16 typedef std::vector<std::pair<Access_Operation, std::string>>
AccessRulesRaw;
23 const std::string &username,
24 const std::string &path_prefix,
25 const std::string &group,
26 const std::string &result)
36 const std::string
match(
const std::string &sub,
37 const std::string &username,
38 const std::string_view &req_path,
39 const std::vector<std::string> &groups)
const
41 if (!
m_sub.empty() && sub !=
m_sub) {
return "";}
52 for (
const auto &group : groups) {
99 for (
const auto & rule : m_rules) {
101 if (rule.first != oper)
105 if (rule.second ==
"/")
121 bool empty()
const {
return m_rules.empty();}
123 std::string
str()
const;
125 size_t size()
const {
return m_rules.size();}
140 XrdAccRules(uint64_t expiry_time,
const std::string &username,
const std::string &token_subject,
141 const std::string &issuer,
const std::vector<MapRule> &rules,
const std::vector<std::string> &
groups,
143 m_authz_strategy(authz_strategy),
145 m_expiry_time(expiry_time),
146 m_username(username),
147 m_token_subject(token_subject),
156 return m_matcher.
apply(oper, path);
168 for (
const auto &rule : m_map_rules) {
169 std::string name = rule.match(m_token_subject, m_username, req_path, m_groups);
177 const std::string
str()
const;
197 const std::vector<std::string> &
groups()
const {
return m_groups;}
200 const uint32_t m_authz_strategy;
203 const uint64_t m_expiry_time{0};
204 const std::string m_username;
205 const std::string m_token_subject;
206 const std::string m_issuer;
207 const std::vector<MapRule> m_map_rules;
208 const std::vector<std::string> m_groups;
212 const std::vector<std::pair<std::unique_ptr<SubpathMatch>, std::string>> &required_issuers,
213 const std::vector<std::shared_ptr<XrdAccRules>> &access_rules_list);
Access_Operation
The following are supported operations.
@ AOP_Stat
exists(), stat()
@ AOP_Read
open() r/o, prepare()
static bool is_subdirectory(const std::string_view dir, const std::string_view subdir)
bool AuthorizesRequiredIssuers(Access_Operation client_oper, const std::string_view &path, const std::vector< std::pair< std::unique_ptr< SubpathMatch >, std::string >> &required_issuers, const std::vector< std::shared_ptr< XrdAccRules >> &access_rules_list)
std::vector< std::pair< Access_Operation, std::string > > AccessRulesRaw
SubpathMatch(const AccessRulesRaw &rules)
bool apply(Access_Operation oper, const std::string_view path) const
const std::vector< std::string > & groups() const
bool apply(Access_Operation oper, const std::string_view path)
const std::string & get_issuer() const
uint32_t get_authz_strategy() const
void parse(const AccessRulesRaw &rules)
const std::string & get_default_username() const
const std::string & get_token_subject() const
bool acceptable_authz(Access_Operation oper) const
std::string get_username(const std::string_view &req_path) const
const std::string str() const
XrdAccRules(uint64_t expiry_time, const std::string &username, const std::string &token_subject, const std::string &issuer, const std::vector< MapRule > &rules, const std::vector< std::string > &groups, uint32_t authz_strategy, AuthzSetting acceptable_authz)
const std::string match(const std::string &sub, const std::string &username, const std::string_view &req_path, const std::vector< std::string > &groups) const
std::string m_path_prefix
MapRule(const std::string &sub, const std::string &username, const std::string &path_prefix, const std::string &group, const std::string &result)