ITsolved
/
prodejna
2
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity

Implementation of basic permission checks.

Browse Source
print
Josef Rokos 10 years ago
parent 2c49209b8e
commit 96685d2bed
9 changed files with 127 additions and 10 deletions
Show Stats Download Patch File Download Diff File

4
core/autoform.h
Unescape Escape View File

@ -41,6 +41,10 @@ public slots:
QMessageBox::critical(this, "Database error", msg.toStdString().c_str());
m_saved = false;
});
this->connect(service(), &IService::permissionDenied, [this](QString permission) {
QMessageBox::critical(this, "Permission denied", permission.toStdString().c_str());
m_saved = false;
});
this->connect(service(), &IService::dataChanged, [this]() {
m_saved = true;
});

2
core/autotablemodel.h
Unescape Escape View File

@ -155,7 +155,9 @@ public:
void setData(QList<QSharedPointer<T> > list)
{
beginResetModel();
m_list = list;
endResetModel();
}
protected:

6
core/core.pro
Unescape Escape View File

@ -50,7 +50,8 @@ SOURCES += \
data/system.cpp \
settings/globalsettings.cpp \
settingsform.cpp \
settings/globalsettingsform.cpp
settings/globalsettingsform.cpp \
permissionevaluator.cpp
HEADERS += core.h\
core_global.h \
@ -100,7 +101,8 @@ HEADERS += core.h\
settings/globalsettings.h \
settingsform.h \
settings/globalsettingsform.h \
formbinder.h
formbinder.h \
permissionevaluator.h
unix {
target.path = /usr/lib

5
core/imetadataplugin.cpp
Unescape Escape View File

@ -60,6 +60,11 @@ void IMetaDataPlugin::init(const QJsonObject &metaData)
{
pluginUi->setPluginId(pluginId());
}
if (m_service != NULL)
{
m_service->setPluginId(pluginId());
}
}
void IMetaDataPlugin::parseMetaData(const QJsonObject &metaData)

5
core/iservice.cpp
Unescape Escape View File

@ -2,11 +2,14 @@
IService::IService(QObject *parent) : QObject(parent)
{
}
IService::~IService()
{
}
void IService::setPluginId(const QString &pluginId)
{
m_pluginId = pluginId;
}

6
core/iservice.h
Unescape Escape View File

@ -14,6 +14,8 @@ public:
explicit IService(QObject *parent = 0);
virtual ~IService();
void setPluginId(const QString &pluginId);
signals:
void dbError(QString errMsg);
void dbErrorRead(QString errMsg);
@ -23,8 +25,12 @@ signals:
void dataChanged();
void updateDenied();
void readDenied();
void permissionDenied(QString permission);
public slots:
protected:
QString m_pluginId;
};
#endif // ISERVICE_H

43
core/permissionevaluator.cpp
Unescape Escape View File

@ -0,0 +1,43 @@
#include "permissionevaluator.h"
#include <QSharedPointer>
#include "data/core-data.h"
#include "context.h"
PermissionEvaluator::PermissionEvaluator(QObject *parent)
:QObject(parent)
{
}
PermissionEvaluator::~PermissionEvaluator()
{
}
bool PermissionEvaluator::hasPermission(const QString &pluginId, const QString &permission)
{
if (Context::instance().currentUser()->isAdmin())
{
return true;
}
bool ret;
QList<QSharedPointer<Role> > roles = Context::instance().currentUser()->listRoles();
ret = std::find_if(ALL(roles), [&pluginId, &permission](QSharedPointer<Role> role) -> bool {
foreach (QSharedPointer<Permission> perm, role->listPermissions()) {
if (perm->pluginId() == pluginId && perm->permissionName() == permission) {
return true;
}
}
return false;
}) != roles.end();
if (!ret)
{
emit permissionDenied(permission);
}
return ret;
}

23
core/permissionevaluator.h
Unescape Escape View File

@ -0,0 +1,23 @@
#ifndef PERMISSIONEVALUATOR_H
#define PERMISSIONEVALUATOR_H
#include <QObject>
#include <QString>
#include "core_global.h"
class CORESHARED_EXPORT PermissionEvaluator : public QObject
{
Q_OBJECT
public:
explicit PermissionEvaluator(QObject *parent = NULL);
~PermissionEvaluator();
bool hasPermission(const QString &pluginId, const QString &permission);
signals:
void permissionDenied(QString permission);
};
#endif // PERMISSIONEVALUATOR_H

43
core/service.h
Unescape Escape View File

@ -13,6 +13,7 @@
#include "core_global.h"
#include "context.h"
#include "iservice.h"
#include "permissionevaluator.h"
#include "transaction.h"
@ -27,12 +28,17 @@ public:
}
QList<QSharedPointer<T> > all(const QString &where = "") {
QList<QSharedPointer<T> > ret;
if (!checkPermission(PERM_READ)) {
return ret;
}
odb::database *db = Context::instance().db();
Q_ASSERT(db);
Transaction tx;
QList<QSharedPointer<T> > ret;
try
{
@ -62,6 +68,10 @@ public:
}
void save(QSharedPointer<T> entity) {
if (!checkPermission(PERM_ADD)) {
return;
}
odb::database *db = Context::instance().db();
Q_ASSERT(db);
@ -84,6 +94,10 @@ public:
}
void update(QSharedPointer<T> entity) {
if (!checkPermission(PERM_EDIT)) {
return;
}
odb::database *db = Context::instance().db();
Q_ASSERT(db);
@ -106,12 +120,17 @@ public:
}
QSharedPointer<T> loadById(int id) {
QSharedPointer<T> entity;
if (!checkPermission(PERM_READ)) {
return entity;
}
odb::database *db = Context::instance().db();
Q_ASSERT(db);
Transaction tx;
QSharedPointer<T> entity;
try
{
@ -137,6 +156,10 @@ public:
}
void erase(QSharedPointer<T> entity) {
if (!checkPermission(PERM_DELETE)) {
return;
}
odb::database *db = Context::instance().db();
Q_ASSERT(db);
@ -155,12 +178,18 @@ public:
}
}
void setPluginId(const QString &pluginId) {
m_pluginId = pluginId;
}
protected:
bool checkPermission(const QString &permission) {
if (!m_pluginId.isEmpty()) {
PermissionEvaluator ev;
if (!ev.hasPermission(m_pluginId, permission)) {
emit permissionDenied(permission);
return false;
}
}
private:
QString m_pluginId;
return true;
}
};
#endif // SERVICE_H

Write Preview
Loading…
Cancel
Save