Changeset 1fc09db

Timestamp:

Sep 22, 2010 1:56:42 PM (14 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

27d964d

Parents:

3bf0b3c

Message:

unset_attribute added

File:

• fedd/federation/authorizer.py (modified) (1 diff)

fedd/federation/authorizer.py

@@ -239 +239 @@
         else:
             raise self.attribute_error("Neither name/attr nor cert is set")
+
+    def unset_attribute(self, name, attr):
+        if isinstance(name, tuple):
+            raise self.bad_name("ABAC doesn't understand three-names")
+        self.lock.acquire()
+        ctxt = ABAC.Context()
+        ids = set()
+        for c in self.context.credentials():
+            h = c.head()
+            t = c.tail()
+            if h.is_role() and t.is_principal():
+                if t.principal() == '%s' % name and \
+                        h.principal() == '%s' % self.fedid and \
+                        h.role_name() == attr:
+                    continue
+
+            id = c.issuer_cert()
+            if id not in ids:
+                ctxt.load_id_chunk(id)
+                ids.add(id)
+            ctxt.load_attribute_chunk(c.attribute_cert())
+        self.context = ctxt
+        self.lock.release()
+
 
     def check_attribute(self, name, attr):