Greenbone Vulnerability Manager
22.4.0~dev1
|
Headers for Greenbone Vulnerability Manager: the Manage library. More...
#include "manage_sql.h"
#include <glib.h>
Go to the source code of this file.
Macros | |
#define | ACL_USER_MAY_OPTS(resource) |
Generate SQL for user permission check. More... | |
#define | ACL_USER_MAY(resource) |
Generate SQL for user permission check. More... | |
#define | ACL_IS_GLOBAL() "owner IS NULL" |
Generate SQL for global check. More... | |
#define | ACL_USER_OWNS() |
Generate SQL for user ownership check. More... | |
#define | ACL_GLOBAL_OR_USER_OWNS() |
Generate SQL for user ownership check. More... | |
Functions | |
command_t * | acl_commands (gchar **) |
Get commands that the current user may run. More... | |
int | acl_user_may (const char *) |
Test whether a user may perform an operation. More... | |
int | acl_user_can_everything (const char *) |
Test whether a user may perform any operation. More... | |
int | acl_role_can_super_everyone (const char *) |
Check whether a role has Super Admin capability. More... | |
int | acl_user_can_super_everyone (const char *) |
Check whether a user is a Super Admin. More... | |
int | acl_user_has_super (const char *, user_t) |
Test whether a user has super permission on another user. More... | |
int | acl_user_is_admin (const char *) |
Check whether a user is an Admin. More... | |
int | acl_user_is_user (const char *) |
Check whether a user has the User role. More... | |
int | acl_user_is_super_admin (const char *) |
Check whether a user is a Super Admin. More... | |
int | acl_user_is_observer (const char *) |
Check whether a user is an Observer. More... | |
int | acl_user_owns (const char *, resource_t, int) |
Test whether a user effectively owns a resource. More... | |
int | acl_user_is_owner (const char *, const char *) |
Test whether a user is the actual owner of a resource. More... | |
int | acl_user_owns_uuid (const char *, const char *, int) |
Test whether a user effectively owns a resource. More... | |
int | acl_user_owns_trash_uuid (const char *resource, const char *uuid) |
Test whether a user effectively owns a resource. More... | |
int | acl_user_has_access_uuid (const char *, const char *, const char *, int) |
Test whether the user may access a resource. More... | |
gchar * | acl_where_owned (const char *, const get_data_t *, int, const gchar *, resource_t, array_t *, int, gchar **) |
Generate the ownership part of an SQL WHERE clause. More... | |
gchar * | acl_where_owned_for_get (const char *, const char *, const char *, gchar **) |
Generate ownership part of WHERE, for getting a type of resource. More... | |
gchar * | acl_users_with_access_sql (const char *, const char *, const char *) |
Get an SQL values expression of users that can get a resource. More... | |
gchar * | acl_users_with_access_where (const char *, const char *, const char *, const char *) |
Get a static SQL condition selecting users that can get a resource. More... | |
Headers for Greenbone Vulnerability Manager: the Manage library.
#define ACL_GLOBAL_OR_USER_OWNS | ( | ) |
Generate SQL for user ownership check.
This is the SQL clause for selecting global resources and resources owned directly by the user.
Caller must organise the single argument, the user's UUID, as a string.
#define ACL_IS_GLOBAL | ( | ) | "owner IS NULL" |
Generate SQL for global check.
This is the SQL clause for selecting global resources.
#define ACL_USER_MAY | ( | resource | ) |
Generate SQL for user permission check.
[in] | resource | Resource. |
#define ACL_USER_MAY_OPTS | ( | resource | ) |
Generate SQL for user permission check.
[in] | resource | Resource. |
#define ACL_USER_OWNS | ( | ) |
Generate SQL for user ownership check.
This is the SQL clause for selecting global resources and resources owned directly by the user.
Caller must organise the single argument, the user's UUID, as a string.
command_t* acl_commands | ( | gchar ** | disabled_commands | ) |
Get commands that the current user may run.
[in] | disabled_commands | All disabled commands. |
int acl_role_can_super_everyone | ( | const char * | role_id | ) |
Check whether a role has Super Admin capability.
[in] | role_id | ID of role. |
int acl_user_can_everything | ( | const char * | user_id | ) |
Test whether a user may perform any operation.
[in] | user_id | UUID of user. |
int acl_user_can_super_everyone | ( | const char * | uuid | ) |
Check whether a user is a Super Admin.
[in] | uuid | Uuid of user. |
int acl_user_has_access_uuid | ( | const char * | type, |
const char * | uuid, | ||
const char * | permission, | ||
int | trash | ||
) |
Test whether the user may access a resource.
[in] | type | Type of resource, for example "task". |
[in] | uuid | UUID of resource. |
[in] | permission | Permission. |
[in] | trash | Whether the resource is in the trash. |
int acl_user_has_super | ( | const char * | super_user_id, |
user_t | other_user | ||
) |
Test whether a user has super permission on another user.
[in] | super_user_id | UUID of user who may have super permission. |
[in] | other_user | Other user. |
int acl_user_is_admin | ( | const char * | uuid | ) |
Check whether a user is an Admin.
[in] | uuid | Uuid of user. |
int acl_user_is_observer | ( | const char * | uuid | ) |
Check whether a user is an Observer.
[in] | uuid | Uuid of user. |
int acl_user_is_owner | ( | const char * | type, |
const char * | uuid | ||
) |
Test whether a user is the actual owner of a resource.
[in] | type | Type of resource, for example "task". |
[in] | uuid | UUID of resource. |
int acl_user_is_super_admin | ( | const char * | uuid | ) |
Check whether a user is a Super Admin.
[in] | uuid | Uuid of user. |
int acl_user_is_user | ( | const char * | uuid | ) |
Check whether a user has the User role.
[in] | uuid | Uuid of user. |
int acl_user_may | ( | const char * | operation | ) |
Test whether a user may perform an operation.
[in] | operation | Name of operation. |
int acl_user_owns | ( | const char * | type, |
resource_t | resource, | ||
int | trash | ||
) |
Test whether a user effectively owns a resource.
A Super permissions can give a user effective ownership of another user's resource.
[in] | type | Type of resource, for example "task". |
[in] | resource | Resource. |
[in] | trash | Whether the resource is in the trash. |
int acl_user_owns_trash_uuid | ( | const char * | type, |
const char * | uuid | ||
) |
Test whether a user effectively owns a resource.
A Super permissions can give a user effective ownership of another user's resource.
[in] | type | Type of resource, for example "task". |
[in] | uuid | UUID of resource. |
int acl_user_owns_uuid | ( | const char * | type, |
const char * | uuid, | ||
int | trash | ||
) |
Test whether a user effectively owns a resource.
A Super permissions can give a user effective ownership of another user's resource.
[in] | type | Type of resource, for example "task". |
[in] | uuid | UUID of resource. |
[in] | trash | Whether the resource is in the trash. |
gchar* acl_users_with_access_sql | ( | const char * | type, |
const char * | resource_id, | ||
const char * | users_where | ||
) |
Get an SQL values expression of users that can get a resource.
[in] | type | The resource type. |
[in] | resource_id | The UUID of the resource. |
[in] | users_where | Optional clause to limit users. |
gchar* acl_users_with_access_where | ( | const char * | type, |
const char * | resource_id, | ||
const char * | users_where, | ||
const char * | user_expr | ||
) |
Get a static SQL condition selecting users that can get a resource.
[in] | type | The resource type. |
[in] | resource_id | The UUID of the resource. |
[in] | users_where | Optional clause to limit users. |
[in] | user_expr | Expression for the user, e.g. the column name. |
gchar* acl_where_owned | ( | const char * | type, |
const get_data_t * | get, | ||
int | owned, | ||
const gchar * | owner_filter, | ||
resource_t | resource, | ||
array_t * | permissions, | ||
int | with_optional, | ||
gchar ** | with | ||
) |
Generate the ownership part of an SQL WHERE clause.
[in] | type | Type of resource. |
[in] | get | GET data. |
[in] | owned | Only get items owned by the current user. |
[in] | owner_filter | Owner filter keyword. |
[in] | resource | Resource. |
[in] | permissions | Permissions. |
[in] | with_optional | Whether permissions WITH clauses are optional. |
[out] | with | Address for WITH clause if allowed, else NULL. |
gchar* acl_where_owned_for_get | ( | const char * | type, |
const char * | user_sql, | ||
const char * | with_prefix, | ||
gchar ** | with | ||
) |
Generate ownership part of WHERE, for getting a type of resource.
[in] | type | Type of resource. |
[in] | user_sql | SQL for getting user. If NULL SQL will be for current user. |
[in] | with_prefix | Optional prefix for WITH clause. |
[out] | with | Return location for WITH preselection clause if desired, else NULL. |