# # # # # rbac_util.cfv # # # get_admin_feature_permission() # # get_specific_profile_permission() # get_is_delete_profile_permission() # get_is_rename_profile_permission() # # get_is_file_manager_permission() # # get_config_feature_permission() # include "templates.util.base_util"; # # # # get_admin_feature_permission() # # # subroutine(get_admin_feature_permission( string session_id, string page_name, string feature_name), ( debug_message("\n\n#### get_admin_feature_permission() START \n"); bool is_permission = false; node super_admin = "sessions_cache." . session_id . ".session_info.user_grants.super_admin"; # Check first for view permission, regardless of the featur_name if (?(super_admin . "." . page_name . ".view")) then ( if ((feature_name eq "view") or (?(super_admin . "." . page_name . "." . feature_name))) then ( # Check for actual node value because the feature_name "unlimited_grants" # may be false is_permission = @(super_admin . "." . page_name . "." . feature_name); ); ); # Return is_permission is_permission; )); # # # # # get_specific_profile_permission() # # # # subroutine(get_specific_profile_permission( string profile_name, string feature_name),( # feature_name is delete_profile or rename_profile # Returns the permission # for the given profile_name and feature_name for the current user session debug_message("\n\n#### get_specific_profile_permission() START \n"); bool is_root_admin = get_is_root_admin(); bool is_permission = is_root_admin; if (!is_root_admin) then ( string session_id = volatile.session_id; node user_grants = "sessions_cache." . session_id . ".session_info.user_grants"; node all_profiles_grants = user_grants{"all_profiles_grants"}; node profiles_grants = user_grants{"profiles_grants"}; if (profiles_grants?{profile_name}) then ( # This profile exists in profiles_grants, so we use the specific profile grants node individual_profile_grants = profiles_grants{profile_name}; is_permission = @individual_profile_grants{feature_name}; ) else ( # Use the all profiles grants is_permission = @all_profiles_grants{feature_name}; ); ); # Return is_permission; )); # # # # # get_is_delete_profile_permission() # # # # subroutine(get_is_delete_profile_permission( string profile_name),( # Returns is_delete_profile_permission for the given profile_name for the current user session debug_message("\n\n#### get_is_delete_profile_permission() START \n"); bool is_delete_profile_permission = get_specific_profile_permission(profile_name, "delete_profile"); # Return is_delete_profile_permission; )); # # # # # get_is_rename_profile_permission() # # # # subroutine(get_is_rename_profile_permission( string profile_name),( # Returns is_rename_profile_permission for the given profile_name for the current user session debug_message("\n\n#### get_is_rename_profile_permission() START \n"); bool is_rename_profile_permission = get_specific_profile_permission(profile_name, "rename_profile"); # Return is_rename_profile_permission; )); # # # # # get_is_file_manager_permission() # # # # subroutine(get_is_file_manager_permission, ( # Returns true if the user has permission to access/view the file manager # debug_message("\n\n#### get_is_file_manager_page_permission() START \n"); bool is_root_admin = get_is_root_admin(); bool is_file_manager_permission = is_root_admin; if (!is_root_admin) then ( # # Check if the user has access to any page which includes the file manager # string session_id = volatile.session_id; node user_grants = "sessions_cache." . session_id . ".session_info.user_grants"; if (?(user_grants . ".super_admin.profiles.add")) then ( # is add profile permission (new profile wizard) is_file_manager_permission = true; ) else if (?(user_grants . ".super_admin.import_data.view")) then ( # is view import permission is_file_manager_permission = true; ) else if (user_grants?{"super_roles"}) then ( # # Check all super roles if it contains pages which allow file manager access # node super_roles = user_grants{"super_roles"}; node item; foreach item super_roles ( if (?(item . ".admin.profiles.add")) then ( is_file_manager_permission = true; last; ) else if (?(item . ".admin.import.view")) then ( is_file_manager_permission = true; last; ) else if (?(item . ".config.log_source.view")) then ( is_file_manager_permission = true; last; ) else if (?(item . ".config.report_options.view")) then ( is_file_manager_permission = true; last; ); ); ); ); # Return is_file_manager_permission; )); # # # # get_config_feature_permission() # # # subroutine(get_config_feature_permission( string session_id, string profile_name, string page_name, string feature_name), ( debug_message("\n\n#### get_config_feature_permission() START \n"); bool is_permission = false; node super_role = get_super_role_of_profile(session_id, profile_name); # Check first for view permission, regardless of the featur_name if (?(super_role . ".config." . page_name . ".view")) then ( if ((feature_name eq "view") or (?(super_role . ".config." . page_name . "." . feature_name))) then ( is_permission = true; ); ); # Return is_permission is_permission; ));