/home/tetron/hack/vos/libs/vos/vos/accesscontrol.hh

Go to the documentation of this file.
00001 /*
00002     This file is part of the Virtual Object System of
00003     the Interreality project (http://interreality.org).
00004 
00005     Copyright (C) 2001-2003 Peter Amstutz
00006 
00007     This library is free software; you can redistribute it and/or
00008     modify it under the terms of the GNU Lesser General Public
00009     License as published by the Free Software Foundation; either
00010     version 2 of the License, or (at your option) any later version.
00011 
00012     This library is distributed in the hope that it will be useful,
00013     but WITHOUT ANY WARRANTY; without even the implied warranty of
00014     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00015     Lesser General Public License for more details.
00016 
00017     You should have received a copy of the GNU Lesser General Public
00018     License along with this library; if not, write to the Free Software
00019     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
00020 
00021     Peter Amstutz <http://www.interreality.org>
00022 */
00023 #ifndef _ACCESSCONTROL_HH_
00024 #define _ACCESSCONTROL_HH_
00025 
00026 #include <vos/vos/vosdefs.hh>
00027 
00028 #include <string>
00029 #include <map>
00030 #include <deque>
00031 
00032 #ifndef VOS_EXPORTS
00033 IMPORT_METAOBJECT_FACTORIES(DefaultACs)
00034 #endif
00035 
00036 namespace VOS
00037 {
00038     class LocalVobject;
00039     class Vobject;
00040     class VobjectEvent;
00041     class Site;
00042 
00043 /** @class VobjectAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00044     @ingroup libvos
00045     This is the base class for Vobject access control policies.  A
00046     policy decides whether a particular read or change action on the
00047     types, parents or children of Vobject is permitted.
00048  */
00049 class VOS_API VobjectAccessControl
00050 {
00051 public:
00052     virtual ~VobjectAccessControl() { }
00053 
00054     /** Called when a child read is requested by a remote object.
00055         @param e The event to validate
00056         @param message you may optionally set this to explain why access was denied
00057         @returns true if allowed, false if denied
00058     */
00059     virtual bool checkReadChildPermission(VobjectEvent& e, std::string& message) = 0;
00060 
00061     /** Called when a type read is requested by a remote object.
00062         @param e The event to validate
00063         @param message you may optionally set this to explain why access was denied
00064         @returns true if allowed, false if denied
00065     */
00066     virtual bool checkReadTypePermission(VobjectEvent& e, std::string& message) = 0;
00067 
00068     /** Called when a type add is requested by a remote object.
00069         @param e The event to validate
00070         @param message you may optionally set this to explain why access was denied
00071         @returns true if allowed, false if denied
00072     */
00073     virtual bool checkAddTypePermission(VobjectEvent& e, std::string& message) = 0;
00074 
00075     /** Called when a type remove is requested by a remote object.
00076         @param e The event to validate
00077         @param message you may optionally set this to explain why access was denied
00078         @returns true if allowed, false if denied
00079     */
00080     virtual bool checkRemoveTypePermission(VobjectEvent& e, std::string& message) = 0;
00081 
00082     /** Called when a parent read is requested by a remote object
00083         @param e The event to validate
00084         @param message you may optionally set this to explain why access was denied
00085         @returns true if allowed, false if denied
00086     */
00087     virtual bool checkReadParentPermission(VobjectEvent& e, std::string& message) = 0;
00088 
00089     /** Called when a child replace is requested by a remote object.
00090         @param e The event to validate
00091         @param message you may optionally set this to explain why access was denied
00092         @returns true if allowed, false if denied
00093     */
00094     virtual bool checkSetChildPermission(VobjectEvent& e, std::string& message) = 0;
00095 
00096     /** Called when a child insert is requested by a remote object.
00097         @param e The event to validate
00098         @param message you may optionally set this to explain why access was denied
00099         @returns true if allowed, false if denied
00100     */
00101     virtual bool checkInsertChildPermission(VobjectEvent& e, std::string& message) = 0;
00102 
00103     /** Called when a child remove is requested by a remote object.
00104         @param e The event to validate
00105         @param message you may optionally set this to explain why access was denied
00106         @returns true if allowed, false if denied
00107     */
00108     virtual bool checkRemoveChildPermission(VobjectEvent& e, std::string& message) = 0;
00109 
00110     /** Called when a remote object wants to listen to the child list of some
00111         object.
00112         @param e The event to validate
00113         @param message you may optionally set this to explain why access was denied
00114         @returns true if allowed, false if denied
00115     */
00116     virtual bool checkChildListenPermission(VobjectEvent& e, std::string& message) = 0;
00117 
00118     /** Called when a remote object wants to listen to the parent set of some
00119         object.
00120         @param e The event to validate
00121         @param message you may optionally set this to explain why access was denied
00122         @returns true if allowed, false if denied
00123     */
00124     virtual bool checkParentListenPermission(VobjectEvent& e, std::string& message) = 0;
00125 
00126     /** Called when a remote object wants to listen to the parent set of some
00127         object.
00128         @param e The event to validate
00129         @param message you may optionally set this to explain why access was denied
00130         @returns true if allowed, false if denied
00131     */
00132     virtual bool checkTypeListenPermission(VobjectEvent& e, std::string& message) = 0;
00133 
00134 
00135     /** Called when a remote object wants to read access control lists.
00136         @param e The event to validate
00137         @param message you may optionally set this to explain why access was denied
00138         @returns true if allowed, false if denied
00139     */
00140     virtual bool checkPolicyReadPermission(VobjectEvent& e, std::string& message) = 0;
00141 
00142     /** Called when a remote object wants to change the access control lists.
00143         @param e The event to validate
00144         @param message you may optionally set this to explain why access was denied
00145         @returns true if allowed, false if denied
00146     */
00147     virtual bool checkPolicyChangePermission(VobjectEvent& e, std::string& message) = 0;
00148 
00149     /** @return this is overidden by the concrete implementation of
00150         your policy and returns the policy name that will be used by
00151         the access control list.  Form should be "domain:policy", for
00152         example ReadOnlyAccessControl returns "core:read-only".
00153     */
00154     virtual const std::string getPolicyName() = 0;
00155 };
00156 
00157 /** @class AcceptAllAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00158     @ingroup libvos
00159     Access control policy that always says yes. */
00160 class VOS_API AcceptAllAccessControl : public VobjectAccessControl
00161 {
00162 public:
00163     static AcceptAllAccessControl static_;
00164 
00165     virtual ~AcceptAllAccessControl() { }
00166 
00167     /** @returns true always */
00168     virtual bool checkReadChildPermission(VobjectEvent& e, std::string& message);
00169     /** @returns true always */
00170     virtual bool checkReadTypePermission(VobjectEvent& e, std::string& message);
00171     /** @returns true always */
00172     virtual bool checkReadParentPermission(VobjectEvent& e, std::string& message);
00173     /** @returns true always */
00174     virtual bool checkAddTypePermission(VobjectEvent& e, std::string& message);
00175     /** @returns true always */
00176     virtual bool checkRemoveTypePermission(VobjectEvent& e, std::string& message);
00177     /** @returns true always */
00178     virtual bool checkSetChildPermission(VobjectEvent& e, std::string& message);
00179     /** @returns true always */
00180     virtual bool checkInsertChildPermission(VobjectEvent& e, std::string& message);
00181     /** @returns true always */
00182     virtual bool checkRemoveChildPermission(VobjectEvent& e, std::string& message);
00183     /** @returns true always */
00184     virtual bool checkChildListenPermission(VobjectEvent& e, std::string& message);
00185     /** @returns true always */
00186     virtual bool checkTypeListenPermission(VobjectEvent& e, std::string& message);
00187     /** @returns true always */
00188     virtual bool checkParentListenPermission(VobjectEvent& e, std::string& message);
00189     /** @returns true always */
00190     virtual bool checkPolicyReadPermission(VobjectEvent& e, std::string& message);
00191     /** @returns true always */
00192     virtual bool checkPolicyChangePermission(VobjectEvent& e, std::string& message);
00193     virtual const std::string getPolicyName();
00194 };
00195 
00196 /** @class ReadOnlyAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00197     @ingroup libvos
00198      Access control policy that allows requests for information (reads) but denies all
00199      changes. */
00200 class VOS_API ReadOnlyAccessControl : public VobjectAccessControl
00201 {
00202 public:
00203     static ReadOnlyAccessControl static_;
00204 
00205     virtual ~ReadOnlyAccessControl() { }
00206 
00207     /** @returns true always */
00208     virtual bool checkReadChildPermission(VobjectEvent& e, std::string& message);
00209     /** @returns true always */
00210     virtual bool checkReadTypePermission(VobjectEvent& e, std::string& message);
00211     /** @returns true always */
00212     virtual bool checkReadParentPermission(VobjectEvent& e, std::string& message);
00213     /** @returns false always */
00214     virtual bool checkAddTypePermission(VobjectEvent& e, std::string& message);
00215     /** @returns false always */
00216     virtual bool checkRemoveTypePermission(VobjectEvent& e, std::string& message);
00217     /** @returns false always */
00218     virtual bool checkSetChildPermission(VobjectEvent& e, std::string& message);
00219     /** @returns false always */
00220     virtual bool checkInsertChildPermission(VobjectEvent& e, std::string& message);
00221     /** @returns false always */
00222     virtual bool checkRemoveChildPermission(VobjectEvent& e, std::string& message);
00223     /** @returns true always */
00224     virtual bool checkChildListenPermission(VobjectEvent& e, std::string& message);
00225     /** @returns true always */
00226     virtual bool checkTypeListenPermission(VobjectEvent& e, std::string& message);
00227     /** @returns true always */
00228     virtual bool checkParentListenPermission(VobjectEvent& e, std::string& message);
00229     /** @returns true always */
00230     virtual bool checkPolicyReadPermission(VobjectEvent& e, std::string& message);
00231     /** @returns false always */
00232     virtual bool checkPolicyChangePermission(VobjectEvent& e, std::string& message);
00233     virtual const std::string getPolicyName();
00234 };
00235 
00236 /** @class DenyAllAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00237     @ingroup libvos
00238     Access control policy that always says no.
00239 */
00240 class VOS_API DenyAllAccessControl : public VobjectAccessControl
00241 {
00242 public:
00243     static DenyAllAccessControl static_;
00244 
00245     virtual ~DenyAllAccessControl() { }
00246 
00247     /** @returns false always */
00248     virtual bool checkReadChildPermission(VobjectEvent& e, std::string& message);
00249     /** @returns false always */
00250     virtual bool checkReadTypePermission(VobjectEvent& e, std::string& message);
00251     /** @returns false always */
00252     virtual bool checkReadParentPermission(VobjectEvent& e, std::string& message);
00253     /** @returns false always */
00254     virtual bool checkAddTypePermission(VobjectEvent& e, std::string& message);
00255     /** @returns false always */
00256     virtual bool checkRemoveTypePermission(VobjectEvent& e, std::string& message);
00257     /** @returns false always */
00258     virtual bool checkSetChildPermission(VobjectEvent& e, std::string& message);
00259     /** @returns false always */
00260     virtual bool checkInsertChildPermission(VobjectEvent& e, std::string& message);
00261     /** @returns false always */
00262     virtual bool checkRemoveChildPermission(VobjectEvent& e, std::string& message);
00263     /** @returns false always */
00264     virtual bool checkChildListenPermission(VobjectEvent& e, std::string& message);
00265     /** @returns false always */
00266     virtual bool checkTypeListenPermission(VobjectEvent& e, std::string& message);
00267     /** @returns false always */
00268     virtual bool checkParentListenPermission(VobjectEvent& e, std::string& message);
00269     /** @returns false always */
00270     virtual bool checkPolicyReadPermission(VobjectEvent& e, std::string& message);
00271     /** @returns false always */
00272     virtual bool checkPolicyChangePermission(VobjectEvent& e, std::string& message);
00273 
00274     virtual const std::string getPolicyName();
00275 };
00276 
00277 /** @class SiteAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00278     @ingroup libvos
00279     Access control checks specific to operations on Site objects.
00280 */
00281 class VOS_API SiteAccessControl
00282 {
00283 public:
00284     virtual ~SiteAccessControl() { }
00285 
00286     /** Called when a remote site wishes to create an object on our local site.
00287         @param requester the remote requesting object
00288         @param site our site the object will be created on
00289         @param name the requested site name for this vobject
00290         @param types the requested type set for this vobject
00291         @param message you may optionally set this to explain why access was denied
00292         @returns true if allowed, false if denied
00293     */
00294     virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site,
00295                                               const std::string name,
00296                                               const std::deque<std::string> types,
00297                                               std::string& message) = 0;
00298 
00299     /** Called when a remote site wishes to rename an object on our local site.
00300         @param requester the remote requesting object
00301         @param site our site that owns the object
00302         @param oldname the current name
00303         @param newname the name the requester wants to change it to
00304         @param message you may optionally set this to explain why access was denied
00305         @returns true if allowed, false if denied
00306     */
00307     virtual bool checkRenameVobjectPermission(Vobject& requester, Site& site,
00308                                               const std::string oldname,
00309                                               const std::string newname,
00310                                               std::string& message) = 0;
00311     virtual const std::string getPolicyName() = 0;
00312 };
00313 
00314 /** @class AcceptAllSiteAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00315     @ingroup libvos
00316     Access control that always says yes.
00317 */
00318 class VOS_API AcceptAllSiteAccessControl : public SiteAccessControl
00319 {
00320 public:
00321     static AcceptAllSiteAccessControl static_;
00322 
00323     virtual ~AcceptAllSiteAccessControl() { }
00324 
00325     /**  @returns true always */
00326     virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site, const std::string name,
00327                                               const std::deque<std::string> types, std::string& message);
00328 
00329     /**  @returns true always */
00330     virtual bool checkRenameVobjectPermission(Vobject& requester, Site& site, const std::string oldname,
00331                                               const std::string newname, std::string& message);
00332     virtual const std::string getPolicyName();
00333 };
00334 
00335 /** @class DenyAllSiteAccessControl accesscontrol.hh vos/vos/accesscontrol.hh
00336     @ingroup libvos
00337     Access control that always says no.
00338 */
00339 class VOS_API DenyAllSiteAccessControl : public SiteAccessControl
00340 {
00341 public:
00342     static DenyAllSiteAccessControl static_;
00343 
00344     virtual ~DenyAllSiteAccessControl() { }
00345 
00346     /**  @returns false always */
00347     virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site, const std::string name,
00348                                               const std::deque<std::string> types, std::string& message);
00349 
00350     /**  @returns false always */
00351     virtual bool checkRenameVobjectPermission(Vobject& requester, Site& site, const std::string oldname,
00352                                               const std::string newname, std::string& message);
00353     virtual const std::string getPolicyName();
00354 };
00355 
00356 }
00357 
00358 #endif
[Home]	[About]
[Screenshots]	[Download]
[News]	[Community]
[Documentation]	[Manual]
[Bugs & Requests]	[Wiki]