Changeset d03c991 for fedd/federation
- Timestamp:
- Dec 2, 2010 10:33:23 AM (14 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 61a634d
- Parents:
- de86b35
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/dragon_access.py
rde86b35 rd03c991 12 12 from subprocess import Popen, call, PIPE, STDOUT 13 13 from access import access_base 14 from legacy_access import legacy_access 14 15 15 16 from util import * 16 17 from allocate_project import allocate_project_local, allocate_project_remote 17 18 from fedid import fedid, generate_fedid 18 from authorizer import authorizer 19 from authorizer import authorizer, abac_authorizer 19 20 from service_error import service_error 20 21 from remote_service import xmlrpc_handler, soap_handler, service_caller … … 37 38 fl.addHandler(nullHandler()) 38 39 39 class access(access_base ):40 class access(access_base, legacy_access): 40 41 """ 41 42 The implementation of access control based on mapping users to projects. … … 65 66 self.read_access(config.get("access", "accessdb"), self.make_repo) 66 67 67 # Add the ownership attributes to the authorizer. Note that the 68 # indices of the allocation dict are strings, but the attributes are 69 # fedids, so there is a conversion. 70 self.state_lock.acquire() 71 for k in self.state.keys(): 72 for o in self.state[k].get('owners', []): 73 self.auth.set_attribute(o, fedid(hexstr=k)) 74 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k)) 75 self.state_lock.release() 76 77 self.lookup_access = self.lookup_access_base 68 69 # authorization information 70 self.auth_type = config.get('access', 'auth_type') \ 71 or 'legacy' 72 self.auth_dir = config.get('access', 'auth_dir') 73 accessdb = config.get("access", "accessdb") 74 # initialize the authorization system 75 if self.auth_type == 'legacy': 76 self.access = { } 77 if accessdb: 78 self.legacy_read_access(accessdb, self.make_repo) 79 # Add the ownership attributes to the authorizer. Note that the 80 # indices of the allocation dict are strings, but the attributes are 81 # fedids, so there is a conversion. 82 self.state_lock.acquire() 83 for k in self.state.keys(): 84 for o in self.state[k].get('owners', []): 85 self.auth.set_attribute(o, fedid(hexstr=k)) 86 self.auth.set_attribute(fedid(hexstr=k),fedid(hexstr=k)) 87 self.state_lock.release() 88 self.lookup_access = self.legacy_lookup_access_base 89 elif self.auth_type == 'abac': 90 self.auth = abac_authorizer(load=self.auth_dir) 91 self.access = [ ] 92 if accessdb: 93 self.read_access(accessdb, self.make_repo) 94 else: 95 raise service_error(service_error.internal, 96 "Unknown auth_type: %s" % self.auth_type) 78 97 79 98 self.call_GetValue= service_caller('GetValue') … … 125 144 126 145 # Request for this fedd 127 found, match = self.lookup_access(req, fid)146 found, match, owners = self.lookup_access(req, fid) 128 147 # keep track of what's been added 129 148 allocID, alloc_cert = generate_fedid(subj="alloc", log=self.log) … … 133 152 self.state[aid] = { } 134 153 self.state[aid]['user'] = found 135 self.state[aid]['owners'] = [ fid ]154 self.state[aid]['owners'] = owners 136 155 self.write_state() 137 156 self.state_lock.release() 138 157 self.auth.set_attribute(fid, allocID) 139 158 self.auth.set_attribute(allocID, allocID) 159 self.auth.save() 140 160 141 161 try:
Note: See TracChangeset
for help on using the changeset viewer.