15 typedef std::vector<std::pair<Access_Operation, std::string>>
AccessRulesRaw;
22 const std::string &username,
23 const std::string &path_prefix,
24 const std::string &group,
25 const std::string &result)
35 const std::string
match(
const std::string &sub,
36 const std::string &username,
37 const std::string_view &req_path,
38 const std::vector<std::string> &groups)
const
40 if (!
m_sub.empty() && sub !=
m_sub) {
return "";}
51 for (
const auto &group : groups) {
97 auto is_subdirectory = [](
const std::string_view& dir,
const std::string_view& subdir) {
98 if (subdir.size() < dir.size())
101 if (subdir.compare(0, dir.size(), dir, 0, dir.size()) != 0)
104 return dir.size() == subdir.size() || subdir[dir.size()] ==
'/' || dir ==
"/";
107 for (
const auto & rule : m_rules) {
109 if (rule.first != oper)
113 if (rule.second ==
"/")
117 if (is_subdirectory(rule.second, path)) {
122 if (is_subdirectory(path, rule.second))
129 bool empty()
const {
return m_rules.empty();}
131 std::string
str()
const;
133 size_t size()
const {
return m_rules.size();}
148 XrdAccRules(uint64_t expiry_time,
const std::string &username,
const std::string &token_subject,
149 const std::string &issuer,
const std::vector<MapRule> &rules,
const std::vector<std::string> &
groups,
151 m_authz_strategy(authz_strategy),
153 m_expiry_time(expiry_time),
154 m_username(username),
155 m_token_subject(token_subject),
164 return m_matcher.
apply(oper, path);
176 for (
const auto &rule : m_map_rules) {
177 std::string name = rule.match(m_token_subject, m_username, req_path, m_groups);
185 const std::string
str()
const;
205 const std::vector<std::string> &
groups()
const {
return m_groups;}
208 const uint32_t m_authz_strategy;
211 const uint64_t m_expiry_time{0};
212 const std::string m_username;
213 const std::string m_token_subject;
214 const std::string m_issuer;
215 const std::vector<MapRule> m_map_rules;
216 const std::vector<std::string> m_groups;
220 const std::vector<std::pair<std::unique_ptr<SubpathMatch>, std::string>> &required_issuers,
221 const std::vector<std::shared_ptr<XrdAccRules>> &access_rules_list);
Access_Operation
The following are supported operations.
@ AOP_Stat
exists(), stat()
@ AOP_Read
open() r/o, prepare()
bool AuthorizesRequiredIssuers(Access_Operation client_oper, const std::string_view &path, const std::vector< std::pair< std::unique_ptr< SubpathMatch >, std::string >> &required_issuers, const std::vector< std::shared_ptr< XrdAccRules >> &access_rules_list)
std::vector< std::pair< Access_Operation, std::string > > AccessRulesRaw
SubpathMatch(const AccessRulesRaw &rules)
bool apply(Access_Operation oper, const std::string_view path) const
const std::vector< std::string > & groups() const
bool apply(Access_Operation oper, const std::string_view path)
const std::string & get_issuer() const
uint32_t get_authz_strategy() const
void parse(const AccessRulesRaw &rules)
const std::string & get_default_username() const
const std::string & get_token_subject() const
bool acceptable_authz(Access_Operation oper) const
std::string get_username(const std::string_view &req_path) const
const std::string str() const
XrdAccRules(uint64_t expiry_time, const std::string &username, const std::string &token_subject, const std::string &issuer, const std::vector< MapRule > &rules, const std::vector< std::string > &groups, uint32_t authz_strategy, AuthzSetting acceptable_authz)
const std::string match(const std::string &sub, const std::string &username, const std::string_view &req_path, const std::vector< std::string > &groups) const
std::string m_path_prefix
MapRule(const std::string &sub, const std::string &username, const std::string &path_prefix, const std::string &group, const std::string &result)