File indexing completed on 2023-10-03 03:19:57
0001 /* 0002 This file is part of the KDE project 0003 SPDX-FileCopyrightText: 2005-2007 Till Adam <adam@kde.org> 0004 0005 SPDX-License-Identifier: LGPL-2.0-or-later 0006 */ 0007 0008 #ifndef KACL_H 0009 #define KACL_H 0010 0011 #include "kiocore_export.h" 0012 #include <qplatformdefs.h> 0013 0014 #include <QList> 0015 #include <QPair> 0016 0017 #include <memory> 0018 0019 typedef QPair<QString, unsigned short> ACLUserPermissions; 0020 typedef QList<ACLUserPermissions> ACLUserPermissionsList; 0021 typedef QList<ACLUserPermissions>::iterator ACLUserPermissionsIterator; 0022 typedef QList<ACLUserPermissions>::const_iterator ACLUserPermissionsConstIterator; 0023 0024 typedef QPair<QString, unsigned short> ACLGroupPermissions; 0025 typedef QList<ACLGroupPermissions> ACLGroupPermissionsList; 0026 typedef QList<ACLGroupPermissions>::iterator ACLGroupPermissionsIterator; 0027 typedef QList<ACLGroupPermissions>::const_iterator ACLGroupPermissionsConstIterator; 0028 0029 /** 0030 * @class KACL kacl.h <KACL> 0031 * 0032 * The KACL class encapsulates a POSIX Access Control List. It follows the 0033 * little standard that couldn't, 1003.1e/1003.2c, which died in draft status. 0034 * @short a POSIX ACL encapsulation 0035 * @author Till Adam <adam@kde.org> 0036 */ 0037 class KIOCORE_EXPORT KACL 0038 { 0039 public: 0040 /** 0041 * Creates a new KACL from @p aclString. If the string is a valid acl 0042 * string, isValid() will afterwards return true. 0043 */ 0044 KACL(const QString &aclString); 0045 0046 /** Copy ctor */ 0047 KACL(const KACL &rhs); 0048 0049 /** 0050 * Creates a new KACL from the basic permissions passed in @p basicPermissions. 0051 * isValid() will return true, afterwards. 0052 */ 0053 KACL(mode_t basicPermissions); 0054 0055 /** 0056 * Creates an empty KACL. Until a valid acl string is set via setACL, 0057 * isValid() will return false. 0058 */ 0059 KACL(); 0060 0061 virtual ~KACL(); 0062 0063 KACL &operator=(const KACL &rhs); 0064 0065 bool operator==(const KACL &rhs) const; 0066 0067 bool operator!=(const KACL &rhs) const; 0068 0069 /** 0070 * Returns whether the KACL object represents a valid acl. 0071 * @return whether the KACL object represents a valid acl. 0072 */ 0073 bool isValid() const; 0074 0075 /** The standard (non-extended) part of an ACL. These map directly to 0076 * standard unix file permissions. Setting them will never make a valid 0077 * ACL invalid. */ 0078 0079 /** @return the owner's permissions entry */ 0080 unsigned short ownerPermissions() const; 0081 0082 /** Set the owner's permissions entry. 0083 * @return success or failure */ 0084 bool setOwnerPermissions(unsigned short); 0085 0086 /** @return the owning group's permissions entry */ 0087 unsigned short owningGroupPermissions() const; 0088 0089 /** Set the owning group's permissions entry. 0090 * @return success or failure */ 0091 bool setOwningGroupPermissions(unsigned short); 0092 0093 /** @return the permissions entry for others */ 0094 unsigned short othersPermissions() const; 0095 0096 /** Set the permissions entry for others. 0097 * @return success or failure */ 0098 bool setOthersPermissions(unsigned short); 0099 0100 /** @return the basic (owner/group/others) part of the ACL as a mode_t */ 0101 mode_t basePermissions() const; 0102 0103 /** The interface to the extended ACL. This is a mask, permissions for 0104 * n named users and permissions for m named groups. */ 0105 0106 /** 0107 * Return whether the ACL contains extended entries or can be expressed 0108 * using only basic file permissions. 0109 * @return whether the ACL contains extended entries */ 0110 bool isExtended() const; 0111 0112 /** 0113 * Return the entry for the permissions mask if there is one and sets 0114 * @p exists to true. If there is no such entry, @p exists is set to false. 0115 * @return the permissions mask entry */ 0116 unsigned short maskPermissions(bool &exists) const; 0117 0118 /** Set the permissions mask for the ACL. Permissions set for individual 0119 * entries will be masked with this, such that their effective permissions 0120 * are the result of the logical and of their entry and the mask. 0121 * @return success or failure */ 0122 bool setMaskPermissions(unsigned short); 0123 0124 /** 0125 * Access to the permissions entry for a named user, if such an entry 0126 * exists. If @p exists is non-null, the boolean variable it points to 0127 * is set to true if a matching entry exists and to false otherwise. 0128 * @return the permissions for a user entry with the name in @p name */ 0129 unsigned short namedUserPermissions(const QString &name, bool *exists) const; 0130 0131 /** Set the permissions for a user with the name @p name. Will fail 0132 * if the user doesn't exist, in which case the ACL will be unchanged. 0133 * @return success or failure. */ 0134 bool setNamedUserPermissions(const QString &name, unsigned short); 0135 0136 /** Returns the list of all group permission entries. Each entry consists 0137 * of a name/permissions pair. This is a QPair, therefore access is provided 0138 * via the .first and .next members. 0139 * @return the list of all group permission entries. */ 0140 ACLUserPermissionsList allUserPermissions() const; 0141 0142 /** Replace the list of all user permissions with @p list. If one 0143 * of the entries in the list does not exists, or setting of the ACL 0144 * entry fails for any reason, the ACL will be left unchanged. 0145 * @return success or failure */ 0146 bool setAllUserPermissions(const ACLUserPermissionsList &list); 0147 0148 /** 0149 * Access to the permissions entry for a named group, if such an entry 0150 * exists. If @p exists is non-null, the boolean variable it points to is 0151 * set to true if a matching entry exists and to false otherwise. 0152 * @return the permissions for a group with the name in @p name */ 0153 unsigned short namedGroupPermissions(const QString &name, bool *exists) const; 0154 0155 /** Set the permissions for a group with the name @p name. Will fail 0156 * if the group doesn't exist, in which case the ACL be unchanged. 0157 * @return success or failure. */ 0158 bool setNamedGroupPermissions(const QString &name, unsigned short); 0159 0160 /** Returns the list of all group permission entries. Each entry consists 0161 * of a name/permissions pair. This is a QPair, therefore access is provided 0162 * via the .first and .next members. 0163 * @return the list of all group permission entries. */ 0164 0165 ACLGroupPermissionsList allGroupPermissions() const; 0166 /** Replace the list of all user permissions with @p list. If one 0167 * of the entries in the list does not exists, or setting of the ACL 0168 * entry fails for any reason, the ACL will be left unchanged. 0169 * @return success or failure */ 0170 bool setAllGroupPermissions(const ACLGroupPermissionsList &); 0171 0172 /** Sets the whole list from a string. If the string in @p aclStr represents 0173 * a valid ACL, it will be set, otherwise the ACL remains unchanged. 0174 * @return whether setting the ACL was successful. */ 0175 bool setACL(const QString &aclStr); 0176 0177 /** Return a string representation of the ACL. 0178 * @return a string version of the ACL in the format compatible with libacl and 0179 * POSIX 1003.1e. Implementations conforming to that standard should be able 0180 * to take such strings as input. */ 0181 QString asString() const; 0182 0183 protected: 0184 virtual void virtual_hook(int id, void *data); 0185 0186 private: 0187 class KACLPrivate; 0188 std::unique_ptr<KACLPrivate> const d; 0189 KIOCORE_EXPORT friend QDataStream &operator<<(QDataStream &s, const KACL &a); 0190 KIOCORE_EXPORT friend QDataStream &operator>>(QDataStream &s, KACL &a); 0191 }; 0192 0193 KIOCORE_EXPORT QDataStream &operator<<(QDataStream &s, const KACL &a); 0194 KIOCORE_EXPORT QDataStream &operator>>(QDataStream &s, KACL &a); 0195 0196 #endif