ITsolved
/
prodejna
2
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity

Implementation of basic permission checks.

Browse Source
print
Josef Rokos 9 years ago
parent 2c49209b8e
commit 96685d2bed
9 changed files with 127 additions and 10 deletions
Show Stats Download Patch File Download Diff File

4
core/autoform.h
Unescape Escape View File

@ -41,6 +41,10 @@ public slots:
QMessageBox::critical(this, "Database error", msg.toStdString().c_str()); QMessageBox::critical(this, "Database error", msg.toStdString().c_str());
m_saved = false; m_saved = false;
}); });
this->connect(service(), &IService::permissionDenied, [this](QString permission) {
QMessageBox::critical(this, "Permission denied", permission.toStdString().c_str());
m_saved = false;
});
this->connect(service(), &IService::dataChanged, [this]() { this->connect(service(), &IService::dataChanged, [this]() {
m_saved = true; m_saved = true;
}); });

2
core/autotablemodel.h
Unescape Escape View File

@ -155,7 +155,9 @@ public:
void setData(QList<QSharedPointer<T> > list) void setData(QList<QSharedPointer<T> > list)
{ {
beginResetModel();
m_list = list; m_list = list;
endResetModel();
} }
protected: protected:

6
core/core.pro
Unescape Escape View File

@ -50,7 +50,8 @@ SOURCES += \
data/system.cpp \ data/system.cpp \
settings/globalsettings.cpp \ settings/globalsettings.cpp \
settingsform.cpp \ settingsform.cpp \
settings/globalsettingsform.cpp settings/globalsettingsform.cpp \
permissionevaluator.cpp
HEADERS += core.h\ HEADERS += core.h\
core_global.h \ core_global.h \
@ -100,7 +101,8 @@ HEADERS += core.h\
settings/globalsettings.h \ settings/globalsettings.h \
settingsform.h \ settingsform.h \
settings/globalsettingsform.h \ settings/globalsettingsform.h \
formbinder.h formbinder.h \
permissionevaluator.h
unix { unix {
target.path = /usr/lib target.path = /usr/lib

5
core/imetadataplugin.cpp
Unescape Escape View File

@ -60,6 +60,11 @@ void IMetaDataPlugin::init(const QJsonObject &metaData)
{ {
pluginUi->setPluginId(pluginId()); pluginUi->setPluginId(pluginId());
} }
if (m_service != NULL)
{
m_service->setPluginId(pluginId());
}
} }
void IMetaDataPlugin::parseMetaData(const QJsonObject &metaData) void IMetaDataPlugin::parseMetaData(const QJsonObject &metaData)

5
core/iservice.cpp
Unescape Escape View File

@ -2,11 +2,14 @@
IService::IService(QObject *parent) : QObject(parent) IService::IService(QObject *parent) : QObject(parent)
{ {
} }
IService::~IService() IService::~IService()
{ {
}
void IService::setPluginId(const QString &pluginId)
{
m_pluginId = pluginId;
} }

6
core/iservice.h
Unescape Escape View File

@ -14,6 +14,8 @@ public:
explicit IService(QObject *parent = 0); explicit IService(QObject *parent = 0);
virtual ~IService(); virtual ~IService();
void setPluginId(const QString &pluginId);
signals: signals:
void dbError(QString errMsg); void dbError(QString errMsg);
void dbErrorRead(QString errMsg); void dbErrorRead(QString errMsg);
@ -23,8 +25,12 @@ signals:
void dataChanged(); void dataChanged();
void updateDenied(); void updateDenied();
void readDenied(); void readDenied();
void permissionDenied(QString permission);
public slots: public slots:
protected:
QString m_pluginId;
}; };
#endif // ISERVICE_H #endif // ISERVICE_H

43
core/permissionevaluator.cpp
Unescape Escape View File

@ -0,0 +1,43 @@
#include "permissionevaluator.h"
#include <QSharedPointer>
#include "data/core-data.h"
#include "context.h"
PermissionEvaluator::PermissionEvaluator(QObject *parent)
:QObject(parent)
{
}
PermissionEvaluator::~PermissionEvaluator()
{
}
bool PermissionEvaluator::hasPermission(const QString &pluginId, const QString &permission)
{
if (Context::instance().currentUser()->isAdmin())
{
return true;
}
bool ret;
QList<QSharedPointer<Role> > roles = Context::instance().currentUser()->listRoles();
ret = std::find_if(ALL(roles), [&pluginId, &permission](QSharedPointer<Role> role) -> bool {
foreach (QSharedPointer<Permission> perm, role->listPermissions()) {
if (perm->pluginId() == pluginId && perm->permissionName() == permission) {
return true;
}
}
return false;
}) != roles.end();
if (!ret)
{
emit permissionDenied(permission);
}
return ret;
}

23
core/permissionevaluator.h
Unescape Escape View File

@ -0,0 +1,23 @@
#ifndef PERMISSIONEVALUATOR_H
#define PERMISSIONEVALUATOR_H
#include <QObject>
#include <QString>
#include "core_global.h"
class CORESHARED_EXPORT PermissionEvaluator : public QObject
{
Q_OBJECT
public:
explicit PermissionEvaluator(QObject *parent = NULL);
~PermissionEvaluator();
bool hasPermission(const QString &pluginId, const QString &permission);
signals:
void permissionDenied(QString permission);
};
#endif // PERMISSIONEVALUATOR_H

41
core/service.h
Unescape Escape View File

@ -13,6 +13,7 @@
#include "core_global.h" #include "core_global.h"
#include "context.h" #include "context.h"
#include "iservice.h" #include "iservice.h"
#include "permissionevaluator.h"
#include "transaction.h" #include "transaction.h"
@ -27,12 +28,17 @@ public:
} }
QList<QSharedPointer<T> > all(const QString &where = "") { QList<QSharedPointer<T> > all(const QString &where = "") {
QList<QSharedPointer<T> > ret;
if (!checkPermission(PERM_READ)) {
return ret;
}
odb::database *db = Context::instance().db(); odb::database *db = Context::instance().db();
Q_ASSERT(db); Q_ASSERT(db);
Transaction tx; Transaction tx;
QList<QSharedPointer<T> > ret;
try try
{ {
@ -62,6 +68,10 @@ public:
} }
void save(QSharedPointer<T> entity) { void save(QSharedPointer<T> entity) {
if (!checkPermission(PERM_ADD)) {
return;
}
odb::database *db = Context::instance().db(); odb::database *db = Context::instance().db();
Q_ASSERT(db); Q_ASSERT(db);
@ -84,6 +94,10 @@ public:
} }
void update(QSharedPointer<T> entity) { void update(QSharedPointer<T> entity) {
if (!checkPermission(PERM_EDIT)) {
return;
}
odb::database *db = Context::instance().db(); odb::database *db = Context::instance().db();
Q_ASSERT(db); Q_ASSERT(db);
@ -106,12 +120,17 @@ public:
} }
QSharedPointer<T> loadById(int id) { QSharedPointer<T> loadById(int id) {
QSharedPointer<T> entity;
if (!checkPermission(PERM_READ)) {
return entity;
}
odb::database *db = Context::instance().db(); odb::database *db = Context::instance().db();
Q_ASSERT(db); Q_ASSERT(db);
Transaction tx; Transaction tx;
QSharedPointer<T> entity;
try try
{ {
@ -137,6 +156,10 @@ public:
} }
void erase(QSharedPointer<T> entity) { void erase(QSharedPointer<T> entity) {
if (!checkPermission(PERM_DELETE)) {
return;
}
odb::database *db = Context::instance().db(); odb::database *db = Context::instance().db();
Q_ASSERT(db); Q_ASSERT(db);
@ -155,12 +178,18 @@ public:
} }
} }
void setPluginId(const QString &pluginId) { protected:
m_pluginId = pluginId; bool checkPermission(const QString &permission) {
if (!m_pluginId.isEmpty()) {
PermissionEvaluator ev;
if (!ev.hasPermission(m_pluginId, permission)) {
emit permissionDenied(permission);
return false;
}
} }
private: return true;
QString m_pluginId; }
}; };
#endif // SERVICE_H #endif // SERVICE_H

Write Preview
Loading…
Cancel
Save