Main Page Namespace List Class Hierarchy Compound List File List Compound Members
ODBCSecurityPlugin Class Reference
#include <ODBCSecurityPlugin.h>
Inheritance diagram for ODBCSecurityPlugin:
List of all members.
|
Public Methods |
| bool | init () |
| void | getLoginChallenge (string username, string &challenge) |
| bool | hasReadPermission (NumID userid, NumID docid) |
| bool | hasWritePermission (NumID userid, NumID docid) |
| bool | hasDeletePermission (NumID userid, NumID docid) |
| CoreError | changeUserPermission (NumID userid, Permission permission, NumID adminid) |
| CoreError | changeFilePermission (NumID docid, Permission permission, NumID userid) |
| CoreError | filterSearchResults (QueryResult &queryResult) |
| CoreError | login (string username, string challenge, string response, UserProfile &user) |
| CoreError | addUser (const UserProfile &userProfile, string challenge, string password, NumID &userid) |
| CoreError | delUser (NumID userid) |
| CoreError | getUserProfile (NumID userid, UserProfile &userProfile) |
| CoreError | changeUserProfile (NumID userid, const UserProfile &userProfile) |
| CoreError | setPassword (NumID userid, string challenge, string oldPassword, string newPassword) |
| CoreError | clearPassword (NumID userid) |
| CoreError | listUsers (vector< NumID > &users) |
| CoreError | fileCreated (NumID userid, NumID docid, Permission permission) |
Detailed Description
This is an implementation of the virtual class SecurityPlugin. It is based on capabilities information in an ODBC database.
A UserProfile contains user and password. Those will be authenticated using the database and an id will be returned.
CREATE statement for use with a Postgresql server:
CREATE SEQUENCE users_userid_seq;
CREATE TABLE users (
userid BIGINT DEFAULT nextval('users_userid_seq') UNIQUE NOT NULL,
username VARCHAR (64) UNIQUE NOT NULL,
password VARCHAR (64) DEFAULT '' NOT NULL,
profile TEXT NOT NULL
);
CREATE TABLE userdocpermission (
userid BIGINT,
docid BIGINT NOT NULL,
changepermission BOOLEAN DEFAULT FALSE,
read BOOLEAN DEFAULT FALSE,
write BOOLEAN DEFAULT FALSE,
delete BOOLEAN DEFAULT FALSE
);
if userid == NULL the capability listing is the default setup for document docid.
A group table and a groubcapability table should be added later on for greater flexibility.
Member Function Documentation
| CoreError ODBCSecurityPlugin::addUser |
( |
const UserProfile & |
userProfile, |
|
|
string |
challenge, |
|
|
string |
password, |
|
|
NumID & |
userid |
|
) |
[virtual] |
|
|
|
Adds a new user to the system. - Parameters:
-
| userProfile |
the profile for the new user |
| challenge |
the challenge that was presented to the user |
| password |
the password for the new user |
| userid |
the reference that receives the ID of the newly created user |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::changeFilePermission |
( |
NumID |
docid, |
|
|
Permission |
permission, |
|
|
NumID |
userid |
|
) |
[virtual] |
|
|
|
Changes the permissions associated with a file. This function may return an error ('no_access_lists') if the security model does not associate permissions directly with files, for example on systems that only associate permissions with users. - Parameters:
-
| docid |
the ID of the document whose permissions * are to be changed. |
| permission |
the new set of permissions for the user. |
| userid |
the ID * of the user that requests * this operation. |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::changeUserPermission |
( |
NumID |
userid, |
|
|
Permission |
permission, |
|
|
NumID |
adminid |
|
) |
[virtual] |
|
|
|
Changes the permissions associated with a user. This function may return an error ('no_capabilities') if the security model does not associate permissions directly with users, for example on systems that only associate permissions with files. - Parameters:
-
| userid |
the ID of the user whose permissions are to be changed. |
| permission |
the new set of permissions for the user. |
| adminid |
the ID * of the user that requests this operation. |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::changeUserProfile |
( |
NumID |
userid, |
|
|
const UserProfile & |
userProfile |
|
) |
[virtual] |
|
|
|
Changes a user's profile. - Parameters:
-
| userid |
the ID of the user of which to change the user profile |
| userProfile |
the new user profile |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::clearPassword |
( |
NumID |
userid |
) |
[virtual] |
|
|
|
Clear user password. - Parameters:
-
| userid |
the ID of the user of which to clear the password |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::delUser |
( |
NumID |
userid |
) |
[virtual] |
|
|
|
Deletes a user from the system. - Parameters:
-
| userid |
the ID of the user to be deleted from the system |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::fileCreated |
( |
NumID |
userid, |
|
|
NumID |
docid, |
|
|
Permission |
permission |
|
) |
[virtual] |
|
|
|
Notifies the security module that a new file has been created. - Parameters:
-
| userid |
The user that created the file. @docid the file's id. @permission an object representing the permissions associated with the file. |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::filterSearchResults |
( |
QueryResult & |
queryResult |
) |
[virtual] |
|
|
|
Removes file identifiers from user queries according to the SecurityPlugin's internal policy to prevent sensitive information from reaching unauthorised users. - Parameters:
-
| queryResult |
The query results. |
- Returns:
-
status code.
Implements SecurityPlugin. |
| void ODBCSecurityPlugin::getLoginChallenge |
( |
string |
username, |
|
|
string & |
challenge |
|
) |
[virtual] |
|
|
|
Obtains a login challenge for a user (e.g. 'Please type your password'). - Parameters:
-
| username |
the user's user name. |
| challenge |
the string object that will receive the challenge. |
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::getUserProfile |
( |
NumID |
userid, |
|
|
UserProfile & |
userProfile |
|
) |
[virtual] |
|
|
|
Retrieves a user's profile. - Parameters:
-
| userid |
the ID of the user for the user profile |
| userProfile |
the reference that receives the user profile |
- Returns:
-
status code.
Implements SecurityPlugin. |
| bool ODBCSecurityPlugin::hasDeletePermission |
( |
NumID |
userid, |
|
|
NumID |
docid |
|
) |
[virtual] |
|
|
|
Checks user's permission to delete a file. - Parameters:
-
| userid |
The user that requests the delete. |
| docid |
The identifier of the file. |
- Returns:
-
true if the user has the permission.
Implements SecurityPlugin. |
| bool ODBCSecurityPlugin::hasReadPermission |
( |
NumID |
userid, |
|
|
NumID |
docid |
|
) |
[virtual] |
|
|
|
Checks user's permission to read a file. - Parameters:
-
| userid |
The user that requests the read. |
| docid |
The identifier of the file. |
- Returns:
-
true if the user has the permission.
Implements SecurityPlugin. |
| bool ODBCSecurityPlugin::hasWritePermission |
( |
NumID |
userid, |
|
|
NumID |
docid |
|
) |
[virtual] |
|
|
|
Checks user's permission to write a file. - Parameters:
-
| userid |
The user that requests the write. |
| docid |
The identifier of the file. |
- Returns:
-
true if the user has the permission.
Implements SecurityPlugin. |
| bool ODBCSecurityPlugin::init |
( |
|
) |
[virtual] |
|
|
|
Initialize the plugin
Implements Plugin. |
| CoreError ODBCSecurityPlugin::listUsers |
( |
vector< NumID > & |
users |
) |
[virtual] |
|
|
|
Retrieves a list of all users (list of IDs). - Parameters:
-
| users |
the reference that receives the user IDs |
- Returns:
-
status code.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::login |
( |
string |
username, |
|
|
string |
challenge, |
|
|
string |
response, |
|
|
UserProfile & |
user |
|
) |
[virtual] |
|
|
|
Retrieves a user-ID. - Parameters:
-
| username |
the user's login data. |
| challenge |
the challenge that was presented to the user. |
| response |
the user's response to the challenge. # |
| user |
the reference that receives the user profile |
- Returns:
-
CORE_NO_ERROR if the challenge/response and username provide a valid combination. See Error.h for other return values.
Implements SecurityPlugin. |
| CoreError ODBCSecurityPlugin::setPassword |
( |
NumID |
userid, |
|
|
string |
challenge, |
|
|
string |
oldPassword, |
|
|
string |
newPassword |
|
) |
[virtual] |
|
|
|
Change user's password. The old and new passwords can be encrypted using the challenge-response protocol. - Parameters:
-
| userid |
the ID of the user of which to change the password |
| challenge |
the challenge that was presented to the user |
| oldPassword |
the old password of the user |
| newPassword |
the new password for the user |
- Returns:
-
status code.
Implements SecurityPlugin. |
The documentation for this class was generated from the following files:
Generated on Wed Feb 18 13:45:56 2004 for strongroom by
1.2.18