ARPA2 Common Libraries  2.2.25
Functions
Document Access Operations
Access Control for ARPA2 Identities » Access Control for Documents » Document Access Types
Collaboration diagram for Document Access Operations:

Functions

bool access_document (const a2id_t *remote, char *xsname, const uint8_t *opt_svckey, unsigned svckeylen, const char *opt_acl, unsigned acllen, access_rights *out_rights, a2act_t *optout_actor)
 Process Document Access Rules. More...
 

Detailed Description

Rules for Document Access currently have no support for attributes or triggers; they merely inform about the RIGHTS for Remote Selectors, either from database traversal or specified as ~selector in an explicit ACL Ruleset.

Function Documentation

◆ access_document()

bool access_document ( const a2id_t remote,
char *  xsname,
const uint8_t *  opt_svckey,
unsigned  svckeylen,
const char *  opt_acl,
unsigned  acllen,
access_rights out_rights,
a2act_t optout_actor 
)

Process Document Access Rules.

Parameters
[in]remoteis the ARPA2 Identity for the remote contact trying to access a document or folder. This is the Identity over which Iteration is done (in case of database lookups) or which is matched against ~selector (in explicit Rules).
[in]xsnameis the Access Name for the document or folder being sought. For ARPA2 Reservoir, the form is "/<colluuid>/" with a possible continuation that will be removed; for operator-defined volumes, the form is "//<user>@<volume>/<path>" or "//<volume>/<path>" which is not processed. Both forms need to use proper grammar. This value must not be NULL, but a minimum passable string is "//".
[in]opt_svckeymay be NULL or otherwise provides the Service Key. NULL requests the default Service Key, to be derived from the domain in local and without a Database Secret.
[in]svckeylenspecifies the lenght of opt_svckey but is only meaningful if that parameter is not NULL.
[in]opt_aclmay be NULL to perform Iteration on the remote to search the database for an ACL Ruleset or, if this parameter is not NULL, it will be used instead.
[in]acllenspecifies the length of opt_acl but is only meaningful if that parameter is not NULL.
[out]out_rightswill hold the Access Rights, which always contains V in case of success, but no rights at all in case of an error being returned.
[out]optout_actormay be NULL to avoid Actors, but will otherwise be filled with an Actor Identity if a valid =g<scene>+<actor> attribute is related to the accepting rule. The test !a2act_isempty() can be used to test that an Actor was supplied. This may for example be a group member, or a local name to be used while processing the document. Generally, the user address changes from remote to optout_actor.
Returns
This function returns false with a com_err in errno in case of technical problems, including errors in the grammar of xsname.
Generated by doxygen 1.9.1