Implement afb_req_has_permission

This new verb is available in bindings to check
whether the client identified by a request has
a given permission or not.

Change-Id: I5eaa0892d8260d26bd76f37123251c103c981e10
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

5 files changed, 61 insertions, 31 deletions

diff --git a/src/afb-auth.c b/src/afb-auth.c
index ff4ff9da..9d54a03b 100644
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -43,7 +43,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
 		return afb_context_check_loa(&xreq->context, auth->loa);
 
 	case afb_auth_Permission:
-		return afb_auth_check_permission(xreq, auth->text);
+		return afb_auth_has_permission(xreq, auth->text);
 
 	case afb_auth_Or:
 		return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next);
@@ -68,7 +68,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
 static cynara *handle;
 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
-int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
 {
 	int rc;
 
@@ -103,7 +103,7 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
 
 /*********************************************************************************/
 #else
-int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
 {
 	WARNING("Granting permission %s by default of backend", permission ?: "(null)");
 	return !!permission;
diff --git a/src/afb-auth.h b/src/afb-auth.h
index d388e777..db084037 100644
--- a/src/afb-auth.h
+++ b/src/afb-auth.h
@@ -21,5 +21,5 @@ struct afb_auth;
 struct afb_xreq;
 
 extern int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth);
-extern int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission);
+extern int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission);
 
diff --git a/src/afb-hook.c b/src/afb-hook.c
index 14076281..a8c836f8 100644
--- a/src/afb-hook.c
+++ b/src/afb-hook.c
@@ -317,6 +317,11 @@ static void hook_xreq_subcall_req_result_default_cb(void *closure, const struct
 	_hook_xreq_(xreq, "    ...subcall_req... -> %d: %s", status, json_object_to_json_string(result));
 }
 
+static void hook_xreq_has_permission_default_cb(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, const char *permission, int result)
+{
+	_hook_xreq_(xreq, "has_permission(%s) -> %d", permission, result);
+}
+
 static struct afb_hook_xreq_itf hook_xreq_default_itf = {
 	.hook_xreq_begin = hook_xreq_begin_default_cb,
 	.hook_xreq_end = hook_xreq_end_default_cb,
@@ -340,7 +345,8 @@ static struct afb_hook_xreq_itf hook_xreq_default_itf = {
 	.hook_xreq_store = hook_xreq_store_default_cb,
 	.hook_xreq_unstore = hook_xreq_unstore_default_cb,
 	.hook_xreq_subcall_req = hook_xreq_subcall_req_default_cb,
-	.hook_xreq_subcall_req_result = hook_xreq_subcall_req_result_default_cb
+	.hook_xreq_subcall_req_result = hook_xreq_subcall_req_result_default_cb,
+	.hook_xreq_has_permission = hook_xreq_has_permission_default_cb
 };
 
 /******************************************************************************
@@ -488,6 +494,12 @@ void afb_hook_xreq_subcall_req_result(const struct afb_xreq *xreq, int status, s
 	_HOOK_XREQ_(subcall_req_result, xreq, status, result);
 }
 
+int afb_hook_xreq_has_permission(const struct afb_xreq *xreq, const char *permission, int result)
+{
+	_HOOK_XREQ_(has_permission, xreq, permission, result);
+	return result;
+}
+
 /******************************************************************************
  * section: hooking xreqs
  *****************************************************************************/
diff --git a/src/afb-hook.h b/src/afb-hook.h
index 43341242..235e19d9 100644
--- a/src/afb-hook.h
+++ b/src/afb-hook.h
@@ -52,29 +52,30 @@ struct afb_hookid
 *********************************************************/
 
 /* individual flags */
-#define afb_hook_flag_req_begin			0x000001
-#define afb_hook_flag_req_end			0x000002
-#define afb_hook_flag_req_json			0x000004
-#define afb_hook_flag_req_get			0x000008
-#define afb_hook_flag_req_success		0x000010
-#define afb_hook_flag_req_fail			0x000020
-#define afb_hook_flag_req_context_get		0x000040
-#define afb_hook_flag_req_context_set		0x000080
-#define afb_hook_flag_req_addref		0x000100
-#define afb_hook_flag_req_unref			0x000200
-#define afb_hook_flag_req_session_close		0x000400
-#define afb_hook_flag_req_session_set_LOA	0x000800
-#define afb_hook_flag_req_subscribe		0x001000
-#define afb_hook_flag_req_unsubscribe		0x002000
-#define afb_hook_flag_req_subcall		0x004000
-#define afb_hook_flag_req_subcall_result	0x008000
-#define afb_hook_flag_req_subcallsync		0x010000
-#define afb_hook_flag_req_subcallsync_result	0x020000
-#define afb_hook_flag_req_vverbose		0x040000
-#define afb_hook_flag_req_store			0x080000
-#define afb_hook_flag_req_unstore		0x100000
-#define afb_hook_flag_req_subcall_req		0x200000
-#define afb_hook_flag_req_subcall_req_result	0x400000
+#define afb_hook_flag_req_begin			0x00000001
+#define afb_hook_flag_req_end			0x00000002
+#define afb_hook_flag_req_json			0x00000004
+#define afb_hook_flag_req_get			0x00000008
+#define afb_hook_flag_req_success		0x00000010
+#define afb_hook_flag_req_fail			0x00000020
+#define afb_hook_flag_req_context_get		0x00000040
+#define afb_hook_flag_req_context_set		0x00000080
+#define afb_hook_flag_req_addref		0x00000100
+#define afb_hook_flag_req_unref			0x00000200
+#define afb_hook_flag_req_session_close		0x00000400
+#define afb_hook_flag_req_session_set_LOA	0x00000800
+#define afb_hook_flag_req_subscribe		0x00001000
+#define afb_hook_flag_req_unsubscribe		0x00002000
+#define afb_hook_flag_req_subcall		0x00004000
+#define afb_hook_flag_req_subcall_result	0x00008000
+#define afb_hook_flag_req_subcallsync		0x00010000
+#define afb_hook_flag_req_subcallsync_result	0x00020000
+#define afb_hook_flag_req_vverbose		0x00040000
+#define afb_hook_flag_req_store			0x00080000
+#define afb_hook_flag_req_unstore		0x00100000
+#define afb_hook_flag_req_subcall_req		0x00200000
+#define afb_hook_flag_req_subcall_req_result	0x00400000
+#define afb_hook_flag_req_has_permission	0x00800000
 
 /* common flags */
 #define afb_hook_flags_req_life		(afb_hook_flag_req_begin|afb_hook_flag_req_end)
@@ -94,7 +95,7 @@ struct afb_hookid
 /* predefined groups */
 #define afb_hook_flags_req_common	(afb_hook_flags_req_life|afb_hook_flags_req_args|afb_hook_flags_req_result\
 					|afb_hook_flags_req_session|afb_hook_flags_req_event|afb_hook_flags_req_subcalls\
-					|afb_hook_flag_req_vverbose)
+					|afb_hook_flag_req_vverbose|afb_hook_flag_req_has_permission)
 #define afb_hook_flags_req_extra	(afb_hook_flags_req_common|afb_hook_flags_req_ref|afb_hook_flags_req_context\
 					|afb_hook_flags_req_stores)
 #define afb_hook_flags_req_all		(afb_hook_flags_req_extra)
@@ -123,6 +124,7 @@ struct afb_hook_xreq_itf {
 	void (*hook_xreq_unstore)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq);
 	void (*hook_xreq_subcall_req)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, const char *api, const char *verb, struct json_object *args);
 	void (*hook_xreq_subcall_req_result)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, int status, struct json_object *result);
+	void (*hook_xreq_has_permission)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, const char *permission, int result);
 };
 
 extern void afb_hook_init_xreq(struct afb_xreq *xreq);
@@ -155,6 +157,7 @@ extern void afb_hook_xreq_store(const struct afb_xreq *xreq, struct afb_stored_r
 extern void afb_hook_xreq_unstore(const struct afb_xreq *xreq);
 extern void afb_hook_xreq_subcall_req(const struct afb_xreq *xreq, const char *api, const char *verb, struct json_object *args);
 extern void afb_hook_xreq_subcall_req_result(const struct afb_xreq *xreq, int status, struct json_object *result);
+extern int afb_hook_xreq_has_permission(const struct afb_xreq *xreq, const char *permission, int result);
 
 /*********************************************************
 * section hooking ditf (daemon interface)
diff --git a/src/afb-xreq.c b/src/afb-xreq.c
index 8c7a38d5..3535ce5c 100644
--- a/src/afb-xreq.c
+++ b/src/afb-xreq.c
@@ -448,6 +448,12 @@ static struct afb_stored_req *xreq_store_cb(void *closure)
 	return closure;
 }
 
+static int xreq_has_permission_cb(void*closure, const char *permission)
+{
+	struct afb_xreq *xreq = closure;
+	return afb_auth_has_permission(xreq, permission);
+}
+
 /******************************************************************************/
 
 static struct json_object *xreq_hooked_json_cb(void *closure)
@@ -627,6 +633,13 @@ static struct afb_stored_req *xreq_hooked_store_cb(void *closure)
 	return r;
 }
 
+static int xreq_hooked_has_permission_cb(void*closure, const char *permission)
+{
+	struct afb_xreq *xreq = closure;
+	int r = xreq_has_permission_cb(closure, permission);
+	return afb_hook_xreq_has_permission(xreq, permission, r);
+}
+
 /******************************************************************************/
 
 const struct afb_req_itf xreq_itf = {
@@ -648,7 +661,8 @@ const struct afb_req_itf xreq_itf = {
 	.subcallsync = xreq_subcallsync_cb,
 	.vverbose = xreq_vverbose_cb,
 	.store = xreq_store_cb,
-	.subcall_req = xreq_subcall_req_cb
+	.subcall_req = xreq_subcall_req_cb,
+	.has_permission = xreq_has_permission_cb
 };
 
 const struct afb_req_itf xreq_hooked_itf = {
@@ -670,7 +684,8 @@ const struct afb_req_itf xreq_hooked_itf = {
 	.subcallsync = xreq_hooked_subcallsync_cb,
 	.vverbose = xreq_hooked_vverbose_cb,
 	.store = xreq_hooked_store_cb,
-	.subcall_req = xreq_hooked_subcall_req_cb
+	.subcall_req = xreq_hooked_subcall_req_cb,
+	.has_permission = xreq_hooked_has_permission_cb
 };
 
 /******************************************************************************/