void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
{
if (permissionFilter)
*permissionFilter = nullptr;
if (permission.IsEmpty())
return;
bool foundPermission = false;
String requiredPermission = permission.ToLower();
Array::Ptr permissions = user->GetPermissions();
if (permissions) {
ObjectLock olock(permissions);
for (const Value& item : permissions) {
String permission;
Function::Ptr filter;
if (item.IsObjectType<Dictionary>()) {
Dictionary::Ptr dict = item;
permission = dict->Get("permission");
filter = dict->Get("filter");
} else
permission = item;
permission = permission.ToLower();
if (!Utility::Match(permission, requiredPermission))
continue;
foundPermission = true;
if (filter && permissionFilter) {
std::vector<std::unique_ptr<Expression> > args;
args.emplace_back(new GetScopeExpression(ScopeLocal));
std::unique_ptr<Expression> indexer{new IndexerExpression(std::unique_ptr<Expression>(MakeLiteral(filter)), std::unique_ptr<Expression>(MakeLiteral("call")))};
FunctionCallExpression *fexpr = new FunctionCallExpression(std::move(indexer), std::move(args));
if (!*permissionFilter)
*permissionFilter = fexpr;
else
*permissionFilter = new LogicalOrExpression(std::unique_ptr<Expression>(*permissionFilter), std::unique_ptr<Expression>(fexpr));
}
}
}
if (!foundPermission) {
Log(LogWarning, "FilterUtility")
<< "Missing permission: " << requiredPermission;
BOOST_THROW_EXCEPTION(ScriptError("Missing permission: " + requiredPermission));
}
}
void FilterUtility::CheckPermission(const ApiUser::Ptr& user, const String& permission, Expression **permissionFilter)
{
if (permissionFilter)
*permissionFilter = NULL;
if (permission.IsEmpty())
return;
bool foundPermission = false;
String requiredPermission = permission.ToLower();
Array::Ptr permissions = user->GetPermissions();
if (permissions) {
ObjectLock olock(permissions);
BOOST_FOREACH(const Value& item, permissions) {
String permission;
Function::Ptr filter;
if (item.IsObjectType<Dictionary>()) {
Dictionary::Ptr dict = item;
permission = dict->Get("permission");
filter = dict->Get("filter");
} else
permission = item;
permission = permission.ToLower();
if (!Utility::Match(permission, requiredPermission))
continue;
foundPermission = true;
if (filter && permissionFilter) {
std::vector<Expression *> args;
args.push_back(new GetScopeExpression(ScopeLocal));
FunctionCallExpression *fexpr = new FunctionCallExpression(new IndexerExpression(MakeLiteral(filter), MakeLiteral("call")), args);
if (!*permissionFilter)
*permissionFilter = fexpr;
else
*permissionFilter = new LogicalOrExpression(*permissionFilter, fexpr);
}
}
}
bool InfoHandler::HandleRequest(const ApiUser::Ptr& user, HttpRequest& request, HttpResponse& response, const Dictionary::Ptr& params)
{
if (request.RequestUrl->GetPath().size() > 2)
return false;
if (request.RequestMethod != "GET")
return false;
if (request.RequestUrl->GetPath().empty()) {
response.SetStatus(302, "Found");
response.AddHeader("Location", "/v1");
return true;
}
if (request.RequestUrl->GetPath()[0] != "v1" || request.RequestUrl->GetPath().size() != 1)
return false;
response.SetStatus(200, "OK");
std::vector<String> permInfo;
Array::Ptr permissions = user->GetPermissions();
if (permissions) {
ObjectLock olock(permissions);
BOOST_FOREACH(const Value& permission, permissions) {
String name;
bool hasFilter = false;
if (permission.IsObjectType<Dictionary>()) {
Dictionary::Ptr dpermission = permission;
name = dpermission->Get("permission");
hasFilter = dpermission->Contains("filter");
} else
name = permission;
if (hasFilter)
name += " (filtered)";
permInfo.push_back(name);
}
}