iox::posix::AccessController🔗
abstraction class for the management of access control lists (ACLs). More...
#include <access_control.hpp>
Public Types🔗
Name | |
---|---|
enum acl_tag_t | Category { USER = ACL_USER_OBJ, SPECIFIC_USER = ACL_USER, GROUP = ACL_GROUP_OBJ, SPECIFIC_GROUP = ACL_GROUP, OTHERS = ACL_OTHER } identifier for a permission entry (user, group, others, ...) |
enum acl_perm_t | Permission { READ = ACL_READ, WRITE = ACL_WRITE, READWRITE = Permission::READ |
using cxx::string< 100 > | string_t |
Public Functions🔗
Name | |
---|---|
bool | addPermissionEntry(const Category f_category, const Permission f_permission, const uint32_t f_id =-1u) define and store a specific permission entry to be used by writePermissionsToFile. |
bool | addPermissionEntry(const Category f_category, const Permission f_permission, const string_t & f_name) just like addPermissionEntry(Category, Permission, int) but using a name instead of an id. |
bool | writePermissionsToFile(const int32_t f_fileDescriptor) const Write permission entries stored by the AccessController to a file identified by a file descriptor. |
Public Attributes🔗
Name | |
---|---|
constexpr int32_t | MaxNumOfPermissions maximum number of permission entries the AccessController can store |
Detailed Description🔗
class iox::posix::AccessController;
abstraction class for the management of access control lists (ACLs).
ACLs allow to define fine-grained access rights for files. In addition to the standard access rights, which can only distinguish between user/group/others, ACLs can be used to give specific access rights to named users and groups. ACL is part of the posix specification. The AccessController class is used to store ACL permission entries and provides a way to write those entries to a file. A permission entry can be seen as a combination of an access Category, a Permission and an optional name (used to identify specific users and groups.)
Public Types Documentation🔗
enum Category🔗
Enumerator | Value | Description |
---|---|---|
USER | ACL_USER_OBJ | |
SPECIFIC_USER | ACL_USER | a specific user must be identified by a name |
GROUP | ACL_GROUP_OBJ | |
SPECIFIC_GROUP | ACL_GROUP | a specific group must be identified by a name |
OTHERS | ACL_OTHER |
identifier for a permission entry (user, group, others, ...)
enum Permission🔗
Enumerator | Value | Description |
---|---|---|
READ | ACL_READ | |
WRITE | ACL_WRITE | |
READWRITE | Permission::READ | Permission::WRITE |
NONE | 0 |
access right for a permission entry
using string_t🔗
using iox::posix::AccessController::string_t = cxx::string<100>;
Public Functions Documentation🔗
function addPermissionEntry🔗
bool addPermissionEntry(
const Category f_category,
const Permission f_permission,
const uint32_t f_id =-1u
)
define and store a specific permission entry to be used by writePermissionsToFile.
Parameters:
- [f_id] id of the user or group. For Category::SPECIFIC_USER or Category::SPECIFIC_GROUP the id is required. Otherwise writing the permission entry to a file will fail. For the default user/group/others categories the id is ignored and can therefore be left empty. Do not forget to add permissions of the standard user/group/others categories before writing to a file.
- [f_permission] Permissions which should be applied to the category.
- [f_id] The group or user id - depending on the category. For Category::USER, Category::GROUP and Category::OTHER the f_id is not required for everything else a valid group or user id is mandatory.
function addPermissionEntry🔗
bool addPermissionEntry(
const Category f_category,
const Permission f_permission,
const string_t & f_name
)
just like addPermissionEntry(Category, Permission, int) but using a name instead of an id.
function writePermissionsToFile🔗
bool writePermissionsToFile(
const int32_t f_fileDescriptor
) const
Write permission entries stored by the AccessController to a file identified by a file descriptor.
Parameters:
- [f_fileDescriptor] identifier for a file (can be regular file, shared memory file, message queue file... everything is a file).
Return: true if succesful. If false, you can assume that the file has not been touched at all.
Public Attributes Documentation🔗
variable MaxNumOfPermissions🔗
static constexpr int32_t MaxNumOfPermissions = 20;
maximum number of permission entries the AccessController can store
Updated on 31 May 2022 at 15:29:15 CEST