DataMuseum.dk

Presents historical artifacts from the history of:

Rational R1000/400 Tapes

This is an automatic "excavation" of a thematic subset of
artifacts from Datamuseum.dk's BitArchive.

See our Wiki for more about Rational R1000/400 Tapes

Excavated with: AutoArchaeologist - Free & Open Source Software.


top - download
Index: ┃ T V

⟦5ce0af413⟧ TextFile

    Length: 22641 (0x5871)
    Types: TextFile
    Names: »V«

Derivation

└─⟦d10a02448⟧ Bits:30000409 8mm tape, Rational 1000, ENVIRONMENT, D_12_7_3
    └─ ⟦fc9b38f02⟧ »DATA« 
        └─⟦9b46a407a⟧ 
            └─⟦12c68c704⟧ 
                └─⟦this⟧ 
└─⟦5f3412b64⟧ Bits:30000745 8mm tape, Rational 1000, ENVIRONMENT 12_6_5 TOOLS 
    └─ ⟦91c658230⟧ »DATA« 
        └─⟦458657fb6⟧ 
            └─⟦220843204⟧ 
                └─⟦this⟧ 

TextFile

package Cmvc_Access_Control is


    -- Control over access to objects in views and subsystems,
    -- and control over the execution of Cmvc and related commands
    -- when they reference specific views or subsystems.
    --
    -- "Access classes" define the kind of access that a group
    -- may have to the objects in a view or subsystem.
    --
    -- "Execution rights" determine the Cmvc and related commands
    -- that a group may execute within a view or subsystem.
    -- Each execution right requires some mimimum access to all
    -- referenced views and subsystems.


    ------------------------------------------------------------------------
    --                          Access Classes                            --
    ------------------------------------------------------------------------


    type Access_Class is (Reader, Client, Developer, Owner);

    -- The kind of access that groups may have to subsystems or views.
    -- The access class of a group determines the settings of the
    -- ACLs for the objects within the subsystem or view.
    -- A group may have only one kind of access at a given time.
    -- Higher access classes imply all the rights of lower access classes.


    procedure Add_Group (The_Group : String := "NETWORK_PUBLIC";
                         In_Class : Access_Class := Cmvc_Access_Control.Reader;
                         View_Or_Subsystem : String := "<SELECTION>";  
                         Add_Execution_Rights : Boolean := True;
                         Response : String := "<PROFILE>");

    -- Add the group to the list of groups that has access to the
    -- designated view or subsystem.  If the group is already on
    -- the list then change the access to the designated value.
    -- The ACLs for objects in the view or subsystem are
    -- adjusted appropriately.  If Add_Execution_Rights is set then
    -- the group is also granted all execution rights that are
    -- appropriate to the specified access class.  Whether or not
    -- Add_Execution_Rights is set, all inappropriate execution rights
    -- are removed when the access class for a group is changed.
    -- There is a limit of 7 groups that may have access to a subsystem
    -- or view at any one time.


    procedure Remove_Group (The_Group : String := "<ALL>";
                            View_Or_Subsystem : String := "<SELECTION>";
                            Response : String := "<PROFILE>");

    -- Clear the access for the group from the specified view or subsystem.
    -- If the group is <ALL> then access is restricted for all groups
    -- with current access.  All execution rights are also cleared.


    procedure Display (For_Group : String := "<ALL>";
                       View_Or_Subsystem : String := "<CURSOR>";
                       Execution_Rights : Boolean := False;
                       Response : String := "<PROFILE>");

    -- Display the current access control information for the specified
    -- group.  The symbol <ALL> specifies that all groups with access
    -- are to be displayed.  Execution rights are displayed if requested.


    function Has_Access (User_Or_Group : String := "<USER>";
                         In_Class : Access_Class := Cmvc_Access_Control.Reader;
                         View_Or_Subsystem : String := "<CURSOR>";
                         Group_Only : Boolean := False;
                         Response : String := "<WARN>") return Boolean;

    -- Determine if the user or group has the specified access to the
    -- view or subsystem.  If a user is named then all groups which
    -- include the user are checked for the access.  If a group is specified
    -- then the group is checked for the specified access.  If Group_Only
    -- is specified then, group access is checked even if there exists
    -- a user with the same name.  The special symbol <USER> denotes
    -- the current user.


    ------------------------------------------------------------------------
    --                          Execution Rights                          --
    ------------------------------------------------------------------------


    type Execution_Right is new Natural range 0 .. 127;

    -- Each command in Cmvc, Cmvc_Maintenance, or Cmvc_Hierarchy is
    -- composed of "primitive operations" that correspond to the part
    -- of the command that is applied to the different parameters.
    -- An execution right is the capability to execute a primitive
    -- operation on a view or a subsystem.  There is an execution right
    -- for each primitive operation.  When a command is executed
    -- the execution rights are checked for each primitive operation
    -- involved in the command.
    --
    -- For example, when Cmvc.Accept_Changes is executed to move
    -- changes from one view to another, the execution right
    -- "Accept_Changes_Source" is checked on the source view and
    -- the execution right "Accept_Changes_Destination" is checked on
    -- the destination view.
    --
    -- Below are listed the various execution rights.  The name of
    -- each execution right is formed from  the command it is primarily
    -- associated with, as the first part of the name, and the
    -- parameter (if more than one) as the second part of the name.


    -- All appropriate rights, depending on the context
    All_Rights : constant Execution_Right := 0;

    -- Cmvc operations for views.
    Check_Out : constant Execution_Right := 1;
    Check_In : constant Execution_Right := 2;
    Accept_Changes_Destination : constant Execution_Right := 3;
    Accept_Changes_Source : constant Execution_Right := 4;
    Abandon_Reservation : constant Execution_Right := 5;
    Revert : constant Execution_Right := 6;
    Modify_Notes : constant Execution_Right := 7;  
    Make_Controlled : constant Execution_Right := 8;
    Make_Uncontrolled : constant Execution_Right := 9;
    Sever : constant Execution_Right := 10;
    Join_What : constant Execution_Right := 11;
    Join_To : constant Execution_Right := 12;  
    Merge_Changes_Destination : constant Execution_Right := 13;
    Merge_Changes_Source : constant Execution_Right := 14;  
    Release : constant Execution_Right := 15;
    Copy : constant Execution_Right := 16;
    Make_Path : constant Execution_Right := 17;
    Make_Subpath : constant Execution_Right := 18;
    Make_Spec_View : constant Execution_Right := 19;
    Import_From : constant Execution_Right := 20;  
    Import_Into : constant Execution_Right := 21;  
    Remove_Import : constant Execution_Right := 22;
    Replace_Model : constant Execution_Right := 23;
    Destroy_View : constant Execution_Right := 24;
    Make_Code_View : constant Execution_Right := 25;
    Query_View : constant Execution_Right := 26;

    -- Cmvc_Maintenance operations for views.
    Check_Consistency : constant Execution_Right := 27;

    -- Cmvc_Hierarchy operations for views
    Build_Activity_In : constant Execution_Right := 28;
    Build_Activity_From : constant Execution_Right := 29;
    Expand_Activity : constant Execution_Right := 30;

    -- Cmvc operations for subsystem.
    Initial : constant Execution_Right := 31;  
    Destroy_Config : constant Execution_Right := 32;  
    Destroy_Subsystem : constant Execution_Right := 33;
    Build : constant Execution_Right := 34;
    Query_Subsystem : constant Execution_Right := 35;
    Edit_Notes : constant Execution_Right := 36;

    -- Cmvc_Maintenance operations for subsystems.
    Expunge_Database : constant Execution_Right := 37;
    Subsystem_Check_Consistency : constant Execution_Right := 38;
    Update_Cdb : constant Execution_Right := 39;
    Make_Primary : constant Execution_Right := 40;
    Make_Secondary : constant Execution_Right := 41;
    Destroy_Cdb : constant Execution_Right := 42;

    -- Cmvc_Hierarchy operations for systems and subsystems
    Add_Child_Parent : constant Execution_Right := 43;  
    Add_Child_Child : constant Execution_Right := 44;  
    Remove_Child : constant Execution_Right := 45;


    procedure Add_Right (For_Group : String := "NETWORK_PUBLIC";
                         The_Right : Execution_Right :=
                            Cmvc_Access_Control.All_Rights;
                         View_Or_Subsystem : String := "<SELECTION>";
                         Response : String := "<PROFILE>");

    -- Add the execution right for the group in the designated subsystem.
    -- An execution right can only be added if it is appropriate to
    -- the current access class for that group in the view or subsystem.
    -- If the right is All_Rights then all rights which appropriate to
    -- the group's access class are added.


    procedure Remove_Right (For_Group : String := "<ALL>";
                            The_Right : Execution_Right :=
                               Cmvc_Access_Control.All_Rights;
                            View_Or_Subsystem : String := "<SELECTION>";
                            Response : String := "<PROFILE>");

    -- Remove the designated execution right.  If <ALL> is specified
    -- for the group then the execution right is removed for all
    -- groups with current rights.


    function Has_Right (User_Or_Group : String := "<USER>";
                        The_Right : Execution_Right :=
                           Cmvc_Access_Control.All_Rights;
                        View_Or_Subsystem : String := "<CURSOR>";
                        Group_Only : Boolean := False;
                        Response : String := "<WARN>") return Boolean;

    -- Determine if the user or group has the specifed execution right.
    -- If The_Right is All_Rights or if Group_Only is set then the
    -- name is interpreted as a group name.  Also, if The_Right is All_Rights
    -- then true is returned only if all rights appropriate to the current
    -- access class are set.


    ------------------------------------------------------------------------
    --                  Miscellaneous Operations                          --
    ------------------------------------------------------------------------


    procedure Check (View_Or_Subsystem : String := "<SELECTION>";
                     Repair_Inconsistencies : Boolean := False;
                     Response : String := "<PROFILE>");

    -- Check that the current access classes for the view or subsystem
    -- are compatible with ACLs on the objects in the views and/or subsystems.
    -- If the ACLs on subobjects are not compatible with the access classes
    -- and the current user has owner access to the view or subsystem and
    -- Repair_Inconsistencies is set then the ACLs on the subobjects
    -- will be reset.
    --
    -- Incompatible ACLs are either 1) ACL entries lacking access indicated
    -- by the access of the view or subsystem, or 2) ACL entries for groups
    -- without access to the view or subsystem.
    -- Repair_Inconsistencies will repair both types.  If Repair_Inconsistencies
    -- is false then an error occurs if groups having access to the
    -- view or subsystem are not correctly represented on an ACL lists.
    -- A warning is issued if groups not having access to the view
    -- or subsystem are found to be on the ACL of a subobject.
    --
    -- This procedure will also check that there are no entries for
    -- groups that have been deleted.  If there is such an entry and
    -- Repair_Inconsistencies is false then an error occurs.  If there
    -- is an entry for a delete group and Repair_Inconsistencies is true
    -- then the deleted entry will be removed from all ACL lists as
    -- specified.  This is the only way in which obsolete entries can
    -- be deleted from access control state.


    function Is_Consistent (View_Or_Subsystem : String := "<CURSOR>";
                            Response : String := "<WARN>") return Boolean;

    -- Perform same consistency check as procedure above, does not
    -- put out any warnings nor will it make any changes.  Will also return
    -- false if access control information does not exist or if the
    -- current user does not have sufficient access to determine if
    -- the information is consistent.


    procedure Initialize (View_Or_Subsystem : String := "<SELECTION>";
                          Response : String := "<PROFILE>");

    -- Initialize the access control information for a view or subsystem.
    -- All groups that have owner access in the ACL of the view or
    -- subsystem world are put into the owner access class.  All groups
    -- that have read access in the ACL, but not owner access, are
    -- put into the reader access class.  All appropriate execution rights
    -- are set.
    --
    -- This operation is primarily useful for setting up access control
    -- in subsystems or views that were created by previous environment
    -- releases.  It can also be applied to views or subsystems with
    -- access control information in which case the view or subsystem
    -- is reset to its just initialized state with only owners and
    -- readers having access.
    --
    -- All commands in this package will fail (unless otherwise noted)
    -- if access control information is not initialized or if the current
    -- user does not have read access to the view or subsystem the
    -- command is being applied to.


    No_Access : exception;
    -- Raised by Get_Access and Get_Rights if the group has no access.


    function Get_Access (The_Group : String := "NETWORK_PUBLIC";
                         View_Or_Subsystem : String := "<CURSOR>";
                         Response : String := "<WARN>") return Access_Class;

    -- Return the access class of a group with access to the view or
    -- subsystem.  If the group has no access then No_Access is raised.


    type Group_Index is range 0 .. 6;
    -- Index of a group that has access to a view or subsystem.  Since,
    -- there can be at most 7 groups with access to a view or subsystem
    -- the groups are indexed from 0 to 6.


    function Group_Name (The_Index : Group_Index := 0;
                         View_Or_Subsystem : String := "<CURSOR>";
                         Response : String := "<WARN>") return String;

    -- Get the name of the group at the specified index.  If no group
    -- is at the index then returns "".  Note that if index N is empty
    -- then index N+1 is also empty.


    ------------------------------------------------------------------------
    --                       Execution Right Tables                       --
    ------------------------------------------------------------------------


    -- In many instances, especially in building additional tools, it will
    -- be useful to treat execution rights as a composite object.  An
    -- "execution table" is a table of all execution rights.  The execution
    -- rights for a particular group can set by providing a complete
    -- execution table.  Constant execution tables, corresponding to
    -- rights appropriate for various access classes, are also provided.


    type Execution_Table is array (Execution_Right) of Boolean;
    -- Table of all possible execution rights.


    Nil_Rights : constant Execution_Table := (others => False);
    -- Setting execution rights to this prevents execution of any commands.


    procedure Set_Rights (For_Group : String := "NETWORK_PUBLIC";
                          The_Rights : Execution_Table :=
                             Cmvc_Access_Control.Nil_Rights;
                          View_Or_Subsystem : String := "<SELECTION>";
                          Response : String := "<PROFILE>");

    -- Set all the execution rights for the specified group in the view
    -- or subsystem.  Only rights appropriate to the groups access class
    -- are actually set.  Warnings are produced for inappropriate rights.


    function Get_Rights (For_Group : String := "NETWORK_PUBLIC";
                         View_Or_Subsystem : String := "<CURSOR>";
                         Response : String := "<WARN>") return Execution_Table;

    -- Return the execution rights for a group.  If the group does not
    -- have access to the view or subsystem then No_Access is raised.


    ------------------------------------------------------------------------
    --                  Constant Execution Right Tables                   --
    ------------------------------------------------------------------------


    -- Below are constants describing the execution rights that appropriate
    -- to various access classes.


    -- Rights for a view that only require READER access to the view
    View_Reader_Rights : constant Execution_Table :=
       Execution_Table'(Accept_Changes_Source => True,
                        Join_To => True,
                        Merge_Changes_Source => True,
                        Query_View => True,
                        Expand_Activity => True,
                        others => False);

    -- Rights for a view that only require CLIENT access to the view
    View_Client_Rights : constant Execution_Table :=
       Execution_Table'
          (Import_From => True, Build_Activity_From => True, others => False)  
        or View_Reader_Rights;

    -- Rights for a view that only require DEVELOPER access to the view
    View_Developer_Rights : constant Execution_Table :=
       Execution_Table'(Check_Out => True,
                        Check_In => True,
                        Accept_Changes_Destination => True,
                        Abandon_Reservation => True,
                        Revert => True,
                        Modify_Notes => True,
                        Make_Controlled => True,
                        Make_Uncontrolled => True,
                        Sever => True,
                        Join_What => True,
                        Release => True,
                        Make_Path => True,
                        Make_Subpath => True,
                        Make_Code_View => True,
                        Copy => True,
                        Make_Spec_View => True,
                        Merge_Changes_Destination => True,
                        Build_Activity_In => True,
                        others => False)  
        or View_Client_Rights;

    -- Rights for a view that require OWNER access to the view
    View_Owner_Rights : constant Execution_Table :=
       Execution_Table'(Import_Into => True,
                        Remove_Import => True,
                        Replace_Model => True,
                        Destroy_View => True,
                        Check_Consistency => True,
                        others => False)  
        or View_Developer_Rights;

    -- Rights for a subsystem that only require READER access to the subsystem
    Subsystem_Reader_Rights : constant Execution_Table :=
       Execution_Table'(Query_Subsystem => True, others => False);

    -- Rights for a subsystem that only require CLIENT access to the subsystem
    Subsystem_Client_Rights : constant Execution_Table :=
       Execution_Table'(Add_Child_Child => True, others => False) or
          Subsystem_Reader_Rights;

    -- Rights for a subsystem that only require DEVELOPER access to the subsystem
    Subsystem_Developer_Rights : constant Execution_Table :=
       Execution_Table'(Edit_Notes => True,
                        Add_Child_Parent => True,
                        Remove_Child => True,
                        Update_Cdb => True,
                        others => False)  
        or Subsystem_Client_Rights;

    -- Rights for a subsystem that require OWNER access to the subsystem
    Subsystem_Owner_Rights : constant Execution_Table :=
       Execution_Table'(Initial => True,
                        Destroy_Config => True,
                        Destroy_Subsystem => True,
                        Build => True,
                        Subsystem_Check_Consistency => True,
                        Expunge_Database => True,
                        Make_Primary => True,
                        Make_Secondary => True,
                        Destroy_Cdb => True,
                        others => False)  
        or Subsystem_Developer_Rights;

    -- Rights for a view that only require READER access
    -- to the enclosing subsystem
    Subsystem_Reader_View_Rights : constant Execution_Table :=
       Execution_Table'(Import_From => True,
                        Import_Into => True,
                        Remove_Import => True,
                        Replace_Model => True,  
                        Query_View => True,
                        Build_Activity_In => True,
                        Build_Activity_From => True,
                        Expand_Activity => True,
                        others => False);

    -- Rights for a view that only require CLIENT access
    -- to the enclosing subsystem
    Subsystem_Client_View_Rights : constant Execution_Table :=
       Subsystem_Reader_View_Rights;

    -- Rights for a view that only require DEVELOPER access
    -- to the enclosing subsystem
    Subsystem_Developer_View_Rights : constant Execution_Table :=
       Execution_Table'(Check_Out => True,
                        Check_In => True,
                        Accept_Changes_Source => True,
                        Accept_Changes_Destination => True,
                        Abandon_Reservation => True,
                        Revert => True,
                        Modify_Notes => True,
                        Make_Controlled => True,
                        Make_Uncontrolled => True,
                        Sever => True,
                        Join_What => True,
                        Join_To => True,
                        Merge_Changes_Destination => True,
                        Merge_Changes_Source => True,
                        others => False)  
        or Subsystem_Client_View_Rights;

    -- Rights for a view that require OWNER access
    -- to the enclosing subsystem
    Subsystem_Owner_View_Rights : constant Execution_Table :=
       Execution_Table'(Release => True,
                        Copy => True,
                        Make_Path => True,
                        Make_Subpath => True,
                        Make_Spec_View => True,
                        Make_Code_View => True,
                        Destroy_View => True,
                        Check_Consistency => True,
                        others => False)  
        or Subsystem_Developer_View_Rights;


    ------------------------------------------------------------------------

    pragma Subsystem (Cmvc);
    pragma Module_Name (4, 3727);
    pragma Bias_Key (12);

end Cmvc_Access_Control;