File access_control_spi.hpp

File access_control_spi.hpp

File List > astutedds > security > access_control_spi.hpp

Go to the documentation of this file

//
// Copyright (c) 2026, Astute Systems PTY LTD
//
// This file is part of the Astute DDS developed by Astute Systems.
//
// See the commercial LICENSE file in the project root for full license details.
//

#pragma once

#include "authentication_spi.hpp"
#include "security_types.hpp"

#include <astutedds/rtps/rtps_types.hpp>

#include <memory>

namespace astutedds::security
{

class AccessControlPlugin
{
public:
    virtual ~AccessControlPlugin() = default;

    virtual PermissionsHandle validate_local_permissions(const AuthenticationPlugin& auth_plugin,
                                                         IdentityHandle local_identity_handle, uint32_t domain_id,
                                                         const PropertySeq& participant_qos, SecurityException& ex) = 0;

    virtual PermissionsHandle validate_remote_permissions(const AuthenticationPlugin& auth_plugin,
                                                          IdentityHandle local_identity_handle,
                                                          IdentityHandle remote_identity_handle,
                                                          const Token& remote_permissions_token,
                                                          const Token& remote_credential_token,
                                                          SecurityException& ex) = 0;

    virtual bool check_create_datawriter(PermissionsHandle permissions_handle, uint32_t domain_id,
                                         const std::string& topic_name, SecurityException& ex) = 0;

    virtual bool check_create_datareader(PermissionsHandle permissions_handle, uint32_t domain_id,
                                         const std::string& topic_name, SecurityException& ex) = 0;

    virtual bool check_remote_datareader(PermissionsHandle writer_permissions_handle,
                                         PermissionsHandle reader_permissions_handle,
                                         const PropertySeq& publication_data, const PropertySeq& subscription_data,
                                         SecurityException& ex) = 0;

    virtual bool check_remote_datawriter(PermissionsHandle reader_permissions_handle,
                                         PermissionsHandle writer_permissions_handle,
                                         const PropertySeq& subscription_data, const PropertySeq& publication_data,
                                         SecurityException& ex) = 0;

    virtual bool check_relay_topic(PermissionsHandle permissions_handle, const std::string& topic_name,
                                   SecurityException& ex) = 0;

    virtual Token get_permissions_token(PermissionsHandle permissions_handle, SecurityException& ex) = 0;

    virtual Token get_permissions_credential_token(PermissionsHandle permissions_handle, SecurityException& ex) = 0;

    virtual bool return_permissions_handle(PermissionsHandle permissions_handle, SecurityException& ex) = 0;

    virtual ParticipantSecurityAttributes get_participant_sec_attributes(PermissionsHandle permissions_handle,
                                                                         SecurityException& ex) = 0;

    virtual EndpointSecurityAttributes get_endpoint_sec_attributes(PermissionsHandle permissions_handle,
                                                                   const std::string& topic_name,
                                                                   SecurityException& ex) = 0;
};

using AccessControlPluginPtr = std::shared_ptr<AccessControlPlugin>;

}  // namespace astutedds::security