Changeset 1fc09db for fedd/federation


Ignore:
Timestamp:
Sep 22, 2010 1:56:42 PM (14 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
27d964d
Parents:
3bf0b3c
Message:

unset_attribute added

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/authorizer.py

    r3bf0b3c r1fc09db  
    239239        else:
    240240            raise self.attribute_error("Neither name/attr nor cert is set")
     241
     242    def unset_attribute(self, name, attr):
     243        if isinstance(name, tuple):
     244            raise self.bad_name("ABAC doesn't understand three-names")
     245        self.lock.acquire()
     246        ctxt = ABAC.Context()
     247        ids = set()
     248        for c in self.context.credentials():
     249            h = c.head()
     250            t = c.tail()
     251            if h.is_role() and t.is_principal():
     252                if t.principal() == '%s' % name and \
     253                        h.principal() == '%s' % self.fedid and \
     254                        h.role_name() == attr:
     255                    continue
     256
     257            id = c.issuer_cert()
     258            if id not in ids:
     259                ctxt.load_id_chunk(id)
     260                ids.add(id)
     261            ctxt.load_attribute_chunk(c.attribute_cert())
     262        self.context = ctxt
     263        self.lock.release()
     264
    241265
    242266    def check_attribute(self, name, attr):
Note: See TracChangeset for help on using the changeset viewer.