cutelyst 4.9.0
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.
Cutelyst::RoleACL Class Referencefinal
Core » Actions

User role-based authorization action role. More...

Inheritance diagram for Cutelyst::RoleACL:
Inheritance graph
[legend]

Public Member Functions

 RoleACL (QObject *parent=nullptr)
bool aroundExecute (Context *c, QStack< Component * > stack) override
bool canVisit (Context *c) const
bool init (Application *application, const QVariantHash &args) override
Modifiers modifiers () const override
Public Member Functions inherited from Cutelyst::Component
 Component (QObject *parent=nullptr)
virtual ~Component () override
bool execute (Context *c)
QString name () const noexcept
QString reverse () const noexcept
void setName (const QString &name)
void setReverse (const QString &reverse)

Protected Member Functions

bool dispatcherReady (const Dispatcher *dispatcher, Controller *controller) override
Protected Member Functions inherited from Cutelyst::Component
 Component (ComponentPrivate *d, QObject *parent=nullptr)
virtual bool afterExecute (Context *c)
void applyRoles (const QStack< Component * > &roles)
virtual bool beforeExecute (Context *c)
virtual bool doExecute (Context *c)

Additional Inherited Members

Public Types inherited from Cutelyst::Component
enum  Modifier {
  None , OnlyExecute , BeforeExecute , AroundExecute ,
  AfterExecute
}

Detailed Description

Provides a reusable action role for user role-based authorization. ACLs are applied via the assignment of attributes to application action subroutines.

class Foo : public Cutelyst::Controller
{
Q_OBJECT
public:
C_ATTR(foo,
:Local
:Does(RoleACL)
:RequiresRole(admin)
:ACLDetachTo(denied))
void foo(Context *c);
C_ATTR(denied, :Local :Private :AutoArgs :ActionClass(RenderView))
void denied(Context *c);
};
Cutelyst::Context
The Cutelyst Context.
Definition context.h:42
Cutelyst::Controller
Cutelyst Controller base class.
Definition controller.h:56
Cutelyst::Controller::C_ATTR
#define C_ATTR(X, Y)
Definition controller.h:41
Cutelyst::RenderView
Sensible default end action that forwards to a View.
Definition renderview.h:15
Cutelyst::RoleACL::RoleACL
RoleACL(QObject *parent=nullptr)
Definition roleacl.cpp:123

Required Attributes

Failure to include the following required attributes will result in a fatal error when the RoleACL action's constructor is called.

ACLDetachTo

The name of an action to which the request should be detached if it is determined that ACLs are not satisfied for this user and the resource he is attempting to access.

RequiresRole and AllowedRole

The action must include at least one of these attributes, otherwise the Role::ACL constructor will have a fatal error.

Processing of ACLs

One or more roles may be associated with an action.

User roles are fetched via the invocation of the AuthenticationUser object’s "roles" QStringList value.

Roles specified with the RequiresRole attribute are checked before roles specified with the AllowedRole attribute.

The mandatory ACLDetachTo attribute specifies the name of the action to which execution will detach on access violation.

ACLs may be applied to chained actions so that different roles are required or allowed for each link in the chain (or no roles at all).

ACLDetachTo allows us to short-circuit traversal of an action chain as soon as access is denied to one of the actions in the chain by its ACL.

Examples

// this is an invalid action
C_ATTR(broken,
:Local
:Does(RoleACL))
void broken(Context *c);

This action will cause a fatal error because it’s missing the ACLDetachTo attribute and has neither a RequiresRole nor an AllowedRole attribute. A RoleACL action must include at least one RequiresRole or AllowedRole attribute.

C_ATTR(foo,
:Local
:Does(RoleACL)
:RequiresRole(admin)
:ACLDetachTo(denied))
void foo(Context *c);

This action may only be executed by users with the 'admin' role.

C_ATTR(bar,
:Local
:Does(RoleACL)
:RequiresRole(admin)
:AllowedRole(editor)
:AllowedRole(writer)
:ACLDetachTo(denied))
void bar(Context *c);

This action requires that the user has the 'admin' role and either the 'editor' or 'writer' role (or both).

C_ATTR(easy,
:Local
:Does(RoleACL)
:AllowedRole(admin)
:AllowedRole(user)
:ACLDetachTo(denied))
void easy(Context *c);

Any user with either the 'admin' or 'user' role may execute this action.

Definition at line 17 of file roleacl.h.

Constructor & Destructor Documentation

◆ RoleACL()

RoleACL::RoleACL ( QObject * parent = nullptr)
explicit

Constructs a new RoleACL object with the given parent.

Definition at line 123 of file roleacl.cpp.

References Cutelyst::Component::Component().

Referenced by aroundExecute(), canVisit(), dispatcherReady(), and init().

Member Function Documentation

◆ aroundExecute()

bool RoleACL::aroundExecute ( Context * c,
QStack< Component * > stack )
overridevirtual

Reimplement this if you want to do processing around doExecute(), you must call doExecute() yourself then.

Reimplemented from Cutelyst::Component.

Definition at line 167 of file roleacl.cpp.

References RoleACL(), Cutelyst::Component::aroundExecute(), canVisit(), and Cutelyst::Context::detach().

◆ canVisit()

bool RoleACL::canVisit ( Context * c) const
nodiscard

Returns true if the action can be visited by the context c.

Definition at line 180 of file roleacl.cpp.

References RoleACL(), Cutelyst::Authentication::user(), and Cutelyst::AuthenticationUser::value().

Referenced by aroundExecute().

◆ dispatcherReady()

bool RoleACL::dispatcherReady ( const Dispatcher * dispatch,
Cutelyst::Controller * controller )
overrideprotectedvirtual

Called by dispatcher once it’s done preparing actions.

Subclasses might want to implement this to cache special actions, such as special methods for REST actions.

Reimplemented from Cutelyst::Component.

Definition at line 220 of file roleacl.cpp.

References RoleACL(), Cutelyst::Controller::actionFor(), and Cutelyst::Dispatcher::getActionByPath().

◆ init()

bool RoleACL::init ( Cutelyst::Application * application,
const QVariantHash & args )
overridevirtual

A Does class is always attached to an action, if this method returns false, the application will fail to start. Often useful if the user misconfigured the settings.

Reimplemented from Cutelyst::Component.

Definition at line 133 of file roleacl.cpp.

References RoleACL().

◆ modifiers()

Component::Modifiers RoleACL::modifiers ( ) const
overridevirtual

Always returns Component::Modifiers::AroundExecute.

Reimplemented from Cutelyst::Component.

Definition at line 128 of file roleacl.cpp.