'[midgard-dev] cvs: /midgard-2.0/lib acl.c midgard.h'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       midgard-dev
Subject:    [midgard-dev] cvs: /midgard-2.0/lib acl.c midgard.h
From:       emiliano <midgard-dev () greywolves ! org>
Date:       2000-01-11 14:04:59
[Download RAW message or body]

emiliano		Tue Jan 11 16:04:59 2000 EDT

  Modified files:
    /midgard-2.0/lib	acl.c midgard.h 
  Log:
  I used entity as both type and ID. Separated into entitytype and entityid.
  
  
Index: midgard-2.0/lib/acl.c
diff -u midgard-2.0/lib/acl.c:1.5 midgard-2.0/lib/acl.c:1.6
--- midgard-2.0/lib/acl.c:1.5	Tue Jan  4 17:35:32 2000
+++ midgard-2.0/lib/acl.c	Tue Jan  4 18:44:42 2000
@@ -162,7 +162,7 @@
 #define ACL_PARENT_FILE -3
 #define ACL_PARENT_ARTICLE -2
 #define ACL_PARENT_NONE -1
-#define ACL_TABLE_TOPIC 12 /* make sure this matches _acl_tables ! */
+#define ACL_TABLE_TOPIC 12 /* make sure this matches acl_tables ! */
 
 /* This table is constructed by hand. Make sure the parent matches! */
 typedef struct {
@@ -243,12 +243,12 @@
 {
 MidgardAclObject aclobject;
 
-	aclobject->record = record;
-	aclobject->table = acl_lookup_table(record.table);
+	aclobject.record = record;
+	aclobject.table = acl_lookup_table(record->table);
 
-	if (aclobject->table == NULL) return FALSE;
+	if (aclobject.table == NULL) return FALSE;
 
-	return acl_get_parent(midgard, aclobject, aclobject->table);
+	return acl_get_parent(midgard, &aclobject, aclobject.table);
 }
 
 static int acl_lookup_table(MidgardTable* table)
@@ -289,8 +289,8 @@
 	midgard_sql_init(midgard);
 
 	midgard_set_sql_int(access);
-	midgard_set_sql_id(acl->record.id);
-	midgard_set_sql_string(acl->record.table->name);
+	midgard_set_sql_id(acl->record->id);
+	midgard_set_sql_string(acl->record->table->name);
 	midgard_set_sql_int(scope);
 	midgard_set_sql_int(is_afa);
 	midgard_set_sql_id(midgard->user);
@@ -298,7 +298,7 @@
 	midgard_set_sql_id(midgard->user);
 	midgard_set_sql_id(midgard->user);
 
-	rv = midgard_sql_get(midgard, _acl_tables[object->table].acl, ...)
+	rv = midgard_sql_get(midgard, acl_tables[object->table].acl, ...)
 
 	if (rv == MIDGARD_ERROR) grant = MIDGARD_ACL_GRANT_MU;
 	else grant = midgard_sql_get_int(0);
@@ -317,26 +317,27 @@
 	/* the ID is null, so we're trying once more for the original
 		table root, unless we've allready tried that
 	*/
-	if (midgard_id_is_null(object->record.id))
+	if (midgard_id_is_null(object->record->id))
 	{
 		if (object->table == root_table) return FALSE;
 		object->table = root_table;
-		object->record.table = acl_tables[root_table].table;
+		object->record->table = acl_tables[root_table].table;
 		return TRUE;
 	}
 
-	/* configured to never has a parent, fall back to table root */
-	if (parent_table == ACL_PARENT_NONE)
+	table = acl_tables + object->table;
+
+	/* configured to never have a parent, fall back to table root */
+	if (table->parent == ACL_PARENT_NONE)
 	{
-		midgard_id_free(object->record.id);
-		object->record.id = midgard_id_null();
+		midgard_id_free(object->record->id);
+		object->record->id = midgard_id_null();
 		return TRUE;
 	}
 
-	table = acl_tables + object->table;
-
 	midgard_sql_init(midgard);
-	rv = midgard_sql_get(midgard, table->get_parent, id, table->parent_fields);
+	rv = midgard_sql_get(midgard, table->get_parent, object->record->id,
+		table->parent_fields);
 
 	if (rv != MIDGARD_OK)
 	{
@@ -353,16 +354,16 @@
 			topic = midgard_sql_get_id(0);
 			replyto = midgard_sql_get_id(1);
 
-			midgard_id_free(object->record.id);
+			midgard_id_free(object->record->id);
 
 			if (midgard_id_is_null(replyto))
 			{
 				object->table = ACL_TABLE_TOPIC;
-				object->record.id = midgard_id_dup(topic);
+				object->record->id = midgard_id_dup(topic);
 			}
 			else
 			{
-				object->record.id = midgard_id_dup(replyto);
+				object->record->id = midgard_id_dup(replyto);
 			}
 
 			midgard_id_free(topic);
@@ -374,10 +375,10 @@
 		 */
 		case ACL_PARENT_FILE:
 		case ACL_PARENT_ACL:
-			midgard_id_free(object->record.id);
+			midgard_id_free(object->record->id);
 
 			object->table = acl_lookup_table_by_name(midgard_sql_get_string(0));
-			object->record.id = midgard_sql_get_id(1);
+			object->record->id = midgard_sql_get_id(1);
 
 			if (object->table < 0) rv = MIDGARD_ERROR;
 
@@ -391,8 +392,8 @@
 				break;
 			}
 
-			midgard_id_free(object->record.id);
-			object->record.id = midgard_sql_get_id(0);
+			midgard_id_free(object->record->id);
+			object->record->id = midgard_sql_get_id(0);
 			object->table = table->parent;
 
 			break;
@@ -400,9 +401,9 @@
 
 	midgard_sql_done(midgard);
 
-	object->record.table = acl_tables[object->table].table;
+	object->record->table = acl_tables[object->table].table;
 
-	return ((rv == MIDGARD_OK) && (object->record.id != NULL));
+	return ((rv == MIDGARD_OK) && (object->record->id != NULL));
 }
 
 static int acl_check_chain(Midgard* midgard,
@@ -421,6 +422,11 @@
 		return FALSE;
 	}
 
+	if (! (obj_r.id = midgard_id_dup(id)) ) { return FALSE; }
+
+	obj_r.table = acl_tables[object.table].table;
+	object.record = &obj_r;
+
 	/* For AfA you allways need access via a parent. The ACL list for
 		an object can only be changed by admin or if you've been granted
 		CHILD scope AfA on a parent
@@ -428,22 +434,21 @@
 	if (afa) { status = MIDGARD_ACL_GRANT_MU; }
 	else
 	{
-		if (! (obj_r.id = midgard_id_dup(id)) ) { return FALSE; }
-
-		obj_r.table = _acl_tables[object.table].table;
-		object.record = &obj_r;
-
 		status = acl_test(midgard, object, object, access,
 			MIDGARD_ACL_SCOPE_OBJECT, MIDGARD_ACL_TYPE_OBJECT);
-		if (status != MIDGARD_ACL_GRANT_MU) { return status; }
+		if (status != MIDGARD_ACL_GRANT_MU)
+		{
+			midgard_id_free(object.record->id);
+			return status;
+		}
 	}
 
 	parent.table = object.table;
 	parent.record = &par_r;
 
-	if (! (parent.record.id = midgard_id_dup(object->record.id)) )
+	if (! (parent.record->id = midgard_id_dup(object->record->id)) )
 	{
-		midgard_id_free(object->record.id);
+		midgard_id_free(object.record->id);
 		return FALSE;
 	}
 
@@ -454,7 +459,8 @@
 			MIDGARD_ACL_SCOPE_CHILD, afa);
 	}
 
-	midgard_id_free(parent.record.id);
+	midgard_id_free(object.record->id);
+	midgard_id_free(parent.record->id);
 
 	return (status == MIDGARD_ACL_GRANT_YES) ?
 				MIDGARD_ACL_GRANT_YES :
@@ -493,10 +499,13 @@
 	MidgardTable* table, MidgardId object,
 	int entitytype, MidgardId entity,
 	MidgardAccess access, boolean granted,
+	MidgardAclScope scope,
 	MidgardAclType afa
 	)
 {
-	/* sanity checks */
+	/* sanity checks. These will be optimized at some point, but
+	 * clarity rules for the moment
+	 */
 	if (entitytype == ACL_ENTITY_SELF && table != MIDGARD_PERSON)
 		return false;
 
@@ -507,6 +516,9 @@
 		&& access != MIDGARD_ACCESS_DELETE)
 		return false;
 
+	if (afa == MIDGARD_ACL_TYPE_AFA && scope != MIDGARD_ACL_SCOPE_CHILD)
+		return false;
+
 	/* AfA check */
 	if (! acl_check_chain(midgard, table, id, MIDGARD_ACCESS_CREATE,
 		MIDGARD_ACL_TYPE_AFA) )
@@ -521,7 +533,6 @@
 	/* TODO:
 		insert all values by midgard-lib sql method, or maybe ODBC
 		directly?
-		Set scope to CHILD allways.
 	*/
 
 	return (rv == MIDGARD_OK);
@@ -531,6 +542,7 @@
 	MidgardTable* table, MidgardId object,
 	int entitytype, MidgardId entity,
 	MidgardAccess access, boolean granted,
+	MidgardAclScope scope,
 	MidgardAclType afa
 	)
 {

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic