Class: Baykit::BayServer::Docker::BuiltIn::BuiltInPermissionDocker

Inherits:

Baykit::BayServer::Docker::Base::DockerBase

• Object
• Baykit::BayServer::Docker::Base::DockerBase
• Baykit::BayServer::Docker::BuiltIn::BuiltInPermissionDocker

Includes:

Baykit::BayServer, Bcf, Common, Permission, Util

Defined in:

lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb

Defined Under Namespace

Modules: PermissionMatcher Classes: CheckItem, HostPermissionMatcher, IpPermissionMatcher

Instance Attribute Summary

• #check_list ⇒ Object readonly

  Returns the value of attribute check_list.

• #groups ⇒ Object readonly

  Returns the value of attribute groups.

Attributes inherited from Baykit::BayServer::Docker::Base::DockerBase

#type

Instance Method Summary

• #init(elm, parent) ⇒ Object
• #init_key_val(kv) ⇒ Object
• #initialize ⇒ BuiltInPermissionDocker constructor

  A new instance of BuiltInPermissionDocker.

• #socket_admitted(skt) ⇒ Object
• #tour_admitted(tur) ⇒ Object

Methods included from Permission

#socket_admitterd

Methods included from Docker

#type

Methods inherited from Baykit::BayServer::Docker::Base::DockerBase

#init_docker, #to_s

Constructor Details

#initialize ⇒ BuiltInPermissionDocker

Returns a new instance of BuiltInPermissionDocker.

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 102

def initialize
  @check_list = []
  @groups = []
end

Instance Attribute Details

#check_list ⇒ Object (readonly)

Returns the value of attribute check_list.

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 99

def check_list
  @check_list
end

#groups ⇒ Object (readonly)

Returns the value of attribute groups.

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 100

def groups
  @groups
end

Instance Method Details

#init(elm, parent) ⇒ Object

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 107

def init(elm, parent)
  super
end

#init_key_val(kv) ⇒ Object

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 111

def init_key_val(kv)
  case kv.key.downcase
  when "admit", "allow"
    parse_value(kv).each do |permission_matcher|
      @check_list.append(CheckItem.new(permission_matcher, true))
    end

  when "refuse", "deny"
    parse_value(kv).each do |permission_matcher|
      @check_list.append(CheckItem.new(permission_matcher, false))
    end

  when "group"
    kv.value.split(" ").each do |group_name|
      g = BayServer.harbor.groups.get_group(group_name)
      if g == nil
        raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_GROUP_NOT_FOUND, group_name))
      end
      @groups.append(g)
    end

  else
    raise ConfigException.new(kv.file_name, kv.line_no, BayMessage.get(:CFG_INVALID_PERMISSION_DESCRIPTION, kv.value))

  end

  return true
end

#socket_admitted(skt) ⇒ Object

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 140

def socket_admitted(skt)
  # Check remote host
  isOk = true
  @check_list.each do |chk|
    if chk.admit
      if chk.socket_admitted(skt)
        isOk = true
        break
      end
    else
      if !chk.socket_admitted(skt)
        isOk = false
        break
      end
    end
  end

  if !isOk
    BayLog.error("Permission error: socket not admitted: %s", skt)
    raise HttpException.new HttpStatus::FORBIDDEN
  end
end

#tour_admitted(tur) ⇒ Object

# File 'lib/baykit/bayserver/docker/built_in/built_in_permission_docker.rb', line 164

def tour_admitted(tur)
  # Check remote host
  is_ok = true
  @check_list.each do |chk|
    if chk.admit
      if chk.tour_admitted(tur)
        is_ok = true
        break
      end
    else
      if !chk.tour_admitted(tur)
        is_ok = false
        break
      end
    end
  end

  if !is_ok
    raise HttpException.new(HttpStatus::FORBIDDEN, tur.req.uri)
  end

  if @groups.empty?
    return
  end

  # Check member
  is_ok = false
  if tur.req.remote_user != nil
    @groups.each do |grp|
      if grp.validate(tur.req.remote_user, tur.req.remote_pass)
        is_ok = true
        break
      end
    end
  end

  if !is_ok
    tur.res.headers.set(Headers::WWW_AUTHENTICATE, "Basic realm=\"Auth\"")
    raise HttpException.new(HttpStatus::UNAUTHORIZED)
  end
end