User role-based authorization action class. More...
#include <Cutelyst/RoleACL>
Public Member Functions | |
| RoleACL (QObject *parent=nullptr) | |
| virtual bool | aroundExecute (Context *c, QStack< Component * > stack) override |
| bool | canVisit (Context *c) const |
| virtual bool | init (Application *application, const QVariantHash &args) override |
| virtual Modifiers | modifiers () const override |
| Public Member Functions inherited from Cutelyst::Component | |
| Component (QObject *parent=nullptr) | |
| bool | execute (Context *c) |
| QString | name () const |
| QString | reverse () const |
| void | setName (const QString &name) |
| void | setReverse (const QString &reverse) |
| Public Member Functions inherited from QObject | |
| QObject (QObject *parent) | |
| bool | blockSignals (bool block) |
| const QObjectList & | children () const const |
| QMetaObject::Connection | connect (const QObject *sender, const char *signal, const char *method, Qt::ConnectionType type) const const |
| void | deleteLater () |
| void | destroyed (QObject *obj) |
| bool | disconnect (const char *signal, const QObject *receiver, const char *method) const const |
| bool | disconnect (const QObject *receiver, const char *method) const const |
| void | dumpObjectInfo () |
| void | dumpObjectInfo () const const |
| void | dumpObjectTree () |
| void | dumpObjectTree () const const |
| QList< QByteArray > | dynamicPropertyNames () const const |
| virtual bool | event (QEvent *e) |
| virtual bool | eventFilter (QObject *watched, QEvent *event) |
| T | findChild (const QString &name, Qt::FindChildOptions options) const const |
| QList< T > | findChildren (const QRegExp ®Exp, Qt::FindChildOptions options) const const |
| QList< T > | findChildren (const QRegularExpression &re, Qt::FindChildOptions options) const const |
| QList< T > | findChildren (const QString &name, Qt::FindChildOptions options) const const |
| bool | inherits (const char *className) const const |
| void | installEventFilter (QObject *filterObj) |
| bool | isWidgetType () const const |
| bool | isWindowType () const const |
| void | killTimer (int id) |
| virtual const QMetaObject * | metaObject () const const |
| void | moveToThread (QThread *targetThread) |
| QString | objectName () const const |
| void | objectNameChanged (const QString &objectName, QPrivateSignal) |
| QObject * | parent () const const |
| QVariant | property (const char *name) const const |
| Q_CLASSINFO (Name, Value) | |
| Q_DISABLE_COPY (Class) | |
| Q_DISABLE_COPY_MOVE (Class) | |
| Q_DISABLE_MOVE (Class) | |
| Q_EMIT Q_EMIT | |
| Q_ENUM (...) | |
| Q_ENUM_NS (...) | |
| Q_ENUMS (...) | |
| Q_FLAG (...) | |
| Q_FLAG_NS (...) | |
| Q_FLAGS (...) | |
| Q_GADGET Q_GADGET | |
| Q_INTERFACES (...) | |
| Q_INVOKABLE Q_INVOKABLE | |
| Q_NAMESPACE Q_NAMESPACE | |
| Q_NAMESPACE_EXPORT (EXPORT_MACRO) | |
| Q_OBJECT Q_OBJECT | |
| Q_PROPERTY (...) | |
| Q_REVISION Q_REVISION | |
| Q_SET_OBJECT_NAME (Object) | |
| Q_SIGNAL Q_SIGNAL | |
| Q_SIGNALS Q_SIGNALS | |
| Q_SLOT Q_SLOT | |
| Q_SLOTS Q_SLOTS | |
| T | qFindChild (const QObject *obj, const QString &name) |
| QList< T > | qFindChildren (const QObject *obj, const QRegExp ®Exp) |
| QList< T > | qFindChildren (const QObject *obj, const QString &name) |
| T | qobject_cast (const QObject *object) |
| T | qobject_cast (QObject *object) |
| QT_NO_NARROWING_CONVERSIONS_IN_CONNECT QT_NO_NARROWING_CONVERSIONS_IN_CONNECT | |
| void | removeEventFilter (QObject *obj) |
| void | setObjectName (const QString &name) |
| void | setParent (QObject *parent) |
| bool | setProperty (const char *name, const QVariant &value) |
| bool | signalsBlocked () const const |
| int | startTimer (int interval, Qt::TimerType timerType) |
| int | startTimer (std::chrono::milliseconds time, Qt::TimerType timerType) |
| QThread * | thread () const const |
Protected Member Functions | |
| virtual bool | dispatcherReady (const Dispatcher *dispatcher, Controller *controller) override |
| Protected Member Functions inherited from Cutelyst::Component | |
| Component (ComponentPrivate *d, QObject *parent=nullptr) | |
| A derived class using pimpl should call this constructor, to reduce the number of memory allocations. | |
| virtual bool | afterExecute (Context *c) |
| void | applyRoles (const QStack< Component * > &roles) |
| virtual bool | beforeExecute (Context *c) |
| virtual bool | doExecute (Context *c) |
| Protected Member Functions inherited from QObject | |
| virtual void | childEvent (QChildEvent *event) |
| virtual void | connectNotify (const QMetaMethod &signal) |
| virtual void | customEvent (QEvent *event) |
| virtual void | disconnectNotify (const QMetaMethod &signal) |
| bool | isSignalConnected (const QMetaMethod &signal) const const |
| int | receivers (const char *signal) const const |
| QObject * | sender () const const |
| int | senderSignalIndex () const const |
| virtual void | timerEvent (QTimerEvent *event) |
Additional Inherited Members | |
| Public Types inherited from Cutelyst::Component | |
| enum | Modifier { None , OnlyExecute , BeforeExecute , AroundExecute , AfterExecute } |
| Static Public Member Functions inherited from QObject | |
| QMetaObject::Connection | connect (const QObject *sender, const char *signal, const QObject *receiver, const char *method, Qt::ConnectionType type) |
| QMetaObject::Connection | connect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method, Qt::ConnectionType type) |
| QMetaObject::Connection | connect (const QObject *sender, PointerToMemberFunction signal, const QObject *context, Functor functor, Qt::ConnectionType type) |
| QMetaObject::Connection | connect (const QObject *sender, PointerToMemberFunction signal, const QObject *receiver, PointerToMemberFunction method, Qt::ConnectionType type) |
| QMetaObject::Connection | connect (const QObject *sender, PointerToMemberFunction signal, Functor functor) |
| bool | disconnect (const QMetaObject::Connection &connection) |
| bool | disconnect (const QObject *sender, const char *signal, const QObject *receiver, const char *method) |
| bool | disconnect (const QObject *sender, const QMetaMethod &signal, const QObject *receiver, const QMetaMethod &method) |
| bool | disconnect (const QObject *sender, PointerToMemberFunction signal, const QObject *receiver, PointerToMemberFunction method) |
| QString | tr (const char *sourceText, const char *disambiguation, int n) |
| QString | trUtf8 (const char *sourceText, const char *disambiguation, int n) |
| Public Attributes inherited from QObject | |
| typedef | QObjectList |
| Properties inherited from QObject | |
| objectName | |
Detailed Description
Provides a reusable action role for user role-based authorization. ACLs are applied via the assignment of attributes to application action subroutines.
REQUIRED ATTRIBUTES
Failure to include the following required attributes will result in a fatal error when the RoleACL action's constructor is called.
ACLDetachTo
The name of an action to which the request should be detached if it is determined that ACLs are not satisfied for this user and the resource he is attempting to access.
RequiresRole and AllowedRole
The action must include at least one of these attributes, otherwise the Role::ACL constructor will have a fatal error.
Processing of ACLs
One or more roles may be associated with an action.
User roles are fetched via the invocation of the AuthenticationUser object's "roles" QStringList value.
Roles specified with the RequiresRole attribute are checked before roles specified with the AllowedRole attribute.
The mandatory ACLDetachTo attribute specifies the name of the action to which execution will detach on access violation.
ACLs may be applied to chained actions so that different roles are required or allowed for each link in the chain (or no roles at all).
ACLDetachTo allows us to short-circuit traversal of an action chain as soon as access is denied to one of the actions in the chain by its ACL.
Examples
This action will cause a fatal error because it's missing the ACLDetachTo attribute and has neither a RequiresRole nor an AllowedRole attribute. A RoleACL action must include at least one RequiresRole or AllowedRole attribute.
This action may only be executed by users with the 'admin' role.
This action requires that the user has the 'admin' role and either the 'editor' or 'writer' role (or both).
Any user with either the 'admin' or 'user' role may execute this action.
Constructor & Destructor Documentation
◆ RoleACL()
|
explicit |
Constructs a new role ACL object with the given parent.
Definition at line 122 of file roleacl.cpp.
References Cutelyst::Component::Component(), QObject::QObject(), and QObject::parent().
Referenced by aroundExecute(), canVisit(), dispatcherReady(), and init().
Member Function Documentation
◆ aroundExecute()
Reimplemented from Component::aroundExecute().
Reimplemented from Cutelyst::Component.
Definition at line 166 of file roleacl.cpp.
References RoleACL(), Cutelyst::Component::aroundExecute(), canVisit(), and Cutelyst::Context::detach().
◆ canVisit()
| bool RoleACL::canVisit | ( | Context * | c | ) | const |
Returns true if the action can be visited by the context c.
Definition at line 179 of file roleacl.cpp.
References RoleACL(), QStringList::contains(), QList::isEmpty(), QVariant::toStringList(), and Cutelyst::Authentication::user().
Referenced by aroundExecute().
◆ dispatcherReady()
|
overrideprotectedvirtual |
Reimplemented from Component::dispatcherReady().
Reimplemented from Cutelyst::Component.
Definition at line 219 of file roleacl.cpp.
References RoleACL(), Cutelyst::Controller::actionFor(), and Cutelyst::Dispatcher::getActionByPath().
◆ init()
|
overridevirtual |
Reimplemented from Component::init().
Reimplemented from Cutelyst::Component.
Definition at line 132 of file roleacl.cpp.
References RoleACL().
◆ modifiers()
|
overridevirtual |
Reimplemented from Component::modifiers().
Reimplemented from Cutelyst::Component.
Definition at line 127 of file roleacl.cpp.
