2 Copyright (C) 2000-2003 SKYRIX Software AG
4 This file is part of OGo
6 OGo is free software; you can redistribute it and/or modify it under
7 the terms of the GNU Lesser General Public License as published by the
8 Free Software Foundation; either version 2, or (at your option) any
11 OGo is distributed in the hope that it will be useful, but WITHOUT ANY
12 WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
14 License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with OGo; see the file COPYING. If not, write to the
18 Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
23 #ifndef __SoObjects_SoClassSecurityInfo_H__
24 #define __SoObjects_SoClassSecurityInfo_H__
26 #import <Foundation/NSObject.h>
28 @class NSString, NSMutableSet, NSMutableDictionary, NSArray;
33 Storing security info for a SoClass.
35 Declaring Roles: mapping permissions to roles is the task of the system
36 administrator. Programmers should only declare default roles for:
41 TODO: default access (this is done in the meantime ?)
43 Adding security information to a class
44 ======================================
46 Per default classes are protected from outside access. Defining incorrect
47 protections is one of the most common problems when writing SOPE applications
48 since "security is hard" (Jim Fulton) ;-)
50 Because of that, we provide some user-defaults to control logging of
52 SoSecurityManagerDebugEnabled (bool) - debugging access
53 SoLogSecurityDeclarations (bool) - track information
55 To declare security information on an Objective-C class which you are using
56 as a SoClass, it's based to implemented the +initialize method:
59 // to mark the object public (not restricted to a user/role)
60 [[self soClassSecurityInfo] declareObjectPublic];
62 // to allow public access to all contained objects (subkeys)
63 [[self soClassSecurityInfo] setDefaultAccess:@"allow"];
65 // to protect a specific object
66 [[self soClassSecurityInfo]
67 declareProtected:SoPerm_View:@"test.html",nil];
70 For products it's much easier to declare the products' SoClasses and
71 their protections in the "product.plist" file.
76 @interface SoClassSecurityInfo : NSObject
78 NSMutableSet *publicNames;
79 NSMutableSet *privateNames;
80 NSMutableDictionary *nameToPerm;
81 NSMutableDictionary *defRoles;
82 NSString *defaultAccess;
84 NSString *objectPermission;
91 - (id)initWithSoClass:(SoClass *)_class;
93 /* attribute security */
95 - (BOOL)hasProtectionsForKey:(NSString *)_key;
96 - (BOOL)isKeyPrivate:(NSString *)_key;
97 - (BOOL)isKeyPublic:(NSString *)_key;
98 - (NSString *)permissionRequiredForKey:(NSString *)_key;
100 - (void)setDefaultAccess:(NSString *)_access;
101 - (NSString *)defaultAccess;
102 - (BOOL)hasDefaultAccessDeclaration;
103 - (void)declarePublic:(NSString *)_firstName, ...;
104 - (void)declarePrivate:(NSString *)_firstName, ...;
105 - (void)declareProtected:(NSString *)_perm:(NSString *)_firstName, ...;
107 /* object security */
109 - (BOOL)hasObjectProtections;
110 - (BOOL)isObjectPublic;
111 - (BOOL)isObjectPrivate;
112 - (NSString *)permissionRequiredForObject;
113 - (void)declareObjectPublic;
114 - (void)declareObjectPrivate;
115 - (void)declareObjectProtected:(NSString *)_perm;
117 /* default role mappings */
119 - (BOOL)hasDefaultRoleForPermission:(NSString *)_p;
121 - (void)declareRole:(NSString *)_role asDefaultForPermission:(NSString *)_p;
122 - (void)declareRoles:(NSArray *)_roles asDefaultForPermission:(NSString *)_p;
123 - (NSArray *)defaultRolesForPermission:(NSString *)_p;
125 - (void)declareRole:(NSString *)_role
126 asDefaultForPermissions:(NSString *)_firstPerm,...;
130 @interface NSObject(ObjCClassSecurityInfo)
132 + (SoClassSecurityInfo *)soClassSecurityInfo;
136 #endif /* __SoObjects_SoClassSecurityInfo_H__ */