Back to index

nordugrid-arc-nox  1.1.0~rc6
PermitOverridesAlg.cpp
Go to the documentation of this file.
00001 #ifdef HAVE_CONFIG_H
00002 #include <config.h>
00003 #endif
00004 
00005 #include "PermitOverridesAlg.h"
00006 
00007 namespace ArcSec{
00008 
00009 std::string PermitOverridesCombiningAlg::algId = "Permit-Overrides";
00010 
00011 Result PermitOverridesCombiningAlg::combine(EvaluationCtx* ctx, std::list<Policy*> policies){
00012   bool atleast_onedeny = false;
00013   bool atleast_onenotapplicable = false;
00014 
00015   std::list<Policy*>::iterator it;
00016   for(it = policies.begin(); it != policies.end(); it++) {
00017     Policy* policy = *it;
00018     Result res = policy->eval(ctx);
00019 
00020     //If get a return DECISION_PERMIT, then regardless of whatelse result from the other Rule,
00021     //always return PERMIT.
00022     if(res == DECISION_PERMIT)
00023       return DECISION_PERMIT;
00024     
00025     //If get a return DECISION_NOT_APPLICABLE (this usually happens when Attribute with corrsponding 
00026     //AttributeId can be found from RequestItem, but value does not match).
00027     if (res == DECISION_NOT_APPLICABLE){
00028       atleast_onenotapplicable = true;
00029     }
00030     //Keep track of whether we had at least one rule that is pertained to the request
00031     else if(res == DECISION_DENY)
00032       atleast_onedeny = true;
00033   }
00034  
00035   //Some Rule said DENY, so since nothing could have permitted, return DENY
00036   if(atleast_onedeny) return DECISION_DENY;
00037 
00038   //No Rule said DENY, none of the rules actually applied, return NOT_APPLICABLE
00039   if(atleast_onenotapplicable) return DECISION_NOT_APPLICABLE;
00040 
00041   //If here, there is problem with one of the Rules, then return INDETERMINATE
00042   return DECISION_INDETERMINATE;
00043 }
00044 
00045 } //namespace ArcSec
00046