vos/corelibs/vos/accesscontrol.hh

Go to the documentation of this file.

/*
    This file is part of the Virtual Object System of
    the Interreality project (http://interreality.org).

    Copyright (C) 2001-2003 Peter Amstutz

    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License as published by the Free Software Foundation; either
    version 2 of the License, or (at your option) any later version.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA

    Peter Amstutz <tetron@interreality.org>
*/
#ifndef _ACCESSCONTROL_HH_
#define _ACCESSCONTROL_HH_

#include <vos/corelibs/vos/vosdefs.hh>

#include <string>
#include <map>
#include <deque>

/** @file
    Defines VobjectAccessControl, NoAccessControl, ReadOnlyAccessControl and LocalOnlyAccessControl
*/

namespace VOS
{
class VobjectAccessControl;
    class LocalVobject;
    class Vobject;
    class VobjectEvent;
    class Site;

typedef VobjectAccessControl* (*VobjectAccessControlFactory)(const string& type, LocalVobject* lv);


/** @class VobjectAccessControl accesscontrol.hh vos/corelibs/vos/accesscontrol.hh
 * This is the base class for Vobject access control policies.  A
    policy decides whether a particular action on Vobject is
    permitted.  This class also stores a mapping of text strings to
    control policies, so that a user may request a policy by name
    (such as "readonly") rather than having to supply the class
    directly.  This capability can also be used to save access control
    policies persistantly.
 */
class VOS_API VobjectAccessControl
{
private:
    struct AssignAC
    {
        VobjectAccessControl* ac;
        VobjectAccessControlFactory fac;
    };
    static map<string, AssignAC> policies;

public:
    /** Called when a child read is requested by a remote object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkReadChildPermission(VobjectEvent& e, string& message) = 0;

    /** Called when a type read is requested by a remote object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkReadTypePermission(VobjectEvent& e, string& message) = 0;

    /** Called when a type add is requested by a remote object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkAddTypePermission(VobjectEvent& e, string& message) = 0;

    /** Called when a parent read is requested by a remote object
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkReadParentPermission(VobjectEvent& e, string& message) = 0;

    /** Called when a child replace is requested by a remote object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkSetChildPermission(VobjectEvent& e, string& message) = 0;

    /** Called when a child insert is requested by a remote object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkInsertChildPermission(VobjectEvent& e, string& message) = 0;

    /** Called when a child remove is requested by a remote object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkRemoveChildPermission(VobjectEvent& e, string& message) = 0;

    /** Called when a remote object wants to listen to the child list of some
        object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkChildListenPermission(VobjectEvent& e, string& message) = 0;

    /** Called when a remote object wants to listen to the parent set of some
        object.
        @param e The event to validate
        @returns true if allowed, false if denied
    */
    virtual bool checkParentListenPermission(VobjectEvent& e, string& message) = 0;


    /** Get a short string describing this policy. */
    virtual const string getPolicyName() = 0;

    /** Add a new access control policy.  This policy will be
        available as whatever name is returned by ac->getPolicyName().
        @param ac The policy object.
    */
    static void addPolicy(VobjectAccessControl* ac);

    /** Add a new access control policy.  The difference between this
        and the other addPolicy method is that a policy factory
        creates a new policy object each time getPolicy() is called,
        whereas otherwise the same policy object will be returned each
        time.  This is useful if you want to write an access control
        policy bound to a specific object that keeps some state about that
        object.
        @param name The policy name.  This should be the same as the name
        returned by getPolicyName() for the factory-created objects.
        @param ac The policy factory.
    */
    static void addPolicyFactory(const string& name, VobjectAccessControlFactory ac);

    /** Get the requested policy given the name and LocalVobject.
        @param name The policy name, registered at some point using addPolicy()
        @param lv The LocalVobject this policy will be added to
        (doesn't actually add it, but a policy factory may want to
        know what object it is being added to)
        @return the policy object, or NULL if there is no registered policy with that name
    */
    static VobjectAccessControl* getPolicy(const string& name, LocalVobject* lv);

    /** Remove policy with the given name.
        @param name policy name
    */
    static void removePolicy(const string& name);
};

/** @class SiteAccessControl accesscontrol.hh vos/corelibs/vos/accesscontrol.hh
 * Additional policy interface specificly for Sites.  */
class VOS_API SiteAccessControl : public VobjectAccessControl
{
public:
    /** Called when a remote site wishes to create an object on our local site.
        @param requester the remote requesting object
        @param site our site the object will be created on
        @param name the requested site name for this vobject
        @param types the requested type set for this vobject
        @returns true if allowed, false if denied
    */
    virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site, const string name,
                                              const deque<string> types, string& message) = 0;
};

/** @class NoAccessControl accesscontrol.hh vos/corelibs/vos/accesscontrol.hh
 * Access control policy that always says yes. */
class VOS_API NoAccessControl : public SiteAccessControl
{
public:
    static NoAccessControl static_;

    /** @returns true always */
    virtual bool checkReadChildPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkReadTypePermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkReadParentPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkAddTypePermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkSetChildPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkInsertChildPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkRemoveChildPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site, const string name,
                                              const deque<string> types, string& message);
    /** @returns true always */
    virtual bool checkChildListenPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkParentListenPermission(VobjectEvent& e, string& message);

    virtual const string getPolicyName();
};

/** @class ReadOnlyAccessControl accesscontrol.hh vos/corelibs/vos/accesscontrol.hh
 * Access control policy that allows requests for information (reads) and denies all
 * changes (writes). */
class VOS_API ReadOnlyAccessControl : public SiteAccessControl
{
public:
    static ReadOnlyAccessControl static_;

    /** @returns true always */
    virtual bool checkReadChildPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkReadTypePermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkReadParentPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkAddTypePermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkSetChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkInsertChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkRemoveChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site, const string name,
                                              const deque<string> types, string& message);
    /** @returns true always */
    virtual bool checkChildListenPermission(VobjectEvent& e, string& message);
    /** @returns true always */
    virtual bool checkParentListenPermission(VobjectEvent& e, string& message);

    virtual const string getPolicyName();
};

/** Access control policy that always says no.  Useful because the
    object is still accessable by the program, but not remotely. */
class VOS_API LocalOnlyAccessControl : public SiteAccessControl
{
public:
    static LocalOnlyAccessControl static_;

    /** @returns false always */
    virtual bool checkReadChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkReadTypePermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkReadParentPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkAddTypePermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkSetChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkInsertChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkRemoveChildPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkCreateVobjectPermission(Vobject& requester, Site& site, const string name,
                                              const deque<string> types, string& message);
    /** @returns false always */
    virtual bool checkChildListenPermission(VobjectEvent& e, string& message);
    /** @returns false always */
    virtual bool checkParentListenPermission(VobjectEvent& e, string& message);

    virtual const string getPolicyName();
};
}

#endif

---