taskrambler
0.1.8
Web server and task management solution.
|
#include <string.h>
#include <sys/types.h>
#include <dlfcn.h>
#include <ctype.h>
#include "router.h"
#include "hash.h"
#include "session.h"
#include "http/request.h"
#include "http/response.h"
#include "application/application.h"
#include "utils/memory.h"
#include "commons.h"
Go to the source code of this file.
Macros | |
#define | COMMAND_LEN 128 |
Functions | |
HttpResponse | routerRoute (Router this, HttpRequest request, Session sess) |
This is the generic application router.... Here RBAC can take place as every resource is always requested via an HTTP request.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
Definition in file route.c.
#define COMMAND_LEN 128 |
Definition at line 49 of file route.c.
Referenced by routerRoute().
HttpResponse routerRoute | ( | Router | this, |
HttpRequest | request, | ||
Session | sess | ||
) |
So lets assume user georg creates a task that might be identified by /task/uuid(task). Then additionally an rbac resource will be created identified by /rbac_resource/uuid(/task/uuid(task)). User georg will have all rights on both resources. This means that rbac resources are resources by their own but how to control the access to these, I can't build another rbac resource and another and and and... so I think it is neccessary that every resource as it is has to hold their access in itself. The creating user will gain access to all REST operations as well as the right to change access control (which again are REST operations on these.
Sidenote: I use a slightly differen naming than the ansi spec uses I the term resource for object and action for operation.
So most resources end up with the following set of possible actions:
Well, rbac assignes only roles to resources... in that case, how can I achieve per user rights for specific resources... one way would be to give every user its own role, which makes the whole concept kind of useless.
Then I could allow everyone to create new roles on demand. Then a user would create a role that allows others to view the resource and then add user to this role. This role creation could be done automatically and in the UI the user simply only adds the users that should have access to the specific action. On the other hand the user might associate an action on the resource to an existing role. thus giving, for example, all team members the right to use the according action. Again in the UI this would be a simple select from a list. Still it seems neccessary to have a suer_private role where only this one user is in and that has full access to all resource actions of each resource the user is creating...and if there is such a thing no new roles will be created when allowing others to take actions on specific resources...simply add the action to the private role of the other user. This private roles can be almost automatic. (created when user is created, removed when he is removed, etc. etc) Regarding the session...I hink it ok to use our sessions to store The resulting access rights defined by the roles the user is in. On the other hand...if we store them stere no immediate feedback is possible when one of the roles have been changed....well, maybe there is...each existing session for users that are associated with the changed role have to be updated. That is in any case better than calculating all the access right on every reqeust. So, what we have in place right now are users and sessions. Both can be extended to the needs for rbac. What we still need is a definition of resources and actions that build up a permission and roles in it self that will associate user with permissions.
nothing there to handle the request ... so leave it to the caller...
Definition at line 53 of file route.c.
References COMMAND_LEN, HTTP_DELETE, HTTP_GET, HTTP_POST, HTTP_PUT, httpResponse404(), httpResponseJson(), MEM_FREE, and MIN.
Referenced by applicationAdapterHttpUpdate().