% but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. %% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. %% GNU Affero General Public License for more details.
  14. %%
  15. %% You should have received a copy of the GNU Affero General Public License
  16. %% along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. %%
  18. -module(uce_access).
  19. -export([exists/2,
  20. delete/2,
  21. assert/5,
  22. assert/6,
  23. check/5,
  24. check/6]).
  25. -include("uce.hrl").
  26. exists(#uce_access{} = Access, ACL) ->
  27. case delete(Access, ACL) of
  28. ACL ->
  29. false;
  30. _ ->
  31. true
  32. end.
  33. delete(#uce_access{} = Access, ACL) ->
  34. lists:filter(fun(#uce_access{} = RoleAccess) ->
  35. if
  36. RoleAccess#uce_access.object /= Access#uce_access.object ->
  37. true;
  38. RoleAccess#uce_access.action /= Access#uce_access.action ->
  39. true;
  40. length(Access#uce_access.conditions) /=
  41. length(RoleAccess#uce_access.conditions) ->
  42. true;
  43. true ->
  44. case lists:subtract(Access#uce_access.conditions,
  45. RoleAccess#uce_access.conditions) of
  46. [] ->
  47. false;
  48. _ ->
  49. true
  50. end
  51. end
  52. end,
  53. ACL).
  54. assert(Domain, User, Location, Object, Action) ->
  55. assert(Domain, User, Location, Object, Action, []).
  56. assert(Domain, User, Location, Object, Action, Conditions) ->
  57. case check(Domain, User, Location, Object, Action, Conditions) of
  58. {ok, false} ->
  59. throw({error, unauthorized});
  60. {ok, true} ->
  61. {ok, true}
  62. end.
  63. check(Domain, User, Location, Object, Action) ->
  64. check(Domain, User, Location, Object, Action, []).
  65. check(Domain, User, Location, Object, Action, Conditions) ->
  66. case uce_user:acl(Domain, User, Location) of
  67. {ok, []} ->
  68. {ok, false};
  69. {ok, ACL} ->
  70. FilteredACL =
  71. lists:filter(fun(#uce_access{object=AccessObject,
  72. action=AccessAction}) ->
  73. if
  74. AccessObject == "all",
  75. AccessAction == "all" ->
  76. true;
  77. AccessObject == "all", AccessAction == Action ->
  78. true;
  79. AccessObject == Object, AccessAction == "all" ->
  80. true;
  81. AccessObject == Object, AccessAction == Action ->
  82. true;
  83. true ->
  84. false
  85. end
  86. end,
  87. ACL),
  88. check_conditions(FilteredACL, Conditions)
  89. end.
  90. % All the ACL have been checked and none of them satisfied the conditions
  91. check_conditions([], _) ->
  92. {ok, false};
  93. % There is no conditions, so the access is authorized
  94. check_conditions(_, []) ->
  95. {ok, true};
  96. check_conditions([#uce_access{conditions=Conditions}|Tail], Required) ->
  97. case Conditions of
  98. [] ->
  99. {ok, true};
  100. _ ->
  101. case lists:filter(fun({Key, Value}) ->
  102. case lists:keyfind(Key, 1, Required) of
  103. {Key, Value} ->
  104. true;
  105. {Key, '_'} ->
  106. true;
  107. false ->
  108. true;
  109. _ ->
  110. false
  111. end
  112. end,
  113. Conditions) of
  114. [] ->
  115. check_conditions(Tail, Required);
  116. _ ->
  117. {ok, true}
  118. end
  119. end.