hcq/MaxScale
hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1354: Add permissions to admin users

Browse Source 
The admin users now have a concept of write and read permissions. This
allows restricted read-only access to be granted to users.
This commit is contained in:
Markus Mäkelä 2017-08-14 14:08:31 +03:00
parent c323f0a551
commit 06afbd14eb
2 changed files with 101 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
include/maxscale/users.h
View File

@ -88,6 +88,36 @@ bool users_auth(USERS* users, const char* user, const char* password);
*/
bool users_find(USERS* users, const char* user);
/**
* Check if user is an administrator
*
* @param users The users table
* @param user User to check
*
* @return True if user is an administrator
*/
bool users_is_admin(USERS* users, const char* user);
/**
* Promote a user to an administrator
*
* @param users The users table
* @param user User to promote
*
* @return True if user was found and promoted
*/
bool users_promote(USERS* users, const char* user);
/**
* Demote an administrative user to a normal user
*
* @param users The users table
* @param user User to demote
*
* @return True if user was found and demoted
*/
bool users_demote(USERS* users, const char* user);
/**
* @brief Default user loading function
*

77
server/core/users.cc
View File

@ -22,13 +22,33 @@
namespace
{
enum permission_type
{
PERM_READ,
PERM_WRITE
};
struct UserInfo
{
UserInfo(std::string pw = "", permission_type perm = PERM_WRITE): // TODO: Change default to PERM_READ
password(pw),
permissions(perm)
{
}
std::string password;
permission_type permissions;
};
class Users
{
Users(const Users&);
Users& operator=(const Users&);
public:
typedef std::tr1::unordered_map<std::string, std::string> UserMap;
typedef std::tr1::unordered_map<std::string, UserInfo> UserMap;
Users()
{
@ -40,7 +60,7 @@ public:
bool add(std::string user, std::string password)
{
return m_data.insert(std::make_pair(user, password)).second;
return m_data.insert(std::make_pair(user, UserInfo(password))).second;
}
bool remove(std::string user)
@ -56,7 +76,7 @@ public:
return rval;
}
bool get(std::string user, std::string* output = NULL) const
bool get(std::string user, UserInfo* output = NULL) const
{
UserMap::const_iterator it = m_data.find(user);
bool rval = false;
@ -74,6 +94,33 @@ public:
return rval;
}
bool check_permissions(std::string user, permission_type perm) const
{
UserMap::const_iterator it = m_data.find(user);
bool rval = false;
if (it != m_data.end() && it->second.permissions == perm)
{
rval = true;
}
return rval;
}
bool set_permissions(std::string user, permission_type perm)
{
UserMap::iterator it = m_data.find(user);
bool rval = false;
if (it != m_data.end())
{
rval = true;
it->second.permissions = perm;
}
return rval;
}
json_t* diagnostic_json() const
{
json_t* rval = json_array();
@ -147,16 +194,34 @@ bool users_auth(USERS* users, const char* user, const char* password)
{
Users* u = reinterpret_cast<Users*>(users);
bool rval = false;
std::string str;
UserInfo info;
if (u->get(user, &str))
if (u->get(user, &info))
{
rval = strcmp(password, str.c_str()) == 0;
rval = strcmp(password, info.password.c_str()) == 0;
}
return rval;
}
bool users_is_admin(USERS* users, const char* user)
{
Users* u = reinterpret_cast<Users*>(users);
return u->check_permissions(user, PERM_WRITE);
}
bool users_promote(USERS* users, const char* user)
{
Users* u = reinterpret_cast<Users*>(users);
return u->set_permissions(user, PERM_WRITE);
}
bool users_demote(USERS* users, const char* user)
{
Users* u = reinterpret_cast<Users*>(users);
return u->set_permissions(user, PERM_READ);
}
void users_diagnostic(DCB* dcb, USERS* users)
{
Users* u = reinterpret_cast<Users*>(users);