-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: 5.0 Required
-
Component/s: None
-
None
-
Fully Compatible
-
Security 2021-03-08
- We need to add create a class that can track the checks and privileges made by AuthorizationSession and a class for IDL to store its contract
- AuthorizationSessionImpl will be augmented with this class in a later ticket
- IDL will write this contract into a member variable of the generated command class
This class should have at minimal the following information to support its needs
- Constructor(initializer_list<acess_checks>, initializer_list<privileges>) - to be used to IDL to generate code
- Stores a stdx::unordered_map<ResourcePattern, ActionSet>
- Stores a bitset for all the access checks in AuthorizationSession except for privilege checks
- Note the privilege check isAuthorizedForAnyActionOnAnyResourceInDB - counts as a access check
- Has getters/setters
- Add a method to verify a contract is a subset of another
- Naive O(N^2) algo should be fine since number of checks is usually 1-3 except for agg
C++ Unit Tests to add
- Validate a none generated contract
- Validate a simple generated contract with a privilege
- Validate a simple generated contract with a check
- Validate a complex generated contract with a mix of privileges and checks
- depends on
-
-
- Closed
-
-
-
- Closed
-
- is depended on by
-
-
- Closed
-