void Privilege::addPrivilegeToPrivilegeVector(PrivilegeVector* privileges,
const Privilege& privilegeToAdd) {
for (PrivilegeVector::iterator it = privileges->begin(); it != privileges->end(); ++it) {
if (it->getResourcePattern() == privilegeToAdd.getResourcePattern()) {
it->addActions(privilegeToAdd.getActions());
return;
}
}
// No privilege exists yet for this resource
privileges->push_back(privilegeToAdd);
}
bool AuthorizationSession::_isAuthorizedForPrivilege(const Privilege& privilege) {
const ResourcePattern& target(privilege.getResourcePattern());
ResourcePattern resourceSearchList[resourceSearchListCapacity];
const int resourceSearchListLength = buildResourceSearchList(target, resourceSearchList);
ActionSet unmetRequirements = privilege.getActions();
PrivilegeVector defaultPrivileges = getDefaultPrivileges();
for (PrivilegeVector::iterator it = defaultPrivileges.begin(); it != defaultPrivileges.end();
++it) {
for (int i = 0; i < resourceSearchListLength; ++i) {
if (!(it->getResourcePattern() == resourceSearchList[i]))
continue;
ActionSet userActions = it->getActions();
unmetRequirements.removeAllActionsFromSet(userActions);
if (unmetRequirements.empty())
return true;
}
}
for (UserSet::iterator it = _authenticatedUsers.begin(); it != _authenticatedUsers.end();
++it) {
User* user = *it;
for (int i = 0; i < resourceSearchListLength; ++i) {
ActionSet userActions = user->getActionsForResource(resourceSearchList[i]);
unmetRequirements.removeAllActionsFromSet(userActions);
if (unmetRequirements.empty())
return true;
}
}
return false;
}
