Главная Обзор Помощь
Вход
n4u
/
kvs
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: f4337789fd
Ветки Метки
kvs
/
src
/
kvs_acl.erl

kvs_acl.erl 4.0 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108 
  1. -module(kvs_acl).
    2. 

  2. -copyright('Synrc Research Center s.r.o.').
    3. 

  3. -compile(export_all).
    4. 

  4. 

  5. -include_lib("kvs/include/acls.hrl").
    6. 

  6. -include_lib("kvs/include/users.hrl").
    7. 

  7. -include_lib("kvs/include/groups.hrl").
    8. 

  8. -include_lib("kvs/include/feeds.hrl").
    9. 

  9. 

  10. define_access(default  = Accessor, Resource, Action) -> do_define_access(Accessor, Resource, Action);
    11. 

  11. define_access({user, _Username} = Accessor, Resource, Action) -> do_define_access(Accessor, Resource, Action);
    12. 

  12. define_access({user_type, _Usertype} = Accessor, Resource, Action) -> do_define_access(Accessor, Resource, Action);
    13. 

  13. define_access({ip, _Ip} = Accessor, Resource, Action) -> do_define_access(Accessor, Resource, Action).
    14. 

  14. 

  15. do_define_access(Accessor, Resource, Action) -> acl_add_entry(select_type(Resource), Accessor, Action).
    16. 

  16. 

  17. check(Keys) ->
    18. 

  18.     Acls = [Acl || {ok, Acl = #acl_entry{}} <- [kvs:get(acl_entry, Key) || Key <- Keys]],
    19. 

  19.     case Acls of
    20. 

  20.         [] -> none;
    21. 

  21.         [#acl_entry{action = Action} | _] -> Action end.
    22. 

  22. 

  23. check_access(#user{email = UId, type = UType}, #feed{id = FId}) ->
    24. 

  24.     Feed = {feed, FId},
    25. 

  25.     Query = [ {{user, UId}, Feed}, {{user_type, UType}, Feed}, {default, Feed}],
    26. 

  26.     check(Query);
    27. 

  27. 

  28. check_access(#user{email = UId, type = UType}, #group{id = GId}) ->
    29. 

  29.     Group = {group, GId},
    30. 

  30.     Query = [ {{user, UId}, Group}, {{user_type, UType}, Group}, {default, Group}],
    31. 

  31.     check(Query);
    32. 

  32. 

  33. 

  34. check_access(#user{email = AId, type = AType}, #user{email = RId}) ->
    35. 

  35.     User = {user, RId},
    36. 

  36.     Query = [ {{user, AId}, User}, {{user_type, AType}, User}, {default, User} ],
    37. 

  37.     check(Query);
    38. 

  38. 

  39. check_access({user_type, Type}, #user{email = RId}) ->
    40. 

  40.     User = {user, RId},
    41. 

  41.     Query = [ {{user_type, Type}, User}, {default, User} ],
    42. 

  42.     check(Query);
    43. 

  43. 

  44. check_access({user_type, Type}, #feed{id = FId}) ->
    45. 

  45.     Feed = {feed, FId},
    46. 

  46.     Query = [ {{user_type, Type}, Feed}, {default, Feed} ],
    47. 

  47.     check(Query);
    48. 

  48. 

  49. check_access({user_type, Type}, #group{id = GId}) ->
    50. 

  50.     Group = {group, GId},
    51. 

  51.     Query = [{{user_type, Type}, Group}, {default, Group}],
    52. 

  52.     check(Query);
    53. 

  53. 

  54. check_access({ip, _Ip} = Accessor, {feature, _Feature} = Resource) ->
    55. 

  55.     Query = [{Accessor, Resource}, {default, Resource}],
    56. 

  56.     check(Query);
    57. 

  57. 

  58. check_access(#user{email = AId, type = AType}, {feature, _Feature} = R) ->
    59. 

  59.     Query = [ {{user, AId}, R}, {{user_type, AType}, R}, {default, R} ],
    60. 

  60.     check(Query);
    61. 

  61. 

  62. check_access(UId, {feature, _Feature} = Resource) ->
    63. 

  63.     case kvs:get(user, UId) of
    64. 

  64.         {ok, User} -> check_access(User, Resource);
    65. 

  65.         E -> E
    66. 

  66.     end.
    67. 

  67. 

  68. select_type({user, Id}) -> {user, Id};
    69. 

  69. select_type({group, Id}) -> {group, Id};
    70. 

  70. select_type({product, Id}) -> {product, Id};
    71. 

  71. select_type({feed, FId}) -> {feed, FId};
    72. 

  72. select_type({feature, Feature}) ->  {feature, Feature}.
    73. 

  73. 

  74. entries(AclId) -> case kvs:get(acl, AclId) of {ok,RO} -> read_entries(RO#acl.top, []); {error, _} -> [] end.
    75. 

  75. read_entries(undefined, Result) -> Result;
    76. 

  76. read_entries(Next, Result) -> case kvs:get(acl_entry, Next) of {ok,RO} -> read_entries(RO#acl_entry.prev, Result ++ [RO]); {error, _} -> Result end.
    77. 

  77. 

  78. acl_add_entry(Resource, Accessor, Action) ->
    79. 

  79.   Acl = case kvs:get(acl, Resource) of {ok, A} -> A;
    80. 

  80.     {error, _} -> A = #acl{id = Resource, resource=Resource}, kvs:put(A), A end,
    81. 

  81. 

  82.   EntryId = {Accessor, Resource},
    83. 

  83. 

  84.   case kvs:get(acl_entry, EntryId) of {error, _} ->
    85. 

  85.     Next = undefined,
    86. 

  86.     Prev = case Acl#acl.top of undefined -> undefined;
    87. 

  87.       Top -> case kvs:get(acl_entry, Top) of {ok, TopEntry} ->
    88. 

  88.         EditedEntry = TopEntry#acl_entry{next = EntryId},
    89. 

  89.         kvs:put(EditedEntry), % update prev entry
    90. 

  90.         TopEntry#acl_entry.id;
    91. 

  91.       {error, _} -> undefined end end,
    92. 

  92. 

  93.     %% update acl with top of acl entries list
    94. 

  94.     kvs:put(Acl#acl{top = EntryId}),
    95. 

  95. 

  96.     Entry  = #acl_entry{id = EntryId,
    97. 

  97.                         entry_id = EntryId,
    98. 

  98.                         accessor = Accessor,
    99. 

  99.                         action = Action,
    100. 

  100.                         next = Next,
    101. 

  101.                         prev = Prev},
    102. 

  102. 

  103.     ok = kvs:put(Entry),
    104. 

  104.     Entry;
    105. 

  105. 

  106.     %% if acl entry for Accessor and Acl is defined - just change action
    107. 

  107.     {ok, AclEntry} -> kvs:put(AclEntry#acl_entry{action = Action}), AclEntry end.
    108. 

  108.