Changeset 78f2668 for fedd/federation/emulab_access.py

Timestamp:

Nov 30, 2010 10:48:51 AM (13 years ago)

Author:

Ted Faber <faber@…>

Branches:

axis_example, compt_changes, info-ops, master

Children:

822d31b

Parents:

027b87b

Message:

Move some functions from access to legacy_access. Rename functions so abac is the default

File:

• fedd/federation/emulab_access.py (modified) (9 diffs)

fedd/federation/emulab_access.py

@@ -16 +16 @@
 
 from access import access_base
+from legacy_access import legacy_access
 
 from util import *
@@ -41 +42 @@
 fl.addHandler(nullHandler())
 
-class access(access_base):
+class access(access_base, legacy_access):
     """
     The implementation of access control based on mapping users to projects.
@@ -119 +120 @@
         if self.auth_type == 'legacy':
             if accessdb:
-                self.read_access(accessdb, self.make_access_project)
+                self.legacy_read_access(accessdb, self.legacy_access_tuple)
         elif self.auth_type == 'abac':
             self.auth = abac_authorizer(load=self.auth_dir)
             if accessdb:
-                self.read_abac_access(accessdb, self.make_abac_access_project)
+                self.read_access(accessdb, self.access_tuple)
         else:
             raise service_error(service_error.internal, 
@@ -205 +206 @@
 
     @staticmethod
-    def make_access_project(str):
+    def legacy_access_tuple(str):
         """
         Convert a string of the form (id[:resources:resouces], id, id) into a
@@ -235 +236 @@
 
     @staticmethod
-    def make_abac_access_project(str):
+    def access_tuple(str):
         """
         Convert a string of the form (id, id) into an access_project.  This is
-        called by read_abac_access to convert to local attributes.  It returns
+        called by read_access to convert to local attributes.  It returns
         a tuple of the form (project, user, user) where the two users are
         always the same.
@@ -255 +256 @@
     # RequestAccess support routines
 
-    def lookup_access(self, req, fid):
+    def legacy_lookup_access(self, req, fid):
         """
         Look up the local access control information mapped to this fedid and
@@ -270 +271 @@
         ru = None
         # This maps a valid user to the Emulab projects and users to use
-        found, match = self.lookup_access_base(req, fid)
+        found, match = self.legacy_lookup_access_base(req, fid)
         tb, project, user = match
         
@@ -326 +327 @@
                 [ fid ]
 
-    def lookup_abac_access(self, req, fid): 
+    def lookup_access(self, req, fid): 
+        """
+        Check all the attributes that this controller knows how to map and see
+        if the requester is allowed to use any of them.  If so return one.
+        """
         # Import request credentials into this (clone later??)
-        if self.auth.import_credentials(data_list=req.get('abac_credential', [])):
+        if self.auth.import_credentials(
+                data_list=req.get('abac_credential', [])):
             self.auth.save()
 
         # Check every attribute that we know how to map and take the first
         # success.
-        print "%s" %self.auth
         for attr in (self.access.keys()):
             if self.auth.check_attribute(fid, attr):
@@ -491 +496 @@
 
         if self.auth_type == "legacy":
+            found, dyn, owners = self.legacy_lookup_access(req, fid)
+        elif self.auth_type == 'abac':
             found, dyn, owners = self.lookup_access(req, fid)
-        elif self.auth_type == 'abac':
-            found, dyn, owners = self.lookup_abac_access(req, fid)
         else:
             raise service_error(service_error.internal,