Class AccessController

Defined in File access_control.hpp

Nested Relationships

Nested Types

Struct AccessController::PermissionEntry

Class Documentation

class AccessController

abstraction class for the management of access control lists (ACLs).

ACLs allow to define fine-grained access rights for files. In addition to the standard access rights, which can only distinguish between user/group/others, ACLs can be used to give specific access rights to named users and groups. ACL is part of the posix specification. The AccessController class is used to store ACL permission entries and provides a way to write those entries to a file. A permission entry can be seen as a combination of an access Category, a Permission and an optional name (used to identify specific users and groups.)

Public Types

enum class AccessControllerError : uint8_t

Values:

enumerator COULD_NOT_ALLOCATE_NEW_ACL

enum class Category : acl_tag_t

identifier for a permission entry (user, group, others, …)

Values:

enumerator USER

enumerator SPECIFIC_USER: a specific user must be identified by a name

enumerator GROUP

enumerator SPECIFIC_GROUP: a specific group must be identified by a name

enumerator OTHERS

enum class Permission : acl_perm_t

access right for a permission entry

Values:

enumerator READ

enumerator WRITE

enumerator READWRITE

enumerator NONE

using string_t = cxx::string<100>

Public Functions

bool addPermissionEntry(const Category f_category, const Permission f_permission, const uint32_t f_id = -1u) noexcept

define and store a specific permission entry to be used by writePermissionsToFile.

Parameters:

[f_id] – id of the user or group. For Category::SPECIFIC_USER or Category::SPECIFIC_GROUP the id is required. Otherwise writing the permission entry to a file will fail. For the default user/group/others categories the id is ignored and can therefore be left empty. Do not forget to add permissions of the standard user/group/others categories before writing to a file.
[f_permission] – Permissions which should be applied to the category.
[f_id] – The group or user id - depending on the category. For Category::USER, Category::GROUP and Category::OTHER the f_id is not required for everything else a valid group or user id is mandatory.

bool addPermissionEntry(const Category f_category, const Permission f_permission, const string_t &f_name) noexcept: just like addPermissionEntry(Category, Permission, int) but using a name instead of an id.

bool writePermissionsToFile(const int32_t f_fileDescriptor) const noexcept

Write permission entries stored by the AccessController to a file identified by a file descriptor.

Parameters:: [f_fileDescriptor] – identifier for a file (can be regular file, shared memory file, message queue file… everything is a file).
Returns:: true if succesful. If false, you can assume that the file has not been touched at all.

Public Static Attributes

static constexpr int32_t MaxNumOfPermissions = 20: maximum number of permission entries the AccessController can store