Changeset 78f2668 for fedd/federation/emulab_access.py
- Timestamp:
- Nov 30, 2010 10:48:51 AM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 822d31b
- Parents:
- 027b87b
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/emulab_access.py
r027b87b r78f2668 16 16 17 17 from access import access_base 18 from legacy_access import legacy_access 18 19 19 20 from util import * … … 41 42 fl.addHandler(nullHandler()) 42 43 43 class access(access_base ):44 class access(access_base, legacy_access): 44 45 """ 45 46 The implementation of access control based on mapping users to projects. … … 119 120 if self.auth_type == 'legacy': 120 121 if accessdb: 121 self. read_access(accessdb, self.make_access_project)122 self.legacy_read_access(accessdb, self.legacy_access_tuple) 122 123 elif self.auth_type == 'abac': 123 124 self.auth = abac_authorizer(load=self.auth_dir) 124 125 if accessdb: 125 self.read_a bac_access(accessdb, self.make_abac_access_project)126 self.read_access(accessdb, self.access_tuple) 126 127 else: 127 128 raise service_error(service_error.internal, … … 205 206 206 207 @staticmethod 207 def make_access_project(str):208 def legacy_access_tuple(str): 208 209 """ 209 210 Convert a string of the form (id[:resources:resouces], id, id) into a … … 235 236 236 237 @staticmethod 237 def make_abac_access_project(str):238 def access_tuple(str): 238 239 """ 239 240 Convert a string of the form (id, id) into an access_project. This is 240 called by read_a bac_access to convert to local attributes. It returns241 called by read_access to convert to local attributes. It returns 241 242 a tuple of the form (project, user, user) where the two users are 242 243 always the same. … … 255 256 # RequestAccess support routines 256 257 257 def l ookup_access(self, req, fid):258 def legacy_lookup_access(self, req, fid): 258 259 """ 259 260 Look up the local access control information mapped to this fedid and … … 270 271 ru = None 271 272 # This maps a valid user to the Emulab projects and users to use 272 found, match = self.l ookup_access_base(req, fid)273 found, match = self.legacy_lookup_access_base(req, fid) 273 274 tb, project, user = match 274 275 … … 326 327 [ fid ] 327 328 328 def lookup_abac_access(self, req, fid): 329 def lookup_access(self, req, fid): 330 """ 331 Check all the attributes that this controller knows how to map and see 332 if the requester is allowed to use any of them. If so return one. 333 """ 329 334 # Import request credentials into this (clone later??) 330 if self.auth.import_credentials(data_list=req.get('abac_credential', [])): 335 if self.auth.import_credentials( 336 data_list=req.get('abac_credential', [])): 331 337 self.auth.save() 332 338 333 339 # Check every attribute that we know how to map and take the first 334 340 # success. 335 print "%s" %self.auth336 341 for attr in (self.access.keys()): 337 342 if self.auth.check_attribute(fid, attr): … … 491 496 492 497 if self.auth_type == "legacy": 498 found, dyn, owners = self.legacy_lookup_access(req, fid) 499 elif self.auth_type == 'abac': 493 500 found, dyn, owners = self.lookup_access(req, fid) 494 elif self.auth_type == 'abac':495 found, dyn, owners = self.lookup_abac_access(req, fid)496 501 else: 497 502 raise service_error(service_error.internal,
Note: See TracChangeset
for help on using the changeset viewer.