Implementation of basic permission checks.

2016-03-11 14:13:40 +01:00
parent 2c49209b8e
commit 96685d2bed
9 changed files with 128 additions and 11 deletions
@@ -41,6 +41,10 @@ public slots:
                QMessageBox::critical(this, "Database error", msg.toStdString().c_str());
                m_saved = false;
            });
            this->connect(service(), &IService::permissionDenied, [this](QString permission) {
                QMessageBox::critical(this, "Permission denied", permission.toStdString().c_str());
                m_saved = false;
            });
            this->connect(service(), &IService::dataChanged, [this]() {
                m_saved = true;
            });
@@ -155,7 +155,9 @@ public:
    void setData(QList<QSharedPointer<T> > list)
    {
        beginResetModel();
        m_list = list;
        endResetModel();
    }
 protected:
@@ -50,7 +50,8 @@ SOURCES += \
    data/system.cpp \
    settings/globalsettings.cpp \
    settingsform.cpp \
-    settings/globalsettingsform.cpp
+    settings/globalsettingsform.cpp \
    permissionevaluator.cpp
 HEADERS += core.h\
        core_global.h \
@@ -100,7 +101,8 @@ HEADERS += core.h\
    settings/globalsettings.h \
    settingsform.h \
    settings/globalsettingsform.h \
-    formbinder.h
+    formbinder.h \
    permissionevaluator.h
 unix {
    target.path = /usr/lib
@@ -60,6 +60,11 @@ void IMetaDataPlugin::init(const QJsonObject &metaData)
    {
        pluginUi->setPluginId(pluginId());
    }
    if (m_service != NULL)
    {
        m_service->setPluginId(pluginId());
    }
 }
 void IMetaDataPlugin::parseMetaData(const QJsonObject &metaData)
@@ -2,11 +2,14 @@
 IService::IService(QObject *parent) : QObject(parent)
 {
 }
 IService::~IService()
 {
-
+}
 void IService::setPluginId(const QString &pluginId)
 {
    m_pluginId = pluginId;
 }
@@ -14,6 +14,8 @@ public:
    explicit IService(QObject *parent = 0);
    virtual ~IService();
    void setPluginId(const QString &pluginId);
 signals:
    void dbError(QString errMsg);
    void dbErrorRead(QString errMsg);
@@ -23,8 +25,12 @@ signals:
    void dataChanged();
    void updateDenied();
    void readDenied();
    void permissionDenied(QString permission);
 public slots:
 protected:
    QString m_pluginId;
 };
 #endif // ISERVICE_H
@@ -0,0 +1,43 @@
 #include "permissionevaluator.h"
 #include <QSharedPointer>
 #include "data/core-data.h"
 #include "context.h"
 PermissionEvaluator::PermissionEvaluator(QObject *parent)
    :QObject(parent)
 {
 }
 PermissionEvaluator::~PermissionEvaluator()
 {   
 }
 bool PermissionEvaluator::hasPermission(const QString &pluginId, const QString &permission)
 {
    if (Context::instance().currentUser()->isAdmin())
    {
        return true;
    }
    bool ret;
    QList<QSharedPointer<Role> > roles = Context::instance().currentUser()->listRoles();
    ret = std::find_if(ALL(roles), [&pluginId, &permission](QSharedPointer<Role> role) -> bool {
        foreach (QSharedPointer<Permission> perm, role->listPermissions()) {
            if (perm->pluginId() == pluginId && perm->permissionName() == permission) {
                return true;
            }
        }
        return false;
    }) != roles.end();
    if (!ret)
    {
        emit permissionDenied(permission);
    }
    return ret;
 }
@@ -0,0 +1,23 @@
 #ifndef PERMISSIONEVALUATOR_H
 #define PERMISSIONEVALUATOR_H
 #include <QObject>
 #include <QString>
 #include "core_global.h"
 class CORESHARED_EXPORT PermissionEvaluator : public QObject
 {
    Q_OBJECT
 public:
    explicit PermissionEvaluator(QObject *parent = NULL);
    ~PermissionEvaluator();
    bool hasPermission(const QString &pluginId, const QString &permission);
 signals:
    void permissionDenied(QString permission);
 };
 #endif // PERMISSIONEVALUATOR_H
@@ -13,6 +13,7 @@
 #include "core_global.h"
 #include "context.h"
 #include "iservice.h"
 #include "permissionevaluator.h"
 #include "transaction.h"
@@ -27,12 +28,17 @@ public:
    }
    QList<QSharedPointer<T> > all(const QString &where = "") {
        QList<QSharedPointer<T> > ret;
        if (!checkPermission(PERM_READ)) {
            return ret;
        }
        odb::database *db = Context::instance().db();
        Q_ASSERT(db);
        Transaction tx;
        QList<QSharedPointer<T> > ret;
        try
        {
@@ -62,6 +68,10 @@ public:
    }
    void save(QSharedPointer<T> entity) {
        if (!checkPermission(PERM_ADD)) {
            return;
        }
        odb::database *db = Context::instance().db();
        Q_ASSERT(db);
@@ -84,6 +94,10 @@ public:
    }
    void update(QSharedPointer<T> entity) {
        if (!checkPermission(PERM_EDIT)) {
            return;
        }
        odb::database *db = Context::instance().db();
        Q_ASSERT(db);
@@ -106,12 +120,17 @@ public:
    }
    QSharedPointer<T> loadById(int id) {
        QSharedPointer<T> entity;
        if (!checkPermission(PERM_READ)) {
            return entity;
        }
        odb::database *db = Context::instance().db();
        Q_ASSERT(db);
        Transaction tx;
        QSharedPointer<T> entity;
        try
        {
@@ -137,6 +156,10 @@ public:
    }
    void erase(QSharedPointer<T> entity) {
        if (!checkPermission(PERM_DELETE)) {
            return;
        }
        odb::database *db = Context::instance().db();
        Q_ASSERT(db);
@@ -155,12 +178,18 @@ public:
        }
    }
-    void setPluginId(const QString &pluginId) {
+protected:
-        m_pluginId = pluginId;
+    bool checkPermission(const QString &permission) {
-    }
+        if (!m_pluginId.isEmpty()) {
            PermissionEvaluator ev;
            if (!ev.hasPermission(m_pluginId, permission)) {
                emit permissionDenied(permission);
                return false;
            }
        }
-private:
+        return true;
-    QString m_pluginId;
+    }
 };
 #endif // SERVICE_H