implement authorisation check

Change-Id: I2ef74b715a115acd11fa13744ba921e875f0bc65
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

2 files changed, 14 insertions, 9 deletions

diff --git a/include/afb/afb-auth.h b/include/afb/afb-auth.h
index fe29adec..ee089e7f 100644
--- a/include/afb/afb-auth.h
+++ b/include/afb/afb-auth.h
@@ -22,19 +22,24 @@
  */
 enum afb_auth_type
 {
-	afb_auth_No = 0,
-	afb_auth_Permission,
-	afb_auth_Or,
-	afb_auth_And,
-	afb_auth_Yes
+	afb_auth_No = 0,	/** never authorized, no data */
+	afb_auth_Token,		/** authorized if token valid, no data */
+	afb_auth_LOA,		/** authorized if LOA greater than data 'loa' */
+	afb_auth_Permission,	/** authorized if permission 'text' is granted */
+	afb_auth_Or,		/** authorized if 'first' or 'next' is authorized */
+	afb_auth_And,		/** authorized if 'first' and 'next' are authorized */
+	afb_auth_Not,		/** authorized if 'first' is not authorized */
+	afb_auth_Yes		/** always authorized, no data */
 };
 
-struct afb_auth_desc
+struct afb_auth
 {
-	enum afb_auth_type type;
+	const enum afb_auth_type type;
 	union {
 		const char *text;
-		struct afb_auth_desc *child[2];
+		const unsigned loa;
+		const struct afb_auth *first;
 	};
+	const struct afb_auth *next;
 };
 
diff --git a/include/afb/afb-binding-v2.h b/include/afb/afb-binding-v2.h
index 80e2385d..19bff05a 100644
--- a/include/afb/afb-binding-v2.h
+++ b/include/afb/afb-binding-v2.h
@@ -43,7 +43,7 @@ struct afb_verb_v2
 {
 	const char *verb;                       /* name of the verb */
 	void (*callback)(struct afb_req req);   /* callback function implementing the verb */
-	struct afb_auth *auth;			/* required authorisation */
+	const struct afb_auth *auth;			/* required authorisation */
 	uint32_t session;                       /* authorisation and session requirements of the verb */
 };