void PrivilegeSet::grantPrivileges(const std::vector<Privilege>& privileges, const PrincipalName& authorizingPrincipal) { StringMap<ActionSet>& byResourceForPrincipal = _byPrincipal[authorizingPrincipal]; for (std::vector<Privilege>::const_iterator iter = privileges.begin(), end = privileges.end(); iter != end; ++iter) { byResourceForPrincipal[iter->getResource()].addAllActionsFromSet(iter->getActions()); ResourcePrivilegeCacheEntry* entry = _lookupOrInsertEntry(iter->getResource()); entry->actions.addAllActionsFromSet(iter->getActions()); } }
void PrivilegeSet::revokePrivilegesFromPrincipal(const PrincipalName& principal) { PrincipalPrivilegeMap::iterator principalEntry = _byPrincipal.find(principal); if (principalEntry == _byPrincipal.end()) return; // For every resource that "principal" authorizes, mark its entry in the _byResource table // as dirty, so that it will be rebuilt on next consultation. for (StringMap<ActionSet>::const_iterator resourceEntry = principalEntry->second.begin(), end = principalEntry->second.end(); resourceEntry != end; ++resourceEntry) { _lookupOrInsertEntry(resourceEntry->first)->dirty = true; } // Remove the princiapl from the _byPrincipal table. _byPrincipal.erase(principalEntry); }
void PrivilegeSet::revokePrivilegesFromUser(const UserName& user) { UserPrivilegeMap::iterator userEntry = _byUser.find(user); if (userEntry == _byUser.end()) return; // For every resource that "user" authorizes, mark its entry in the _byResource table // as dirty, so that it will be rebuilt on next consultation. for (StringMap<ActionSet>::const_iterator resourceEntry = userEntry->second.begin(), end = userEntry->second.end(); resourceEntry != end; ++resourceEntry) { _lookupOrInsertEntry(resourceEntry->first)->dirty = true; } // Remove the user from the _byUser table. _byUser.erase(userEntry); }