Ignore:
Timestamp:
Dec 10, 2010 6:25:50 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
9973d57
Parents:
b16cfc0
Message:

Access controllers delete (some) unused ABAC attrs.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • fedd/federation/access.py

    rb16cfc0 rc65b7e4  
    233233                self.log.warning(("[read_state]: No saved state: " + \
    234234                        "Unpickling failed: %s") % e)
     235
     236    def append_allocation_authorization(self, aid, attrs,
     237            need_state_lock=False, write_state_file=False, state_attr='state'):
     238        """
     239        Append the authorization information to system state.  By default we
     240        assume this is called with the state lock and with a write of the state
     241        file in the near future, need_state_lock and write_state_file can
     242        override this.  The state_attr is the attribute in the access class
     243        that holds the per allocation information.  Some complex classes use
     244        different names for the dict.
     245        """
     246
     247        for p, a in attrs:
     248            self.auth.set_attribute(p, a)
     249        self.auth.save()
     250
     251        if need_state_lock: self.state_lock.acquire()
     252        d = getattr(self, state_attr)
     253        if aid in d and 'auth' in d[aid]:
     254            d[aid]['auth'].update(attrs)
     255        if write_state_file: self.write_state()
     256        if need_state_lock: self.state_lock.release()
     257
     258    def clear_allocation_authorization(self, aid, need_state_lock=False,
     259            write_state_file=False, state_attr='state'):
     260        """
     261        Attrs is a set of attribute principal pairs that need to be removed
     262        from the authenticator.  Remove them and save the authenticator.  See
     263        append_allocation_authorization for the various overrides.
     264        """
     265
     266        if need_state_lock: self.state_lock.acquire()
     267        d = getattr(self, state_attr)
     268        if aid in d and 'auth' in d[aid]:
     269            for p, a in d[aid]['auth']:
     270                self.auth.unset_attribute(p, a)
     271            d[aid]['auth'] = set()
     272        if write_state_file: self.write_state()
     273        if need_state_lock: self.state_lock.release()
     274        self.auth.save()
    235275
    236276    def lookup_access(self, req, fid, filter=None, compare=None):
Note: See TracChangeset for help on using the changeset viewer.