Cutelyst
2.13.0
|
User role-based authorization action class. More...
#include <Cutelyst/RoleACL>
Public Member Functions | |
RoleACL (QObject *parent=nullptr) | |
virtual bool | aroundExecute (Context *c, QStack< Component * > stack) override |
bool | canVisit (Context *c) const |
virtual bool | init (Application *application, const QVariantHash &args) override |
virtual Modifiers | modifiers () const override |
![]() | |
Component (QObject *parent=nullptr) | |
bool | execute (Context *c) |
QString | name () const |
QString | reverse () const |
void | setName (const QString &name) |
void | setReverse (const QString &reverse) |
Protected Member Functions | |
virtual bool | dispatcherReady (const Dispatcher *dispatcher, Controller *controller) override |
![]() | |
Component (ComponentPrivate *d, QObject *parent=nullptr) | |
A derived class using pimpl should call this constructor, to reduce the number of memory allocations. | |
virtual bool | afterExecute (Context *c) |
void | applyRoles (const QStack< Component * > &roles) |
virtual bool | beforeExecute (Context *c) |
virtual bool | doExecute (Context *c) |
Additional Inherited Members | |
![]() | |
enum | Modifier { None, OnlyExecute, BeforeExecute, AroundExecute, AfterExecute } |
Provides a reusable action role for user role-based authorization. ACLs are applied via the assignment of attributes to application action subroutines.
Failure to include the following required attributes will result in a fatal error when the RoleACL action's constructor is called.
ACLDetachTo
The name of an action to which the request should be detached if it is determined that ACLs are not satisfied for this user and the resource he is attempting to access.
RequiresRole and AllowedRole
The action must include at least one of these attributes, otherwise the Role::ACL constructor will have a fatal error.
One or more roles may be associated with an action.
User roles are fetched via the invocation of the AuthenticationUser object's "roles" QStringList value.
Roles specified with the RequiresRole attribute are checked before roles specified with the AllowedRole attribute.
The mandatory ACLDetachTo attribute specifies the name of the action to which execution will detach on access violation.
ACLs may be applied to chained actions so that different roles are required or allowed for each link in the chain (or no roles at all).
ACLDetachTo allows us to short-circuit traversal of an action chain as soon as access is denied to one of the actions in the chain by its ACL.
This action will cause a fatal error because it's missing the ACLDetachTo attribute and has neither a RequiresRole nor an AllowedRole attribute. A RoleACL action must include at least one RequiresRole or AllowedRole attribute.
This action may only be executed by users with the 'admin' role.
This action requires that the user has the 'admin' role and either the 'editor' or 'writer' role (or both).
Any user with either the 'admin' or 'user' role may execute this action.
|
explicit |
Constructs a new role ACL object with the given parent.
Definition at line 126 of file roleacl.cpp.
Reimplemented from Component::aroundExecute().
Reimplemented from Cutelyst::Component.
Definition at line 166 of file roleacl.cpp.
References Cutelyst::Component::aroundExecute(), canVisit(), and Cutelyst::Context::detach().
bool RoleACL::canVisit | ( | Context * | c | ) | const |
Returns true if the action can be visited by the context c.
Definition at line 179 of file roleacl.cpp.
References Cutelyst::Authentication::user().
Referenced by aroundExecute().
|
overrideprotectedvirtual |
Reimplemented from Component::dispatcherReady().
Reimplemented from Cutelyst::Component.
Definition at line 218 of file roleacl.cpp.
References Cutelyst::Controller::actionFor(), and Cutelyst::Dispatcher::getActionByPath().
|
overridevirtual |
Reimplemented from Component::init().
Reimplemented from Cutelyst::Component.
Definition at line 135 of file roleacl.cpp.
|
overridevirtual |
Reimplemented from Component::modifiers().
Reimplemented from Cutelyst::Component.
Definition at line 130 of file roleacl.cpp.