redfish_authorization/subordinate_override.cc - gbmcweb - Git at Google

 #include "subordinate_override.h"

 #include "absl/strings/string_view.h"
 #include "authorizer_enums.h"
 #include "override.h"
 #include "redfish_entity_trie.h"

 namespace milotic::authz {

 bool SubordinateOverride::IsApplicable(absl::string_view uri,
                                        ecclesia::Operation operation) const {
   if (!operation_map_.contains(operation)) {
     return false;
   }

   // Get rid of end '/' in rule if it exists
   if (!uri.empty() && uri.back() == '/') {
     uri.remove_suffix(1);
   }

   // Note that SubordinateOverrideTargets are ordered in a way such that the
   // last element of override_targets_ must be the entity type of the
   // immediate parent of uri. The second last must be entity type of
   // grandparent of uri and etc.
   for (auto it = override_targets_.rbegin(); it != override_targets_.rend();
        ++it) {
     // Find parent uri of current uri and see if this matches with
     // subordinate override target.
     uri = uri.substr(0, uri.rfind('/'));

     // If uri is empty then it is not applicable
     if (uri.empty()) {
       return false;
     }

     // Some paths have / at the end of uri, some don't. Checking both
     if (*it !=
         ResourceEntityToString(redfish_entity_trie_.GetEntityType(uri))) {
       return false;
     }
   }

   return true;
 }

 Override::Type SubordinateOverride::GetOverrideType() const {
   return Override::kSubordinateOverride;
 }
 }  // namespace milotic::authz
	#include "subordinate_override.h"

	#include "absl/strings/string_view.h"
	#include "authorizer_enums.h"
	#include "override.h"
	#include "redfish_entity_trie.h"

	namespace milotic::authz {

	bool SubordinateOverride::IsApplicable(absl::string_view uri,
	ecclesia::Operation operation) const {
	if (!operation_map_.contains(operation)) {
	return false;
	}

	// Get rid of end '/' in rule if it exists
	if (!uri.empty() && uri.back() == '/') {
	uri.remove_suffix(1);
	}

	// Note that SubordinateOverrideTargets are ordered in a way such that the
	// last element of override_targets_ must be the entity type of the
	// immediate parent of uri. The second last must be entity type of
	// grandparent of uri and etc.
	for (auto it = override_targets_.rbegin(); it != override_targets_.rend();
	++it) {
	// Find parent uri of current uri and see if this matches with
	// subordinate override target.
	uri = uri.substr(0, uri.rfind('/'));

	// If uri is empty then it is not applicable
	if (uri.empty()) {
	return false;
	}

	// Some paths have / at the end of uri, some don't. Checking both
	if (*it !=
	ResourceEntityToString(redfish_entity_trie_.GetEntityType(uri))) {
	return false;
	}
	}

	return true;
	}

	Override::Type SubordinateOverride::GetOverrideType() const {
	return Override::kSubordinateOverride;
	}
	} // namespace milotic::authz