Back to index

nordugrid-arc-nox  1.1.0~rc6
Public Member Functions | Static Private Attributes
ArcSec::PermitOverridesCombiningAlg Class Reference

Implement the "Permit-Overrides" algorithm. More...

#include <PermitOverridesAlg.h>

Inheritance diagram for ArcSec::PermitOverridesCombiningAlg:
Inheritance graph
Collaboration diagram for ArcSec::PermitOverridesCombiningAlg:
Collaboration graph

List of all members.

Public Member Functions

 PermitOverridesCombiningAlg ()
virtual ~PermitOverridesCombiningAlg ()
virtual Result combine (EvaluationCtx *ctx, std::list< Policy * > policies)
 If there is one policy which return positive evaluation result, then omit the *other policies and return DECISION_PERMIT.
virtual const std::string & getalgId (void) const
 Get the identifier.

Static Private Attributes

static std::string algId = "Permit-Overrides"

Detailed Description

Implement the "Permit-Overrides" algorithm.

Permit-Overrides, scans the policy set which is given as the parameters of "combine" *method, if gets "permit" result from any policy, then stops scanning and gives "permit" *as result, otherwise gives "deny".

Definition at line 13 of file PermitOverridesAlg.h.

Constructor & Destructor Documentation

Definition at line 18 of file PermitOverridesAlg.h.


Definition at line 19 of file PermitOverridesAlg.h.


Member Function Documentation

Result ArcSec::PermitOverridesCombiningAlg::combine ( EvaluationCtx ctx,
std::list< Policy * >  policies 
) [virtual]

If there is one policy which return positive evaluation result, then omit the *other policies and return DECISION_PERMIT.

ctxThis object contains request information which will be used to evaluated *against policy.
policliesThis is a container which contains policy objects.
The combined result according to the algorithm.

Implements ArcSec::CombiningAlg.

Definition at line 11 of file PermitOverridesAlg.cpp.

  bool atleast_onedeny = false;
  bool atleast_onenotapplicable = false;

  std::list<Policy*>::iterator it;
  for(it = policies.begin(); it != policies.end(); it++) {
    Policy* policy = *it;
    Result res = policy->eval(ctx);

    //If get a return DECISION_PERMIT, then regardless of whatelse result from the other Rule,
    //always return PERMIT.
    if(res == DECISION_PERMIT)
      return DECISION_PERMIT;
    //If get a return DECISION_NOT_APPLICABLE (this usually happens when Attribute with corrsponding 
    //AttributeId can be found from RequestItem, but value does not match).
      atleast_onenotapplicable = true;
    //Keep track of whether we had at least one rule that is pertained to the request
    else if(res == DECISION_DENY)
      atleast_onedeny = true;
  //Some Rule said DENY, so since nothing could have permitted, return DENY
  if(atleast_onedeny) return DECISION_DENY;

  //No Rule said DENY, none of the rules actually applied, return NOT_APPLICABLE
  if(atleast_onenotapplicable) return DECISION_NOT_APPLICABLE;

  //If here, there is problem with one of the Rules, then return INDETERMINATE

Here is the call graph for this function:

virtual const std::string& ArcSec::PermitOverridesCombiningAlg::getalgId ( void  ) const [inline, virtual]

Get the identifier.

Implements ArcSec::CombiningAlg.

Definition at line 32 of file PermitOverridesAlg.h.

{return algId;};

Member Data Documentation

std::string ArcSec::PermitOverridesCombiningAlg::algId = "Permit-Overrides" [static, private]

Definition at line 15 of file PermitOverridesAlg.h.

The documentation for this class was generated from the following files: