FabInfra-Mirror/borepin
1
0
Fork 0
mirror of https://gitlab.com/fabinfra/fabaccess/borepin.git synced 2025-03-12 23:01:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Comment out old API Wrapper Classes

Browse Source
This commit is contained in:
TheJoKlLa 2021-09-07 23:00:48 +02:00
parent 426403c495
commit d895405044
4 changed files with 395 additions and 395 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
FabAccessAPI/Auth.cs
View File

@ -1,55 +1,55 @@
using FabAccessAPI.Schema; //using FabAccessAPI.Schema;
using S22.Sasl; //using S22.Sasl;
using System.Collections.Generic; //using System.Collections.Generic;
using System.Linq; //using System.Linq;
using System.Threading.Tasks; //using System.Threading.Tasks;
using Exception = System.Exception; //using Exception = System.Exception;
namespace FabAccessAPI //namespace FabAccessAPI
{ //{
// / Authentication Identity // / Authentication Identity
// / // /
// / Under the hood a string because the form depends heavily on the method // / Under the hood a string because the form depends heavily on the method
public struct AuthCId { // public struct AuthCId {
public string Id { get; private set; } // public string Id { get; private set; }
public AuthCId(string id) : this() { Id = id; } // public AuthCId(string id) : this() { Id = id; }
} // }
// / Authorization Identity // / Authorization Identity
// / // /
// / This identity is internal to FabAccess and completely independent from the authentication // / This identity is internal to FabAccess and completely independent from the authentication
// / method or source // / method or source
public struct AuthZId { // public struct AuthZId {
// / Main User ID. Generally an user name or similar // / Main User ID. Generally an user name or similar
public string Uid; // public string Uid;
// / Sub user ID. // / Sub user ID.
// / // /
// / Can change scopes for permissions, e.g. having a +admin account with more permissions than // / Can change scopes for permissions, e.g. having a +admin account with more permissions than
// / the default account and +dashboard et.al. accounts that have restricted permissions for // / the default account and +dashboard et.al. accounts that have restricted permissions for
// / their applications // / their applications
public string Subuid; // public string Subuid;
// / Realm this account originates. // / Realm this account originates.
// / // /
// / The Realm is usually described by a domain name but local policy may dictate an unrelated // / The Realm is usually described by a domain name but local policy may dictate an unrelated
// / mapping // / mapping
public string Realm; // public string Realm;
} // }
// / Authentication/Authorization user object. // / Authentication/Authorization user object.
// / // /
// / This struct contains the user as is passed to the actual authentication/authorization // / This struct contains the user as is passed to the actual authentication/authorization
// / subsystems // / subsystems
// / // /
public struct AuthUser { // public struct AuthUser {
// / Contains the Authentication ID used // / Contains the Authentication ID used
// / // /
// / The authentication ID is an identifier for the authentication exchange. This is different // / The authentication ID is an identifier for the authentication exchange. This is different
// / than the ID of the user to be authenticated; for example when using x509 the authcid is // / than the ID of the user to be authenticated; for example when using x509 the authcid is
// / the dn of the certificate, when using GSSAPI the authcid is of form `<userid>@<REALM>` // / the dn of the certificate, when using GSSAPI the authcid is of form `<userid>@<REALM>`
public AuthCId Authcid; // public AuthCId Authcid;
// / Contains the Authorization ID // / Contains the Authorization ID
// / // /
@ -60,21 +60,21 @@ namespace FabAccessAPI
// / to split normal user and "admin" accounts. // / to split normal user and "admin" accounts.
// / If a method requires a specific authcid that is different from the identifier of the user // / If a method requires a specific authcid that is different from the identifier of the user
// / to authenticate as, e.g. GSSAPI, x509 client certificates, API TOKEN authentication. // / to authenticate as, e.g. GSSAPI, x509 client certificates, API TOKEN authentication.
public AuthZId Authzid; // public AuthZId Authzid;
// / Contains the authentication method used // / Contains the authentication method used
// / // /
// / For the most part this is the SASL method // / For the most part this is the SASL method
public string AuthMethod; // public string AuthMethod;
// / Method-specific key-value pairs // / Method-specific key-value pairs
// / // /
// / Each method can use their own key-value pairs. // / Each method can use their own key-value pairs.
// / E.g. EXTERNAL encodes the actual method used (x509 client certs, UID/GID for unix sockets, // / E.g. EXTERNAL encodes the actual method used (x509 client certs, UID/GID for unix sockets,
// / ...) // / ...)
public Dictionary<string, string> Kvs; // public Dictionary<string, string> Kvs;
} // }
// Authentication has two parts: Granting the authentication itself and then performing the // Authentication has two parts: Granting the authentication itself and then performing the
// authentication. // authentication.
@ -83,81 +83,81 @@ namespace FabAccessAPI
// a programming failure — the authcid come from the same source as that tuple // a programming failure — the authcid come from the same source as that tuple
// b) the given authcid may authenticate as the given authzid. E.g. if a given client certificate // b) the given authcid may authenticate as the given authzid. E.g. if a given client certificate
// has been configured for that user, if a GSSAPI user maps to a given user, // has been configured for that user, if a GSSAPI user maps to a given user,
public enum AuthError { // public enum AuthError {
// / Authentication ID is bad/unknown/.. // / Authentication ID is bad/unknown/..
BadAuthcid, // BadAuthcid,
// / Authorization ID is unknown/.. // / Authorization ID is unknown/..
BadAuthzid, // BadAuthzid,
// / Authorization ID is not of form user+uid@realm // / Authorization ID is not of form user+uid@realm
MalformedAuthzid, // MalformedAuthzid,
// / User may not use that authorization id // / User may not use that authorization id
NotAllowedAuthzid, // NotAllowedAuthzid,
} // }
public class UnauthorizedException : Exception{} // public class UnauthorizedException : Exception{}
public class UnsupportedMechanismException : Exception{} // public class UnsupportedMechanismException : Exception{}
// / <summary> // / <summary>
// / THIS IS VERY INCOMPLETE! // / THIS IS VERY INCOMPLETE!
// / </summary> // / </summary>
public class Auth { // public class Auth {
#region Log // #region Log
private static readonly log4net.ILog _Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); // private static readonly log4net.ILog _Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
#endregion // #endregion
private IAuthentication _authCap; // private IAuthentication _authCap;
public Auth(IAuthentication authCap) { // public Auth(IAuthentication authCap) {
_authCap = authCap; // _authCap = authCap;
} // }
public Task<IReadOnlyList<string>> GetMechanisms() { // public Task<IReadOnlyList<string>> GetMechanisms() {
return _authCap.Mechanisms(); // return _authCap.Mechanisms();
} // }
public async Task<bool> Authenticate(string mech, Dictionary<string, object> properties) { // public async Task<bool> Authenticate(string mech, Dictionary<string, object> properties) {
var m = SaslFactory.Create(mech); // var m = SaslFactory.Create(mech);
foreach (KeyValuePair<string, object> entry in properties) { // foreach (KeyValuePair<string, object> entry in properties) {
m.Properties.Add(entry.Key, entry.Value); // m.Properties.Add(entry.Key, entry.Value);
} // }
var initialResponse = new Request.initialResponse(); // var initialResponse = new Request.initialResponse();
if (m.HasInitial) { // if (m.HasInitial) {
initialResponse.Initial = m.GetResponse(new byte[0]); // initialResponse.Initial = m.GetResponse(new byte[0]);
} // }
var req = new Request { // var req = new Request {
Mechanism = m.Name, // Mechanism = m.Name,
InitialResponse = initialResponse // InitialResponse = initialResponse
}; // };
var resp = await _authCap.Start(req); // var resp = await _authCap.Start(req);
while (!m.IsCompleted) { // while (!m.IsCompleted) {
if (resp.which == Response.WHICH.Challence) { // if (resp.which == Response.WHICH.Challence) {
var additional = m.GetResponse(resp.Challence.ToArray()); // var additional = m.GetResponse(resp.Challence.ToArray());
resp = await _authCap.Step(additional); // resp = await _authCap.Step(additional);
} // }
else { // else {
break; // break;
} // }
} // }
if (resp.which == Response.WHICH.Outcome) { // if (resp.which == Response.WHICH.Outcome) {
if (resp.Outcome.Result == Response.Result.successful) { // if (resp.Outcome.Result == Response.Result.successful) {
return true; // return true;
} // }
else { // else {
// TODO: Provide meaningful info about auth failure // TODO: Provide meaningful info about auth failure
return false; // return false;
} // }
} // }
return false; // return false;
} // }
} // }
} //}

112
FabAccessAPI/Connection.cs
View File

@ -1,64 +1,64 @@
using Capnp.Rpc; //using Capnp.Rpc;
using FabAccessAPI.Schema; //using FabAccessAPI.Schema;
using System; //using System;
using System.Collections.Generic; //using System.Collections.Generic;
using System.Linq; //using System.Linq;
using System.Threading; //using System.Threading;
using System.Threading.Tasks; //using System.Threading.Tasks;
namespace FabAccessAPI { //namespace FabAccessAPI {
public class Connection { // public class Connection {
#region private variables // #region private variables
private readonly TcpRpcClient? _rpcClient = null; // private readonly TcpRpcClient? _rpcClient = null;
private readonly IBootstrap? _bootstrapCap = null; // private readonly IBootstrap? _bootstrapCap = null;
private Auth? _auth = null; // private Auth? _auth = null;
private Machines? _machines = null; // private Machines? _machines = null;
#endregion // #endregion
public TcpRpcClient? RpcClient => _rpcClient; // public TcpRpcClient? RpcClient => _rpcClient;
#region Log // #region Log
private static readonly log4net.ILog _Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); // private static readonly log4net.ILog _Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
#endregion // #endregion
/// <summary> // /// <summary>
/// // ///
/// </summary> // /// </summary>
/// <param name="rpcClient">Should be an already configured and connected TcpRpcClient</param> // /// <param name="rpcClient">Should be an already configured and connected TcpRpcClient</param>
public Connection(TcpRpcClient rpcClient) { // public Connection(TcpRpcClient rpcClient) {
_rpcClient = rpcClient; // _rpcClient = rpcClient;
_bootstrapCap = _rpcClient.GetMain<IBootstrap>(); // _bootstrapCap = _rpcClient.GetMain<IBootstrap>();
_Log.Debug($"Done bootstraping API connection."); // _Log.Debug($"Done bootstraping API connection.");
} // }
/// <summary> // /// <summary>
/// Authenticate this connection. // /// Authenticate this connection.
/// Calling this more then once is UB // /// Calling this more then once is UB
/// </summary> // /// </summary>
/// <param name="mech">The desired authentication mechanism</param> // /// <param name="mech">The desired authentication mechanism</param>
/// <param name="kvs">Key-Value data specific to the mechanism</param> // /// <param name="kvs">Key-Value data specific to the mechanism</param>
/// <returns></returns> // /// <returns></returns>
public async Task Auth(string mech, Dictionary<string, object> kvs, CancellationToken cancellationToken_ = default) { // public async Task Auth(string mech, Dictionary<string, object> kvs, CancellationToken cancellationToken_ = default) {
// _bootstrapCap = await _bootstrapCap.Unwrap(); // // _bootstrapCap = await _bootstrapCap.Unwrap();
var authCap = await _bootstrapCap.Auth(cancellationToken_); // var authCap = await _bootstrapCap.Auth(cancellationToken_);
_auth = new Auth(authCap); // _auth = new Auth(authCap);
var mechs = await _auth.GetMechanisms(); // var mechs = await _auth.GetMechanisms();
_Log.Debug($"The Server supports the following auth mechs: {string.Join(", ", mechs)}"); // _Log.Debug($"The Server supports the following auth mechs: {string.Join(", ", mechs)}");
if (!mechs.Contains(mech)) { // if (!mechs.Contains(mech)) {
throw new UnsupportedMechanismException(); // throw new UnsupportedMechanismException();
} // }
await _auth.Authenticate(mech, kvs); // await _auth.Authenticate(mech, kvs);
} // }
/// <summary> // /// <summary>
/// Get a wrapped capability to interact with machines // /// Get a wrapped capability to interact with machines
/// </summary> // /// </summary>
/// <returns>A wrapped capability to interact with machines</returns> // /// <returns>A wrapped capability to interact with machines</returns>
public async Task<Machines> AccessMachines() { // public async Task<Machines> AccessMachines() {
_machines ??= new Machines(await _bootstrapCap.Machines()); // _machines ??= new Machines(await _bootstrapCap.Machines());
return _machines; // return _machines;
} // }
} // }
} //}

420
FabAccessAPI/Machines.cs
View File

@ -1,224 +1,224 @@
using FabAccessAPI.Schema; //using FabAccessAPI.Schema;
using System; //using System;
using System.Collections.Generic; //using System.Collections.Generic;
using System.Threading.Tasks; //using System.Threading.Tasks;
namespace FabAccessAPI //namespace FabAccessAPI
{ //{
public class MachineException : Exception { } // public class MachineException : Exception { }
/// <summary> // /// <summary>
/// Wraps a capability for accessing the Machines subsystem of BFFH // /// Wraps a capability for accessing the Machines subsystem of BFFH
/// </summary> // /// </summary>
public class Machines { // public class Machines {
private readonly IMachines _machinesCap; // private readonly IMachines _machinesCap;
/// <summary> // /// <summary>
/// Constructs the Wrapper Class from a given capability. // /// Constructs the Wrapper Class from a given capability.
/// </summary> // /// </summary>
/// <param name="machinesCap">The capability that should be wrapped.</param> // /// <param name="machinesCap">The capability that should be wrapped.</param>
public Machines(IMachines machinesCap) { // public Machines(IMachines machinesCap) {
_machinesCap = machinesCap; // _machinesCap = machinesCap;
}
/// <summary>
/// List of all machines that BFFH knows about the user has been granted at least read access on
/// </summary>
/// <returns>ReadOnlyList of available Machines</returns>
public async Task<IReadOnlyList<Machine>?> ListMachines()
{
IReadOnlyList<Schema.Machine>? machineList = await _machinesCap.ListMachines().ConfigureAwait(false);
List<Machine> machineList_new = new List<Machine>();
foreach(Schema.Machine machine in machineList)
{
machineList_new.Add(new Machine(machine));
}
return machineList_new;
}
/// <summary>
/// Access a particular machine by known name. This may fail for two reasons:
/// The user has not been granted access to know the machine exists or the machine does in fact not exist.
/// In both cases the `machine` result will be a NULL-pointer
/// </summary>
/// <param name="name">Name of the Machine</param>
/// <returns>The Machine we requested</returns>
public async Task<Machine> GetMachine(string name) {
var mach = (await _machinesCap.GetMachine(name).ConfigureAwait(false)).Item1;
if (mach == null) {
//TODO: Throw a more specific exception!
throw new MachineException();
}
return new Machine(mach);
}
}
/// <summary>
/// A machine. This represents a machine as BFFH thinks about it which may mean
///several machines or just part of a machine in the real world.
///By itself this struct is completely useless since it contains only the information
///that the machine exists the user is allowed to know about that fact. For all further
///information the user has to call the contained capabilities which depending on the
///access level may not be set. For example an admin will have every capability here
///set but a simple user may only have `read` and `write` set while some users may not
/// even have `read` set and are unable to even see if the machine is currently in use.
/// </summary>
public class Machine {
private readonly Schema.Machine _machine;
/// <summary>
/// Constructs the Wrapper Class from a given capability
/// </summary>
/// <param name="machine">The capability that should be wrapped.</param>
public Machine(Schema.Machine machine) {
_machine = machine;
}
// read operations
/// <summary>
/// Get the MInfo Struct for the Machine.
/// This contains everything BFFH knows about the Machine.
/// </summary>
/// <exception cref="UnauthorizedException"></exception>
/// <returns>The MInfo Struct describing the Machine</returns>
public async Task<Schema.Machine.MInfo> GetMInfo() {
var readCap = _machine.Read;
if (readCap == null) {
throw new UnauthorizedException();
}
return (await _machine.Read.Info().ConfigureAwait(false)).Item1;
}
//write operations
/// <summary>
/// Try to use a machine. Throws a UnauthorizedException if the user does not have the required
/// permissions to use this machine.
///
/// Use the Ret() Method of the returned Object to return the machine
/// </summary>
/// <exception cref="UnauthorizedException"></exception>
/// <returns>Capability to give back the machine</returns>
public Task<Schema.Machine.WriteInterface.IGiveBack> Use() {
var writeCap = _machine.Write;
if (writeCap == null) {
throw new UnauthorizedException();
}
return writeCap.Use();
}
/// <summary>
/// Try to get a GiveBack capability for a machine.
/// </summary>
/// <returns>Capability to give back the machine or null</returns>
/// <exception cref="UnauthorizedException"></exception>
public Task<Schema.Machine.WriteInterface.IGiveBack> GetGiveBack()
{
var writeCap = _machine.Write;
if (writeCap == null)
{
throw new UnauthorizedException();
}
return writeCap.GetGiveBack();
}
/// <summary>
/// Try to reserve a machine. Throws a UnauthorizedException if the user does not have the required
/// permissions to use this machine.
///
/// Use the Ret() Method of the returned Object to return the machine
/// Use the Use() Nethod of the Machine to use your reserved machine.
/// </summary>
/// <exception cref="UnauthorizedException"></exception>
/// <returns>Capability to give back the machine</returns>
public Task<Schema.Machine.WriteInterface.IGiveBack> Reserve()
{
var writeCap = _machine.Write;
if (writeCap == null)
{
throw new UnauthorizedException();
}
return writeCap.Reserve();
}
// public void GiveBack(Schema.Machine.WriteInterface.IGiveBack cap) {
// cap.Ret();
// } // }
//manage operations // /// <summary>
// /// List of all machines that BFFH knows about the user has been granted at least read access on
// /// </summary>
// /// <returns>ReadOnlyList of available Machines</returns>
// public async Task<IReadOnlyList<Machine>?> ListMachines()
// {
// IReadOnlyList<Schema.Machine>? machineList = await _machinesCap.ListMachines().ConfigureAwait(false);
// List<Machine> machineList_new = new List<Machine>();
// foreach(Schema.Machine machine in machineList)
// {
// machineList_new.Add(new Machine(machine));
// }
/// <summary> // return machineList_new;
/// After a machine has been used by an user with low enough permissions it's // }
/// in the 'toCheck' state. This call then allows more priviledged users to
/// "check" the machine and move it to the `free` state.
///
/// Calling this method signifies that the machine was checked and in an acceptable state.
/// </summary>
public async void MarkOk() {
var manageCap = _machine.Manage;
if (manageCap == null) {
throw new UnauthorizedException();
}
// TODO: Do we really want to check this here?
if ((await GetMInfo().ConfigureAwait(false)).State == State.toCheck) {
await _machine.Manage.Ok().ConfigureAwait(false);
}
}
/// <summary> // /// <summary>
/// After a machine has been used by an user with low enough permissions it's // /// Access a particular machine by known name. This may fail for two reasons:
/// in the 'toCheck' state. This call then allows more priviledged users to // /// The user has not been granted access to know the machine exists or the machine does in fact not exist.
/// "check" the machine and move it to the `free` state. // /// In both cases the `machine` result will be a NULL-pointer
/// // /// </summary>
/// Calling this method signifies that the machine was checked and in an unacceptable state. // /// <param name="name">Name of the Machine</param>
/// It will most likely be marked as `blocked` and the previous user will somehow be informed. // /// <returns>The Machine we requested</returns>
/// </summary> // public async Task<Machine> GetMachine(string name) {
public async void MarkNotOk() { // var mach = (await _machinesCap.GetMachine(name).ConfigureAwait(false)).Item1;
var manageCap = _machine.Manage; // if (mach == null) {
if (manageCap == null) { // //TODO: Throw a more specific exception!
throw new UnauthorizedException(); // throw new MachineException();
} // }
// TODO: Do we really want to check this here? // return new Machine(mach);
if ((await GetMInfo().ConfigureAwait(false)).State == State.toCheck) { // }
await _machine.Manage.NotOk().ConfigureAwait(false); // }
}
}
//administrative operations // /// <summary>
// /// A machine. This represents a machine as BFFH thinks about it which may mean
// ///several machines or just part of a machine in the real world.
// ///By itself this struct is completely useless since it contains only the information
// ///that the machine exists the user is allowed to know about that fact. For all further
// ///information the user has to call the contained capabilities which depending on the
// ///access level may not be set. For example an admin will have every capability here
// ///set but a simple user may only have `read` and `write` set while some users may not
// /// even have `read` set and are unable to even see if the machine is currently in use.
// /// </summary>
// public class Machine {
// private readonly Schema.Machine _machine;
/// <summary> // /// <summary>
/// Forcefully set a machine state. // /// Constructs the Wrapper Class from a given capability
/// </summary> // /// </summary>
/// <param name="state">The desired machine state.</param> // /// <param name="machine">The capability that should be wrapped.</param>
public async void ForceSetState(State state) { // public Machine(Schema.Machine machine) {
var adminCap = _machine.Admin; // _machine = machine;
if (adminCap == null) { // }
throw new UnauthorizedException();
}
await adminCap.ForceSetState(state).ConfigureAwait(false); // // read operations
}
/// <summary> // /// <summary>
/// Set the given user as current responsible // /// Get the MInfo Struct for the Machine.
/// </summary> // /// This contains everything BFFH knows about the Machine.
/// <param name="user">The user</param> // /// </summary>
public async void ForceSetUser(String user) { // /// <exception cref="UnauthorizedException"></exception>
var adminCap = _machine.Admin; // /// <returns>The MInfo Struct describing the Machine</returns>
if (adminCap == null) { // public async Task<Schema.Machine.MInfo> GetMInfo() {
throw new UnauthorizedException(); // var readCap = _machine.Read;
} // if (readCap == null) {
// throw new UnauthorizedException();
// }
await adminCap.ForceSetUser(user).ConfigureAwait(false); // return (await _machine.Read.Info().ConfigureAwait(false)).Item1;
} // }
}
} // //write operations
// /// <summary>
// /// Try to use a machine. Throws a UnauthorizedException if the user does not have the required
// /// permissions to use this machine.
// ///
// /// Use the Ret() Method of the returned Object to return the machine
// /// </summary>
// /// <exception cref="UnauthorizedException"></exception>
// /// <returns>Capability to give back the machine</returns>
// public Task<Schema.Machine.WriteInterface.IGiveBack> Use() {
// var writeCap = _machine.Write;
// if (writeCap == null) {
// throw new UnauthorizedException();
// }
// return writeCap.Use();
// }
// /// <summary>
// /// Try to get a GiveBack capability for a machine.
// /// </summary>
// /// <returns>Capability to give back the machine or null</returns>
// /// <exception cref="UnauthorizedException"></exception>
// public Task<Schema.Machine.WriteInterface.IGiveBack> GetGiveBack()
// {
// var writeCap = _machine.Write;
// if (writeCap == null)
// {
// throw new UnauthorizedException();
// }
// return writeCap.GetGiveBack();
// }
// /// <summary>
// /// Try to reserve a machine. Throws a UnauthorizedException if the user does not have the required
// /// permissions to use this machine.
// ///
// /// Use the Ret() Method of the returned Object to return the machine
// /// Use the Use() Nethod of the Machine to use your reserved machine.
// /// </summary>
// /// <exception cref="UnauthorizedException"></exception>
// /// <returns>Capability to give back the machine</returns>
// public Task<Schema.Machine.WriteInterface.IGiveBack> Reserve()
// {
// var writeCap = _machine.Write;
// if (writeCap == null)
// {
// throw new UnauthorizedException();
// }
// return writeCap.Reserve();
// }
// // public void GiveBack(Schema.Machine.WriteInterface.IGiveBack cap) {
// // cap.Ret();
// // }
// //manage operations
// /// <summary>
// /// After a machine has been used by an user with low enough permissions it's
// /// in the 'toCheck' state. This call then allows more priviledged users to
// /// "check" the machine and move it to the `free` state.
// ///
// /// Calling this method signifies that the machine was checked and in an acceptable state.
// /// </summary>
// public async void MarkOk() {
// var manageCap = _machine.Manage;
// if (manageCap == null) {
// throw new UnauthorizedException();
// }
// // TODO: Do we really want to check this here?
// if ((await GetMInfo().ConfigureAwait(false)).State == State.toCheck) {
// await _machine.Manage.Ok().ConfigureAwait(false);
// }
// }
// /// <summary>
// /// After a machine has been used by an user with low enough permissions it's
// /// in the 'toCheck' state. This call then allows more priviledged users to
// /// "check" the machine and move it to the `free` state.
// ///
// /// Calling this method signifies that the machine was checked and in an unacceptable state.
// /// It will most likely be marked as `blocked` and the previous user will somehow be informed.
// /// </summary>
// public async void MarkNotOk() {
// var manageCap = _machine.Manage;
// if (manageCap == null) {
// throw new UnauthorizedException();
// }
// // TODO: Do we really want to check this here?
// if ((await GetMInfo().ConfigureAwait(false)).State == State.toCheck) {
// await _machine.Manage.NotOk().ConfigureAwait(false);
// }
// }
// //administrative operations
// /// <summary>
// /// Forcefully set a machine state.
// /// </summary>
// /// <param name="state">The desired machine state.</param>
// public async void ForceSetState(State state) {
// var adminCap = _machine.Admin;
// if (adminCap == null) {
// throw new UnauthorizedException();
// }
// await adminCap.ForceSetState(state).ConfigureAwait(false);
// }
// /// <summary>
// /// Set the given user as current responsible
// /// </summary>
// /// <param name="user">The user</param>
// public async void ForceSetUser(String user) {
// var adminCap = _machine.Admin;
// if (adminCap == null) {
// throw new UnauthorizedException();
// }
// await adminCap.ForceSetUser(user).ConfigureAwait(false);
// }
// }
//}

18
FabAccessAPI/Permissions.cs
View File

@ -1,9 +1,9 @@
//This is where the permissions subsystem will live ////This is where the permissions subsystem will live
namespace FabAccessAPI //namespace FabAccessAPI
{ //{
public class Permissions { // public class Permissions {
#region Log // #region Log
private static readonly log4net.ILog _Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType); // private static readonly log4net.ILog _Log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
#endregion // #endregion
} // }
} //}