#include <Permissions.h>

Collaboration diagram for OpenDDS::Security::Permissions::Action:

Public Member Functions
bool	topic_matches (const char *topic) const

bool	partitions_match (const DDS::StringSeq &entity_partitions, AllowDeny_t allow_or_deny) const

Public Attributes
PublishSubscribe_t	ps_type

std::vector< std::string >	topics

std::vector< std::string >	partitions

Detailed Description

Definition at line 47 of file Permissions.h.

Member Function Documentation

◆ partitions_match()

bool OpenDDS::Security::Permissions::Action::partitions_match	(	const DDS::StringSeq &	entity_partitions,
		AllowDeny_t	allow_or_deny
	)		const

Definition at line 232 of file Permissions.cpp.

References OpenDDS::Security::Permissions::ALLOW, OpenDDS::Security::Permissions::DENY, OPENDDS_END_VERSIONED_NAMESPACE_DECL, and OpenDDS::Security::AccessControlBuiltInImpl::pattern_match().

 {
   const unsigned int n_entity_names = entity_partitions.length();
   if (partitions.empty()) {
     if (allow_or_deny == DENY) {
       // DDS-Security v1.1 9.4.1.3.2.3.2.4
       // If there is no <partitions> section ... the deny action would
       // apply independent of the partition associated with the DDS Endpoint
       return true;
     }
     // DDS-Security v1.1 9.4.1.3.2.3.1.4
     // If there is no <partitions> Section within an allow rule, then the default "empty string" partition is
     // assumed. ... This means that the allow rule would only allow a DataWriter to publish on
     // the "empty string" partition.
     // DDS v1.4 2.2.3 "PARTITION"
     // The zero-length sequence is treated as a special value equivalent to a sequence containing a single
     // element consisting of the empty string.
     return n_entity_names == 0 || (n_entity_names == 1 && entity_partitions[0].in()[0] == 0);
   }
 
   for (unsigned int i = 0; i < n_entity_names; ++i) {
     bool found = false;
     for (vsiter_t perm_it = partitions.begin(); !found && perm_it != partitions.end(); ++perm_it) {
       if (AccessControlBuiltInImpl::pattern_match(entity_partitions[i], perm_it->c_str())) {
         found = true;
       }
     }
     if (allow_or_deny == ALLOW && !found) {
       // DDS-Security v1.1 9.4.1.3.2.3.1.4
       // In order for an action to meet the allowed partitions condition that appears
       // within an allow rule, the set of the Partitions associated with the DDS entity
       // ... must be contained in the set of partitions defined by the allowed partitions
       // condition section.
       return false; // i'th QoS partition name is not matched by any <partition> in Permissions
     }
     if (allow_or_deny == DENY && found) {
       // DDS-Security v1.1 9.4.1.3.2.3.2.4
       // In order for an action to be denied it must meet the denied partitions condition.
       // For this to happen one [or] more of the partition names associated with the DDS Entity
       // ... must match one [of] the partitions ... listed in the partitions condition section.
       return true; // i'th QoS partition name matches some <partition> in Permissions
     }
   }
 
   return allow_or_deny == ALLOW;
 }

◆ topic_matches()

bool OpenDDS::Security::Permissions::Action::topic_matches ( const char * topic ) const

Definition at line 222 of file Permissions.cpp.

References OpenDDS::Security::AccessControlBuiltInImpl::pattern_match().

 {
   for (vsiter_t it = topics.begin(); it != topics.end(); ++it) {
     if (AccessControlBuiltInImpl::pattern_match(topic, it->c_str())) {
       return true;
     }
   }
   return false;
 }