/**
* @fn editUserPermissionPrivate
*/
QueuedResult<bool> QueuedCorePrivateHelper::editUserPermissionPrivate(
const long long _id, const QueuedEnums::Permission &_permission, const bool _add)
{
qCDebug(LOG_LIB) << "Edit permissions" << static_cast<int>(_permission) << "for user" << _id
<< "add" << _add;
auto userObj = users()->user(_id);
if (!userObj) {
qCWarning(LOG_LIB) << "Could not find user with ID" << _id;
return QueuedError("User does not exist", QueuedEnums::ReturnStatus::InvalidArgument);
}
// edit runtime permissions to get value
auto perms
= _add ? userObj->addPermission(_permission) : userObj->removePermission(_permission);
auto permissions = static_cast<uint>(perms);
qCInfo(LOG_LIB) << "New user permissions" << perms;
// modify in database now
QVariantHash payload = {{"permissions", permissions}};
bool status = database()->modify(QueuedDB::USERS_TABLE, _id, payload);
if (!status) {
qCWarning(LOG_LIB) << "Could not modify user record" << _id
<< "in database, do not edit it in memory";
// rollback in-memory values
if (_add)
userObj->removePermission(_permission);
else
userObj->addPermission(_permission);
return QueuedError("", QueuedEnums::ReturnStatus::Error);
}
return true;
}
// Return hunting and/or fishing permissions in the ResultSet.
// Use a dummy identity.
void getPermissions(ResultSet& permissions, bool hunting, bool fishing)
{
if (hunting)
{
addPermission(permissions, "hunting");
}
if (fishing)
{
addPermission(permissions, "fishing");
}
}
void ServerAllocation::handleCreatePermission(Request& request)
{
TraceL << "Handle Create Permission" << endl;
// 9.2. Receiving a CreatePermission Request
//
// When the server receives the CreatePermission request, it processes
// as per Section 4 plus the specific rules mentioned here.
//
// The message is checked for validity. The CreatePermission request
// MUST contain at least one XOR-PEER-ADDRESS attribute and MAY contain
// multiple such attributes. If no such attribute exists, or if any of
// these attributes are invalid, then a 400 (Bad Request) error is
// returned. If the request is valid, but the server is unable to
// satisfy the request due to some capacity limit or similar, then a 508
// (Insufficient Capacity) error is returned.
//
// The server MAY impose restrictions on the IP address allowed in the
// XOR-PEER-ADDRESS attribute -- if a value is not allowed, the server
// rejects the request with a 403 (Forbidden) error.
//
// If the message is valid and the server is capable of carrying out the
// request, then the server installs or refreshes a permission for the
// IP address contained in each XOR-PEER-ADDRESS attribute as described
// in Section 8. The port portion of each attribute is ignored and may
// be any arbitrary value.
//
// The server then responds with a CreatePermission success response.
// There are no mandatory attributes in the success response.
//
// NOTE: A server need not do anything special to implement
// idempotency of CreatePermission requests over UDP using the
// "stateless stack approach". Retransmitted CreatePermission
// requests will simply refresh the permissions.
//
for (int i = 0; i < _server.options().allocationMaxPermissions; i++) {
auto peerAttr = request.get<stun::XorPeerAddress>(i);
if (!peerAttr || (peerAttr && peerAttr->family() != 1)) {
if (i == 0) {
_server.respondError(request, 400, "Bad Request");
return;
}
else
break;
}
addPermission(std::string(peerAttr->address().host()));
}
stun::Message response(stun::Message::SuccessResponse, stun::Message::CreatePermission);
response.setTransactionID(request.transactionID());
_server.respond(request, response);
//request.socket->send(response, request.remoteAddress);
}
void PermissionManager::reload()
{
XML::Document doc(permissionFile);
xmlNodePtr rootNode = doc.rootNode();
if (!rootNode || !xmlStrEqual(rootNode->name, BAD_CAST "permissions"))
{
LOG_ERROR("Permission Manager: " << permissionFile
<< " is not a valid database file!");
return;
}
LOG_INFO("Loading permission reference...");
for_each_xml_child_node(node, rootNode)
{
unsigned char classmask = 0x01;
if (!xmlStrEqual(node->name, BAD_CAST "class"))
{
continue;
}
int level = XML::getProperty(node, "level", 0);
if (level < 1 || level > 8)
{
LOG_WARN("PermissionManager: Illegal class level "
<<level
<<" in "
<<permissionFile
<<" (allowed range: 1..8)");
continue;
}
classmask = classmask << (level-1);
xmlNodePtr perNode;
for (perNode = node->xmlChildrenNode; perNode != nullptr; perNode = perNode->next)
{
if (xmlStrEqual(perNode->name, BAD_CAST "allow"))
{
const char* permission = (const char*)perNode->xmlChildrenNode->content;
if (permission && strlen(permission) > 0)
{
addPermission(permission, classmask);
}
} else if (xmlStrEqual(perNode->name, BAD_CAST "deny")){
//const char* permission = (const char*)perNode->xmlChildrenNode->content;
// To be implemented
} else if (xmlStrEqual(perNode->name, BAD_CAST "alias")){
const char* alias = (const char*)perNode->xmlChildrenNode->content;
if (alias && strlen(alias) > 0)
aliases[alias] = classmask;
}
}
}
void IAllocation::addPermissions(const IPList& ips)
{
for (auto it = ips.begin(); it != ips.end(); ++it) {
addPermission(*it);
}
}
Permissions::Permissions(const Permissions::Permission & perm)
{
addPermission(perm);
}
void Permissions::setAllPermissions()
{
for (int i = FIRST_PERMISSION; i < LAST_PERMISSION; ++i) {
addPermission(Permission(i));
}
}
void PermissionManager::reload()
{
int size;
char *data = ResourceManager::loadFile(permissionFile, size);
if (!data) {
LOG_ERROR("Permission Manager: Could not find "
<< permissionFile << "!");
free(data);
return;
}
xmlDocPtr doc = xmlParseMemory(data, size);
free(data);
if (!doc)
{
LOG_ERROR("Permission Manager: Error while parsing permission database ("
<< permissionFile << ")!");
return;
}
xmlNodePtr node = xmlDocGetRootElement(doc);
if (!node || !xmlStrEqual(node->name, BAD_CAST "permissions"))
{
LOG_ERROR("Permission Manager: " << permissionFile
<< " is not a valid database file!");
xmlFreeDoc(doc);
return;
}
LOG_INFO("Loading permission reference...");
for (node = node->xmlChildrenNode; node != NULL; node = node->next)
{
unsigned char classmask = 0x01;
if (!xmlStrEqual(node->name, BAD_CAST "class"))
{
continue;
}
int level = XML::getProperty(node, "level", 0);
if (level < 1 || level > 8)
{
LOG_WARN("PermissionManager: Illegal class level "
<<level
<<" in "
<<permissionFile
<<" (allowed range: 1..8)");
continue;
}
classmask = classmask << (level-1);
xmlNodePtr perNode;
for (perNode = node->xmlChildrenNode; perNode != NULL; perNode = perNode->next)
{
if (xmlStrEqual(perNode->name, BAD_CAST "allow"))
{
const char* permission = (const char*)perNode->xmlChildrenNode->content;
if (permission && strlen(permission) > 0)
{
addPermission(permission, classmask);
}
} else if (xmlStrEqual(perNode->name, BAD_CAST "deny")){
//const char* permission = (const char*)perNode->xmlChildrenNode->content;
// To be implemented
} else if (xmlStrEqual(perNode->name, BAD_CAST "alias")){
const char* alias = (const char*)perNode->xmlChildrenNode->content;
if (alias && strlen(alias) > 0)
aliases[alias] = classmask;
}
}
}
}
