Poco::OSP::Auth

class AuthAdminService

Library: OSP/Auth
Package: Auth
Header: Poco/OSP/Auth/AuthAdminService.h

Description

This service interface extends the basic AuthService interface with methods for administrating users, roles and their permissions.

Users can have assigned permissions and roles. Roles have assigned permissions as well. The effective permissions of a user are his directly assigned permissions plus the permissions assigned through the roles has has been assigned. Use of roles is thus optional.

Each user can have an arbitrary number of attributes.

Inheritance

Direct Base Classes: AuthService

All Base Classes: AuthService, Poco::OSP::Service, Poco::RefCountedObject

Known Derived Classes: AbstractLDAPAuthAdminService

Member Summary

Member Functions: addRole, addUser, assignRoleToUser, attributesForUser, changePassword, effectivePermissionsForUser, findUsersByAttribute, getUserAttribute, grantPermissionsToRole, grantPermissionsToUser, isA, permissionsForRole, permissionsForUser, removeRole, removeRoleFromUser, removeUser, removeUserAttribute, replacePermissionsForRole, replacePermissionsForUser, replaceRolesForUser, replaceUserAttributes, revokePermissionsFromRole, revokePermissionsFromUser, roleExists, roles, rolesForUser, setUserAttribute, type, uncacheUser, userExists, users, usersWithAttribute, usersWithName, usersWithPermission, usersWithRole

Inherited Functions: authenticate, authorize, duplicate, isA, referenceCount, release, type

Types

Ptr

typedef Poco::AutoPtr < AuthAdminService > Ptr;

Member Functions

addRole virtual

virtual void addRole(
    const std::string & rolename
) = 0;

Adds a new role to the database.

Throws a Poco::ExistsException if a role with the given name already exists.

addUser virtual

virtual void addUser(
    const std::string & username,
    const std::string & password
) = 0;

Adds a new user to the database.

Throws a Poco::ExistsException if an user with the given username already exists.

assignRoleToUser virtual

virtual void assignRoleToUser(
    const std::string & username,
    const std::string & rolename
) = 0;

Assigns a role to an user.

Throws a Poco::NotFoundException if the user or role does not exist. Does nothing if the user already has the role.

attributesForUser virtual

virtual void attributesForUser(
    const std::string & username,
    std::set < std::string > & attributes
) const = 0;

Returns the names of all attributes set for the given username.

attributesForUser virtual

virtual void attributesForUser(
    const std::string & username,
    std::map < std::string, std::string > & attributes
) const = 0;

Returns the names and values of all attributes set for the given username.

changePassword virtual

virtual void changePassword(
    const std::string & username,
    const std::string & password
) = 0;

Changes the password for the user with the given username.

effectivePermissionsForUser virtual

virtual void effectivePermissionsForUser(
    const std::string & username,
    std::set < std::string > & permissions
) const = 0;

Returns a set of permissions for the user given by username. Both permissions directly granted to the user and permissions granted indirectly through roles will be included in the result.

Throws a Poco::NotFoundException if the user does not exist.

findUsersByAttribute virtual

virtual std::vector < std::string > findUsersByAttribute(
    const std::string & attribute,
    const std::string & value
) const = 0;

Returns the names of all users having an attribute with the given value.

getUserAttribute virtual

virtual std::string getUserAttribute(
    const std::string & username,
    const std::string & attribute,
    const std::string & deflt = std::string ()
) const = 0;

Returns the value of a user attribute, or the specified default value if the user attribute does not exist.

grantPermissionsToRole virtual

virtual void grantPermissionsToRole(
    const std::string & rolename,
    const std::set < std::string > & permissions
) = 0;

Grants the given permissions to the role identified by rolename.

Throws a Poco::NotFoundException if the role does not exist.

grantPermissionsToUser virtual

virtual void grantPermissionsToUser(
    const std::string & username,
    const std::set < std::string > & permissions
) = 0;

Grants the given permissions to the user identified by username.

Throws a Poco::NotFoundException if the user does not exist.

isA virtual

bool isA(
    const std::type_info & otherType
) const;

permissionsForRole virtual

virtual void permissionsForRole(
    const std::string & rolename,
    std::set < std::string > & permissions
) const = 0;

Returns a set of permissions for the role given by rolename.

Throws a Poco::NotFoundException if the role does not exist.

permissionsForUser virtual

virtual void permissionsForUser(
    const std::string & username,
    std::set < std::string > & permissions
) const = 0;

Returns a set of permissions for the user given by username. Only permissions directly granted to the user will be returned. Permissions granted indirectly through roles will not be included.

Throws a Poco::NotFoundException if the user does not exist.

removeRole virtual

virtual void removeRole(
    const std::string & rolename
) = 0;

Removes the role identified by name from the database.

Throws a Poco::NotFoundException if the role does not exist.

removeRoleFromUser virtual

virtual void removeRoleFromUser(
    const std::string & username,
    const std::string & rolename
) = 0;

Removes a role from an user.

Throws a Poco::NotFoundException if the user does not exist. Does nothing if the user does not have the role.

removeUser virtual

virtual void removeUser(
    const std::string & username
) = 0;

Removes the user identified by username from the database.

Throws a Poco::NotFoundException if the user does not exist.

removeUserAttribute virtual

virtual void removeUserAttribute(
    const std::string & username,
    const std::string & attribute
) = 0;

Removes the given attribute from username.

replacePermissionsForRole virtual

virtual void replacePermissionsForRole(
    const std::string & rolename,
    const std::set < std::string > & permissions
) = 0;

Removes all previously granted permissions and grants the given permissions to the role identified by rolename.

Throws a Poco::NotFoundException if the role does not exist.

replacePermissionsForUser virtual

virtual void replacePermissionsForUser(
    const std::string & username,
    const std::set < std::string > & permissions
) = 0;

Removes all previously granted permissions and grants the given permissions to the user identified by username.

Throws a Poco::NotFoundException if the user does not exist.

replaceRolesForUser virtual

virtual void replaceRolesForUser(
    const std::string & username,
    const std::set < std::string > & roles
) = 0;

Unassignes all roles from the user, then assigns the given roles.

Throws a Poco::NotFoundException if the user does not exist.

replaceUserAttributes virtual

virtual void replaceUserAttributes(
    const std::string & username,
    const std::map < std::string, std::string > & attributes
) = 0;

Replaces the attributes of the given user.

revokePermissionsFromRole virtual

virtual void revokePermissionsFromRole(
    const std::string & rolename,
    const std::set < std::string > & permissions
) = 0;

Revokes the given permissions from the role identified by rolename.

Throws a Poco::NotFoundException if the role does not exist.

revokePermissionsFromUser virtual

virtual void revokePermissionsFromUser(
    const std::string & username,
    const std::set < std::string > & permissions
) = 0;

Revokes the given permissions from the user identified by username.

Throws a Poco::NotFoundException if the user does not exist.

roleExists virtual

virtual bool roleExists(
    const std::string & rolename
) const = 0;

Returns true if and only if a role with the given rolename exists.

roles virtual

virtual void roles(
    std::set < std::string > & roles
) const = 0;

Returns a set of all roles in the database.

rolesForUser virtual

virtual void rolesForUser(
    const std::string & username,
    std::set < std::string > & roles
) const = 0;

Returns the set of roles assigned to the user identified by username.

setUserAttribute virtual

virtual void setUserAttribute(
    const std::string & username,
    const std::string & attribute,
    const std::string & value
) = 0;

Sets the value of a user attribute.

type virtual

const std::type_info & type() const;

uncacheUser virtual

virtual void uncacheUser(
    const std::string & username
) = 0;

Removes all cached data for the user with the given name.

Should be done when a user logs out of an application.

userExists virtual

virtual bool userExists(
    const std::string & username
) const = 0;

Returns true if and only if a user with the given username exists.

users virtual

virtual int users(
    std::set < std::string > & users,
    int first = 0,
    int limit = 0
) const = 0;

Returns a list of all users in the database.

This method supports "paged" retrieval. First specifies the index of the first user to be returned. Limit specifies the maximum number of users to return.

Returns the total number of users.

usersWithAttribute virtual

virtual int usersWithAttribute(
    std::set < std::string > & users,
    const std::string & attribute,
    const std::string & value,
    int first = 0,
    int limit = 0
) const = 0;

Returns a list of all users in the database having the given attribute.

This method supports "paged" retrieval. First specifies the index of the first user to be returned. Limit specifies the maximum number of users to return.

Returns the total number of users with the given attribute.

usersWithName virtual

virtual int usersWithName(
    std::set < std::string > & users,
    const std::string & pattern,
    int first = 0,
    int limit = 0
) const = 0;

Returns a list of all users in the database matching the given pattern.

An asterisk '*' in the expression matches any sequence of characters, even an empty sequence. A question mark '?' matches any single character.

This method supports "paged" retrieval. First specifies the index of the first user to be returned. Limit specifies the maximum number of users to return.

Returns the total number of users.

usersWithPermission virtual

virtual int usersWithPermission(
    std::set < std::string > & users,
    const std::string & permission,
    int first = 0,
    int limit = 0
) const = 0;

Returns a list of all users in the database having the given permission.

Only users having the given permission granted explicitly are returned. Users having a permission only granted implicitly via a role are ignored.

This method supports "paged" retrieval. First specifies the index of the first user to be returned. Limit specifies the maximum number of users to return.

Returns the total number of users with the given permission.

usersWithRole virtual

virtual int usersWithRole(
    std::set < std::string > & users,
    const std::string & role,
    int first = 0,
    int limit = 0
) const = 0;

Returns a list of all users in the database having the given role.

Only users having been explicitly assigned the role are returned.

This method supports "paged" retrieval. First specifies the index of the first user to be returned. Limit specifies the maximum number of users to return.

Returns the total number of users with the given role.

Variables

SERVICE_NAME static

static const std::string SERVICE_NAME;

roleAdded

Poco::BasicEvent < const std::string > roleAdded;

Fired when a new role has been created.

roleRemoved

Poco::BasicEvent < const std::string > roleRemoved;

Fired when a role has been removed.

userAdded

Poco::BasicEvent < const std::string > userAdded;

Fired when a new user account has been created.

userRemoved

Poco::BasicEvent < const std::string > userRemoved;

Fired when a user account has been removed.