PageRenderTime 235ms CodeModel.GetById 49ms app.highlight 12ms RepoModel.GetById 172ms app.codeStats 0ms

/ucengine/src/models/uce_access.erl

http://github.com/AF83/ucengine
Erlang | 126 lines | 100 code | 7 blank | 19 comment | 8 complexity | d776842eb78e4f4d45eab9aa456855fe MD5 | raw file
  1%%
  2%%  U.C.Engine - Unified Collaboration Engine
  3%%  Copyright (C) 2011 af83
  4%%
  5%%  This program is free software: you can redistribute it and/or modify
  6%%  it under the terms of the GNU Affero General Public License as published by
  7%%  the Free Software Foundation, either version 3 of the License, or
  8%%  (at your option) any later version.
  9%%
 10%%  This program is distributed in the hope that it will be useful,
 11%%  but WITHOUT ANY WARRANTY; without even the implied warranty of
 12%%  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 13%%  GNU Affero General Public License for more details.
 14%%
 15%%  You should have received a copy of the GNU Affero General Public License
 16%%  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 17%%
 18-module(uce_access).
 19
 20-export([exists/2,
 21         delete/2,
 22         assert/5,
 23         assert/6,
 24         check/5,
 25         check/6]).
 26
 27-include("uce.hrl").
 28
 29exists(#uce_access{} = Access, ACL) ->
 30    case delete(Access, ACL) of
 31        ACL ->
 32            false;
 33        _ ->
 34            true
 35    end.
 36
 37delete(#uce_access{} = Access, ACL) ->
 38    lists:filter(fun(#uce_access{} = RoleAccess) ->
 39                         if
 40                             RoleAccess#uce_access.object /= Access#uce_access.object ->
 41                                 true;
 42                             RoleAccess#uce_access.action /= Access#uce_access.action ->
 43                                 true;
 44                             length(Access#uce_access.conditions) /=
 45                             length(RoleAccess#uce_access.conditions) ->
 46                                 true;
 47                             true ->
 48                                 case lists:subtract(Access#uce_access.conditions,
 49                                                     RoleAccess#uce_access.conditions) of
 50                                     [] ->
 51                                         false;
 52                                     _ ->
 53                                         true
 54                                 end
 55                         end
 56                 end,
 57                 ACL).
 58
 59assert(Domain, User, Location, Object, Action) ->
 60    assert(Domain, User, Location, Object, Action, []).
 61assert(Domain, User, Location, Object, Action, Conditions) ->
 62    case check(Domain, User, Location, Object, Action, Conditions) of
 63        {ok, false} ->
 64            throw({error, unauthorized});
 65        {ok, true} ->
 66            {ok, true}
 67    end.
 68
 69check(Domain, User, Location, Object, Action) ->
 70    check(Domain, User, Location, Object, Action, []).
 71check(Domain, User, Location, Object, Action, Conditions) ->
 72    case uce_user:acl(Domain, User, Location) of
 73        {ok, []}  ->
 74            {ok, false};
 75        {ok, ACL} ->
 76            FilteredACL =
 77                lists:filter(fun(#uce_access{object=AccessObject,
 78                                             action=AccessAction}) ->
 79                                     if
 80                                         AccessObject == "all",
 81                                         AccessAction == "all" ->
 82                                             true;
 83                                         AccessObject == "all", AccessAction == Action ->
 84                                             true;
 85                                         AccessObject == Object, AccessAction == "all" ->
 86                                             true;
 87                                         AccessObject == Object, AccessAction == Action ->
 88                                             true;
 89                                         true ->
 90                                             false
 91                                     end
 92                             end,
 93                             ACL),
 94            check_conditions(FilteredACL, Conditions)
 95    end.
 96
 97% All the ACL have been checked and none of them satisfied the conditions
 98check_conditions([], _) ->
 99    {ok, false};
100% There is no conditions, so the access is authorized
101check_conditions(_, []) ->
102    {ok, true};
103check_conditions([#uce_access{conditions=Conditions}|Tail], Required) ->
104    case Conditions of
105        [] ->
106            {ok, true};
107        _ ->
108            case lists:filter(fun({Key, Value}) ->
109                                      case lists:keyfind(Key, 1, Required) of
110                                          {Key, Value} ->
111                                              true;
112                                          {Key, '_'} ->
113                                              true;
114                                          false ->
115                                              true;
116                                          _ ->
117                                              false
118                                      end
119                              end,
120                              Conditions) of
121                [] ->
122                    check_conditions(Tail, Required);
123                _ ->
124                    {ok, true}
125            end
126    end.