int checkPermissionByObjType( rsComm_t *rsComm, char *objName, char *objType, char *user, char *zone, char *oper ) { int i; int operId; int userId; operId = getTokenId( rsComm, "access_type", oper ); if ( operId < 0 ) { return operId; } userId = getUserId( rsComm, user, zone ); if ( userId < 0 ) { return userId; } if ( !strcmp( objType, "-d" ) ) { i = checkPermitForDataObject( rsComm, objName, userId, operId ); } else if ( !strcmp( objType, "-c" ) ) { i = checkPermitForCollection( rsComm, objName, userId, operId ); } else if ( !strcmp( objType, "-r" ) ) { i = checkPermitForResource( rsComm, objName, userId, operId ); } /* else if (!strcmp(objType,"-m")) i = checkPermitForMetadata(rsComm, objName, userId, operId); */ else { i = INVALID_OBJECT_TYPE; } return i; }
int checkPermissionByObjType( rsComm_t *rsComm, char *objName, char *objType, char *user, char *zone, char *oper ) { int i; rodsLong_t operId; rodsLong_t userId; operId = getTokenId( rsComm, "access_type", oper ); if ( operId < 0 ) { // jjames - if they provide an invalid oper, give a better return code if ( operId == CAT_NO_ROWS_FOUND ) { return SYS_INVALID_INPUT_PARAM; } return operId; } userId = getUserId( rsComm, user, zone ); if ( userId < 0 ) { return userId; } if ( !strcmp( objType, "-d" ) ) { i = checkPermitForDataObject( rsComm, objName, userId, operId ); } else if ( !strcmp( objType, "-c" ) ) { i = checkPermitForCollection( rsComm, objName, userId, operId ); } else if ( !strcmp( objType, "-r" ) ) { i = checkPermitForResource( rsComm, objName, userId, operId ); } /* else if (!strcmp(objType,"-m")) i = checkPermitForMetadata(rsComm, objName, userId, operId); */ else { return INVALID_OBJECT_TYPE; } if ( i == 0 ) { // not found - check groups // Issue 3309 - iterate through user's groups and check for permission genQueryInp_t genQueryInp; genQueryOut_t *genQueryOut = NULL; memset( &genQueryInp, 0, sizeof( genQueryInp_t ) ); genQueryInp.maxRows = MAX_SQL_ROWS; addInxIval( &genQueryInp.selectInp, COL_USER_GROUP_NAME, 1 ); char condstr[MAX_NAME_LEN]; snprintf( condstr, MAX_NAME_LEN, "= '%s'", user); addInxVal( &genQueryInp.sqlCondInp, COL_USER_NAME, condstr); sqlResult_t *group_sql_result; int status = rsGenQuery( rsComm, &genQueryInp, &genQueryOut ); // note: if rsGenQuery has an error, just continue to below if ( genQueryOut && status >= 0 ) { group_sql_result = getSqlResultByInx(genQueryOut, COL_USER_GROUP_NAME); if (group_sql_result != nullptr) { char *group_str; // iterating over groups for ( int j = 0; j < genQueryOut->rowCnt; j++ ) { group_str = &group_sql_result->value[group_sql_result->len * j]; // if group_str is the same as user then we have already checked this // and don't want to go into an infinite loop if (strcmp(group_str, user) == 0) { continue; } int groupId = getUserId( rsComm, group_str, zone ); if ( groupId < 0 ) { continue; } if ( !strcmp( objType, "-d" ) ) { i = checkPermitForDataObject( rsComm, objName, groupId, operId ); } else if ( !strcmp( objType, "-c" ) ) { i = checkPermitForCollection( rsComm, objName, groupId, operId ); } else if ( !strcmp( objType, "-r" ) ) { i = checkPermitForResource( rsComm, objName, groupId, operId ); } if (i == 1) { // break out of loop if this group has permission break; } } } freeGenQueryOut( &genQueryOut ); clearGenQueryInp( &genQueryInp ); } } return i; }