ecmwf · marcosbento · Dec 18, 2024 · Feb 10, 2025 · Feb 17, 2025 · Feb 19, 2025
diff --git a/Viewer/ecflowUI/src/VNode.cpp b/Viewer/ecflowUI/src/VNode.cpp
@@ -1283,7 +1283,7 @@ bool VServer::substituteVariableValue(std::string& val) const {
     if (!defs)
         return false;
 
-    return defs->server().variableSubsitution(val);
+    return defs->server().variableSubstitution(val);
 }
 
 //----------------------------------------------

diff --git a/docs/cmds.rst b/docs/cmds.rst
@@ -0,0 +1,124 @@
+
+Commands
+========
+
+User Commands
+-------------
+
+- :code:`CSyncCmd{CSyncCmd::NEWS, 0, 0, 0}` : News
+- :code:`CSyncCmd{CSyncCmd::SYNC, 0, 0, 0}` : Sync
+- :code:`CSyncCmd{0}` : Full Sync
+- :code:`CSyncCmd{CSyncCmd::SYNC_CLOCK, 0, 0, 0}` : Sync Clock
+
+- :code:`CtsNodeCmd{CtsNodeCmd::GET}` : Get definition
+- :code:`CtsNodeCmd{CtsNodeCmd::GET_STATE}` : Get definition+state
+- :code:`CtsNodeCmd{CtsNodeCmd::MIGRATE}` : Migrate
+
+- :code:`CheckPtCmd{}` : Save Checkpoint file
+
+- :code:`CtsCmd{CtsCmd::PING}` : Ping
+- :code:`CtsCmd{CtsCmd::RESTORE_DEFS_FROM_CHECKPT}` : Load Checkpoint file
+- :code:`CtsCmd{CtsCmd::RESTART_SERVER}` : Restart Server
+- :code:`CtsCmd{CtsCmd::HALT_SERVER}` : Halt Server
+- :code:`CtsCmd{CtsCmd::SHUTDOWN_SERVER}` : Shutdown Server
+- :code:`CtsCmd{CtsCmd::TERMINATE_SERVER}` : Terminate Server
+- :code:`CtsCmd{CtsCmd::RELOAD_WHITE_LIST_FILE}` : Reload whitelist file
+- :code:`CtsCmd{CtsCmd::RELOAD_PASSWD_FILE}` : Reload password file
+- :code:`CtsCmd{CtsCmd::RELOAD_CUSTOM_PASSWD_FILE}` : Reload custom password file
+- :code:`CtsCmd{CtsCmd::FORCE_DEP_EVAL}` : Force dependency evaluation
+- :code:`CtsCmd{CtsCmd::STATS}` : Retrieve server usage statistics
+- :code:`CtsCmd{CtsCmd::STATS_SERVER}` : Retrieve server usage statistics (tests only)
+- :code:`CtsCmd{CtsCmd::STATS_RESET}` : Reset server usage statistics
+- :code:`CtsCmd{CtsCmd::DEBUG_SERVER_ON}` : Enable server debug
+- :code:`CtsCmd{CtsCmd::DEBUG_SERVER_OFF}` : Disable server debug
+- :code:`CtsCmd{CtsCmd::SERVER_LOAD}` : Generate Gnuplot files for server load
+
+- :code:`CtsNodeCmd{CtsNodeCmd::JOB_GEN}` : Request job generation and immediate submission
+- :code:`CtsNodeCmd{CtsNodeCmd::CHECK_JOB_GEN_ONLY}` : Test job generation (no submission)
+
+- :code:`DeleteCmd{}` : Delete node definition
+
+- :code:`PathsCmd{PathsCmd::SUSPEND}` : Suspend node
+- :code:`PathsCmd{PathsCmd::RESUME}` : Resume node
+- :code:`PathsCmd{PathsCmd::KILL} :` Kill job(s) associated with node
+- :code:`PathsCmd{PathsCmd::STATUS}` : Retrieve node status
+- :code:`PathsCmd{PathsCmd::CHECK}` : Validate node expression(s) and limits
+- :code:`PathsCmd{PathsCmd::EDIT_HISTORY}`
+- :code:`PathsCmd{PathsCmd::ARCHIVE}`
+- :code:`PathsCmd{PathsCmd::RESTORE}`
+
+- :code:`ZombieCmd{ecf::User::FOB}`
+- :code:`ZombieCmd{ecf::User::FAIL}`
+- :code:`ZombieCmd{ecf::User::ADOPT}`
+- :code:`ZombieCmd{ecf::User::BLOCK}`
+- :code:`ZombieCmd{ecf::User::REMOVE}`
+- :code:`ZombieCmd{ecf::User::KILL}`
+
+- :code:`CtsCmd{CtsCmd::GET_ZOMBIES}`
+- :code:`CtsCmd{CtsCmd::SUITES}`
+
+- :code:`ClientHandleCmd{ClientHandleCmd::REGISTER}`
+- :code:`ClientHandleCmd{ClientHandleCmd::DROP}`
+- :code:`ClientHandleCmd{ClientHandleCmd::DROP_USER}`
+- :code:`ClientHandleCmd{ClientHandleCmd::ADD}`
+- :code:`ClientHandleCmd{ClientHandleCmd::REMOVE}`
+- :code:`ClientHandleCmd{ClientHandleCmd::AUTO_ADD}`
+- :code:`ClientHandleCmd{ClientHandleCmd::SUITES}`
+
+- :code:`LogCmd{}`
+
+- :code:`ServerVersionCmd{}`
+
+- :code:`LogMessageCmd{}`
+
+- :code:`RequeueNodeCmd{}`
+
+- :code:`OrderNodeCmd{}`
+
+- :code:`RunNodeCmd{}`
+
+- :code:`ForceCmd{}`
+
+- :code:`FreeDepCmd{}`
+
+- :code:`LoadDefsCmd{}`
+
+- :code:`ReplaceNodeCmd{}`
+
+- :code:`CFileCmd{}`
+
+- :code:`EditScriptCmd{}`
+
+- :code:`AlterCmd{}`
+
+- :code:`QueryCmd{}`
+
+- :code:`PlugCmd{}`
+
+Task Commands
+-------------
+
+- :code:`BeginCmd{}`
+
+- :code:`InitCmd{}`
+
+- :code:`CompleteCmd{}`
+
+- :code:`AbortCmd{}`
+
+- :code:`CtsWaitCmd{}`
+
+- :code:`EventCmd{}`
+
+- :code:`MeterCmd{}`
+
+- :code:`LabelCmd{}`
+
+- :code:`QueueCmd{}`
+
+Other Commands
+--------------
+
+- :code:`CtsNodeCmd{CtsNodeCmd::WHY}`
+
+- :code:`GroupCTSCmd{}`
diff --git a/docs/glossary.rst b/docs/glossary.rst
@@ -165,7 +165,7 @@
            - Change a :term:`label`
            - fob
 
-      The following environment variables must be set for the child commands. ECF_HOST, :term:`ECF_NAME` ,:term:`ECF_PASS` and ECF_RID. See :term:`ecflow_client`.                                         
+      The following environment variables must be set for the child commands. ECF_HOST, :term:`ECF_NAME` , :term:`ECF_PASS` and ECF_RID. See :term:`ecflow_client`.
 
 
    clock

diff --git a/libs/CMakeLists.txt b/libs/CMakeLists.txt
@@ -57,13 +57,19 @@ set(srcs
   # Base -- Headers
   base/src/ecflow/base/AbstractClientEnv.hpp
   base/src/ecflow/base/AbstractServer.hpp
+  base/src/ecflow/base/Algorithms.hpp
+  base/src/ecflow/base/Authentication.hpp
+  base/src/ecflow/base/AuthenticationDetails.hpp
+  base/src/ecflow/base/Authorisation.hpp
+  base/src/ecflow/base/AuthorisationDetails.hpp
   base/src/ecflow/base/Client.hpp
   base/src/ecflow/base/ClientOptionsParser.hpp
   base/src/ecflow/base/ClientToServerRequest.hpp
   base/src/ecflow/base/Cmd.hpp
   base/src/ecflow/base/Connection.hpp
   base/src/ecflow/base/Gnuplot.hpp
   base/src/ecflow/base/HttpClient.hpp
+  base/src/ecflow/base/Identification.hpp
   $<$<BOOL:${OPENSSL_FOUND}>:base/src/ecflow/base/Openssl.hpp>
   base/src/ecflow/base/ServerProtocol.hpp
   base/src/ecflow/base/ServerReply.hpp
@@ -135,12 +141,15 @@ set(srcs
   base/src/ecflow/base/stc/StcCmd.hpp
   base/src/ecflow/base/stc/ZombieGetCmd.hpp
   # Base -- Sources
+  base/src/ecflow/base/Authentication.cpp
+  base/src/ecflow/base/Authorisation.cpp
   base/src/ecflow/base/Client.cpp
   base/src/ecflow/base/ClientOptionsParser.cpp
   base/src/ecflow/base/ClientToServerRequest.cpp
   base/src/ecflow/base/Connection.cpp
   base/src/ecflow/base/Gnuplot.cpp
   base/src/ecflow/base/HttpClient.cpp
+  base/src/ecflow/base/Identification.cpp
   base/src/ecflow/base/ServerReply.cpp
   base/src/ecflow/base/ServerToClientResponse.cpp
   base/src/ecflow/base/Stats.cpp
@@ -265,6 +274,7 @@ set(srcs
   core/src/ecflow/core/PasswordEncryption.hpp
   core/src/ecflow/core/Pid.hpp
   core/src/ecflow/core/PrintStyle.hpp
+  core/src/ecflow/core/Result.hpp
   core/src/ecflow/core/SState.hpp
   core/src/ecflow/core/Serialization.hpp
   core/src/ecflow/core/Stl.hpp
@@ -354,6 +364,7 @@ set(srcs
   node/src/ecflow/node/NodeStats.hpp
   node/src/ecflow/node/NodeTreeVisitor.hpp
   node/src/ecflow/node/Operations.hpp
+  node/src/ecflow/node/Permissions.hpp
   node/src/ecflow/node/ResolveExternsVisitor.hpp
   node/src/ecflow/node/ServerState.hpp
   node/src/ecflow/node/Signal.hpp
@@ -437,6 +448,7 @@ set(srcs
   node/src/ecflow/node/NodeStats.cpp
   node/src/ecflow/node/NodeTime.cpp
   node/src/ecflow/node/NodeTreeVisitor.cpp
+  node/src/ecflow/node/Permissions.cpp
   node/src/ecflow/node/ResolveExternsVisitor.cpp
   node/src/ecflow/node/ServerState.cpp
   node/src/ecflow/node/Signal.cpp
@@ -479,6 +491,8 @@ set(srcs
   node/src/ecflow/node/parser/ZombieAttrParser.cpp
 
   # Server -- Headers
+  server/src/ecflow/server/AuthenticationService.hpp
+  server/src/ecflow/server/AuthorisationService.hpp
   server/src/ecflow/server/BaseServer.hpp
   server/src/ecflow/server/CheckPtSaver.hpp
   server/src/ecflow/server/HttpServer.hpp
@@ -492,6 +506,8 @@ set(srcs
   server/src/ecflow/server/TcpServer.hpp
   $<$<BOOL:${OPENSSL_FOUND}>:server/src/ecflow/server/SslTcpServer.hpp>
   # Server -- Sources
+  server/src/ecflow/server/AuthenticationService.cpp
+  server/src/ecflow/server/AuthorisationService.cpp
   server/src/ecflow/server/BaseServer.cpp
   server/src/ecflow/server/CheckPtSaver.cpp
   server/src/ecflow/server/HttpServer.cpp

diff --git a/libs/base/CMakeLists.txt b/libs/base/CMakeLists.txt
@@ -23,6 +23,7 @@ set(test_srcs
   test/TestInLimitAndLimit.cpp
   test/TestLogCmd.cpp
   test/TestMeterCmd.cpp
+  test/TestPermissions.cpp
   test/TestProgramOptions.cpp
   test/TestQueryCmd.cpp
   test/TestQueueCmd.cpp
@@ -58,6 +59,30 @@ target_clangformat(u_base
   CONDITION ENABLE_TESTS
 )
 
+set(test_srcs
+  # Sources
+  test/TestAlgorithms.cpp
+)
+
+ecbuild_add_test(
+  TARGET
+    u_base_algorithms
+  LABELS
+    unit nightly
+  SOURCES
+    ${test_srcs}
+  LIBS
+    ecflow_all
+    test_scaffold
+    test_harness.base
+    Threads::Threads
+    $<$<BOOL:${OPENSSL_FOUND}>:OpenSSL::SSL>
+)
+target_clangformat(u_base_algorithms
+  CONDITION ENABLE_TESTS
+)
+
+
 # The following is not technically a test (as it makes no checks),
 # but a tool to measure the time it takes to generate a job file
 if (ENABLE_ALL_TESTS)

diff --git a/libs/base/src/ecflow/base/AbstractServer.hpp b/libs/base/src/ecflow/base/AbstractServer.hpp
@@ -12,15 +12,15 @@
 #define ecflow_base_AbstractServer_HPP
 
 #include <atomic>
-#include <memory>
 
 #include <boost/date_time/posix_time/posix_time_types.hpp>
 
 #include "ecflow/base/Stats.hpp"
 #include "ecflow/base/ZombieCtrl.hpp"
 #include "ecflow/core/CheckPt.hpp"
 #include "ecflow/core/SState.hpp"
-#include "ecflow/core/Str.hpp"
+#include "ecflow/server/AuthenticationService.hpp"
+#include "ecflow/server/AuthorisationService.hpp"
 
 class Defs;
 
@@ -130,22 +130,11 @@ class AbstractServer {
     ///     a/ None
     ///     b/ List mode.   ASCII file based on ECF_LISTS is defined. referred as white list file
     ///     c/ Secure mode. ASCII file based ECF_PASSWD is defined. Referred to as black list file
-    //
-    /// Returns true if the given user has access to the server, false otherwise
-    virtual bool authenticateReadAccess(const std::string& user, bool custom_user, const std::string& passwd) = 0;
-    virtual bool authenticateReadAccess(const std::string& user,
-                                        bool custom_user,
-                                        const std::string& passwd,
-                                        const std::string& path)                                              = 0;
-    virtual bool authenticateReadAccess(const std::string& user,
-                                        bool custom_user,
-                                        const std::string& passwd,
-                                        const std::vector<std::string>& paths)                                = 0;
-
-    /// Returns true if user has matching write access privileges.
-    virtual bool authenticateWriteAccess(const std::string& user)                                        = 0;
-    virtual bool authenticateWriteAccess(const std::string& user, const std::string& path)               = 0;
-    virtual bool authenticateWriteAccess(const std::string& user, const std::vector<std::string>& paths) = 0;
+    virtual ecf::AuthenticationService& authentication()             = 0;
+    virtual const ecf::AuthenticationService& authentication() const = 0;
+
+    virtual ecf::AuthorisationService& authorisation()             = 0;
+    virtual const ecf::AuthorisationService& authorisation() const = 0;
 
     /// Shutdown the server and let 'user' have exclusive lock on it.
     /// If the lock succeeds return true, (This will end up calling the shutdown()
-Original file line number
+Diff line change
@@ Expand Up / @@ -165,7 +165,7 @@ @@
                - Change a :term:`label`
                - fob
-          The following environment variables must be set for the child commands. ECF_HOST, :term:`ECF_NAME` ,:term:`ECF_PASS` and ECF_RID. See :term:`ecflow_client`.
+          The following environment variables must be set for the child commands. ECF_HOST, :term:`ECF_NAME` , :term:`ECF_PASS` and ECF_RID. See :term:`ecflow_client`.
        clock
@@ Expand Down @@