From 5d18f7728e73ba1a5681998ad92f714879fb5aab Mon Sep 17 00:00:00 2001 From: stephb9959 Date: Fri, 20 Aug 2021 09:31:11 -0700 Subject: [PATCH] Initial checkins --- README.md | 42 ++++++++++++++++++++++++++++++++++ build | 2 +- openapi/ow_prov.yaml | 4 ++-- src/RESTAPI_entity_handler.cpp | 13 ++++------- 4 files changed, 50 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 316f83c..e598c97 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,44 @@ # OpenWiFi Provisioning +## Root entity +It's UUID value is 0000-0000-0000. Its parent entity must be empty. + +## Entity +You must set the parent of an entity. + +## Venue +When creating a venue, the top venue must have its entity property set to the owning entity, and its parent property empty. +For all sub venues, their entity must be set to empty and its parent entity must be set to the venue above it. + +## Management policy + +```json +{ + "default" : [], + "acls" : [ + { + "roles" : [ uuid1, uuid2, uuid3 ], + "access" : [ READ, WRITE, ... ] + } , + { + "roles" : [ ... ], + "access" : [ ... ] + } + ] +} +``` + +## Management roles +Management roles can be created using UUIDs from the SEC service. SEC service may ask prov if deleting a user +is OK. PROV should answer with username in use or something like this. + +Management roles are created by adding UUIDs into a group. Then that UUID may be used in any management +policy. + +Management roles must have a quick way to evaluate all the roles a user has. This is important for +speed. Roles ddo not use subscribers. + +So read all the roles, cross ref all the users sp you can apply access rules against a resource very quickly. + +If a user is part of 2 roles, then the access will be agregate. if NONE is found, then NONE wins. + diff --git a/build b/build index 7813681..c793025 100644 --- a/build +++ b/build @@ -1 +1 @@ -5 \ No newline at end of file +7 \ No newline at end of file diff --git a/openapi/ow_prov.yaml b/openapi/ow_prov.yaml index 00a2d78..987e9f9 100644 --- a/openapi/ow_prov.yaml +++ b/openapi/ow_prov.yaml @@ -229,14 +229,14 @@ components: type: string # uuids: mgg: - ManagementGroup: + ManagementRole: type: object properties: allOf: $ref: '#/components/schemas/ObjectInfo' managementPolicy: $ref: '#/components/schemas/ManagementPolicy' - managers: + users: type: array items: type: string diff --git a/src/RESTAPI_entity_handler.cpp b/src/RESTAPI_entity_handler.cpp index 84bbc25..d01077a 100644 --- a/src/RESTAPI_entity_handler.cpp +++ b/src/RESTAPI_entity_handler.cpp @@ -208,7 +208,7 @@ namespace OpenWifi{ LocalObject.info.modified = std::time(nullptr); std::string Error; - for(auto const &i:Request) { + for(auto const &i:Parameters_) { if(i.first == "addContact" || i.first == "delContact") { if(!Storage()->ContactDB().Exists("id",i.second)) { Error = "Unknown Contact UUID: " + i.second; @@ -225,10 +225,6 @@ namespace OpenWifi{ break; } } else if(i.first == "addManager" || i.first == "delManager") { - if(!Storage()->VenueDB().Exists("id",i.second)) { - Error = "Unknown Venue UUID: " + i.second; - break; - } } else { Error = "Unknown operation: " + i.first; break; @@ -241,8 +237,6 @@ namespace OpenWifi{ } if(Storage()->EntityDB().UpdateRecord("id",UUID,LocalObject)) { - Poco::JSON::Object Answer; - for(const auto &i:Request) { std::string Child{i.second}; if(i.first == "addContact") { @@ -258,10 +252,13 @@ namespace OpenWifi{ Storage()->EntityDB().DeleteLocation("id", UUID, Child); Storage()->LocationDB().DeleteEntity("id",Child,UUID); } else if (i.first == "addManager") { + Storage()->EntityDB().AddManager("id",UUID,Child); } else if (i.first == "delManager") { + Storage()->EntityDB().DeleteManager("id",UUID,Child); } } - + Poco::JSON::Object Answer; + Storage()->EntityDB().GetRecord("id",UUID, LocalObject); LocalObject.to_json(Answer); ReturnObject(Request, Answer, Response); return;