24 #ifndef _GVMD_MANAGE_ACL_H
25 #define _GVMD_MANAGE_ACL_H
27 #include "manage_sql.h"
35 #define ACL_USER_MAY_OPTS(resource) \
39 " ((" resource ".owner = opts.user_id)" \
41 " OR EXISTS (SELECT * FROM permissions_subject" \
42 " WHERE name = 'Super'" \
43 " AND (resource = 0))" \
46 " OR " resource ".owner IN (SELECT *" \
47 " FROM super_on_users)" \
51 " OR EXISTS (SELECT id FROM permissions_subject" \
52 " WHERE resource = " resource ".id" \
53 " AND resource_type = opts.type" \
54 " AND resource_location = " G_STRINGIFY (LOCATION_TABLE) \
63 #define ACL_USER_MAY(resource) \
64 "SELECT count(*) > 0 FROM permissions" \
65 " WHERE resource = " resource \
66 " AND subject_location = " G_STRINGIFY (LOCATION_TABLE) \
67 " AND ((subject_type = 'user'" \
69 " = (SELECT id FROM users" \
70 " WHERE users.uuid = '%s'))" \
71 " OR (subject_type = 'group'" \
73 " IN (SELECT DISTINCT \"group\"" \
75 " WHERE \"user\" = (SELECT id" \
79 " OR (subject_type = 'role'" \
81 " IN (SELECT DISTINCT role" \
83 " WHERE \"user\" = (SELECT id" \
88 " AND ((lower (substr ('%s', 1, 3)) = 'get'" \
89 " AND name LIKE '%%'" \
90 " || lower (substr ('%s'," \
92 " length ('%s') - 5)))" \
93 " OR name = lower ('%s'))"
100 #define ACL_IS_GLOBAL() \
111 #define ACL_USER_OWNS() \
112 " (owner = (SELECT users.id FROM users" \
113 " WHERE users.uuid = '%s'))"
123 #define ACL_GLOBAL_OR_USER_OWNS() \
124 " ((" ACL_IS_GLOBAL () ")" \
125 " OR (owner = (SELECT users.id FROM users" \
126 " WHERE users.uuid = '%s')))"
175 array_t *,
int, gchar **);
long long int resource_t
A resource, like a task or target.
Definition: iterator.h:39
gchar * acl_users_with_access_sql(const char *, const char *, const char *)
Get an SQL values expression of users that can get a resource.
Definition: manage_acl.c:1578
int acl_user_is_super_admin(const char *)
Check whether a user is a Super Admin.
Definition: manage_acl.c:427
int acl_user_can_super_everyone(const char *)
Check whether a user is a Super Admin.
Definition: manage_acl.c:212
int acl_user_is_admin(const char *)
Check whether a user is an Admin.
Definition: manage_acl.c:381
command_t * acl_commands(gchar **)
Get commands that the current user may run.
Definition: manage_acl.c:106
int acl_user_is_user(const char *)
Check whether a user has the User role.
Definition: manage_acl.c:450
int acl_user_has_super(const char *, user_t)
Test whether a user has super permission on another user.
Definition: manage_acl.c:311
int acl_user_owns_trash_uuid(const char *resource, const char *uuid)
Test whether a user effectively owns a resource.
Definition: manage_acl.c:775
int acl_user_owns(const char *, resource_t, int)
Test whether a user effectively owns a resource.
Definition: manage_acl.c:722
gchar * acl_users_with_access_where(const char *, const char *, const char *, const char *)
Get a static SQL condition selecting users that can get a resource.
Definition: manage_acl.c:1641
int acl_role_can_super_everyone(const char *)
Check whether a role has Super Admin capability.
Definition: manage_acl.c:180
int acl_user_is_observer(const char *)
Check whether a user is an Observer.
Definition: manage_acl.c:404
int acl_user_may(const char *)
Test whether a user may perform an operation.
Definition: manage_acl.c:159
gchar * acl_where_owned(const char *, const get_data_t *, int, const gchar *, resource_t, array_t *, int, gchar **)
Generate the ownership part of an SQL WHERE clause.
Definition: manage_acl.c:1498
int acl_user_is_owner(const char *, const char *)
Test whether a user is the actual owner of a resource.
Definition: manage_acl.c:616
int acl_user_has_access_uuid(const char *, const char *, const char *, int)
Test whether the user may access a resource.
Definition: manage_acl.c:810
gchar * acl_where_owned_for_get(const char *, const char *, const char *, gchar **)
Generate ownership part of WHERE, for getting a type of resource.
Definition: manage_acl.c:1528
int acl_user_can_everything(const char *)
Test whether a user may perform any operation.
Definition: manage_acl.c:264
int acl_user_owns_uuid(const char *, const char *, int)
Test whether a user effectively owns a resource.
Definition: manage_acl.c:649
A command.
Definition: manage.h:151
Command data for a get command.
Definition: manage_get.h:35