Changeset dee164e for fedd/federation/access.py
- Timestamp:
- Nov 30, 2010 7:20:16 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c324ad3
- Parents:
- 4692a16
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/access.py
r4692a16 rdee164e 132 132 133 133 134 def read_access(self, fn, access_obj=None ):134 def read_access(self, fn, access_obj=None, default=[]): 135 135 """ 136 136 Read an access DB of the form … … 188 188 if a.attr in priorities: 189 189 a.priority = priorities[a.attr] 190 191 # default access mappings 192 for a, v in default: 193 self.access.append( 194 access_base.access_attribute(attr=a, value=v, pri=0)) 195 196 190 197 191 198 def write_state(self): … … 226 233 self.log.warning(("[read_state]: No saved state: " + \ 227 234 "Unpickling failed: %s") % e) 235 236 def lookup_access(self, req, fid, filter=None, compare=None): 237 """ 238 Check all the attributes that this controller knows how to map and see 239 if the requester is allowed to use any of them. If so return one. 240 Filter defined the objects to check - it's a function that returns true 241 for the objects to check - and cmp defines the order to check them in 242 as the cmp field of sorted(). If filter is None, all possibilities are 243 checked. If cmp is None, the choices are sorted by priority. 244 """ 245 246 # Import request credentials into this (clone later??) 247 if self.auth.import_credentials( 248 data_list=req.get('abac_credential', [])): 249 self.auth.save() 250 251 # NB: in the default case (the else), the comparison order is reversed 252 # so numerically larger priorities are checked first. 253 if compare: c = compare 254 else: c = lambda(a, b): cmp(b,a) 255 256 if filter: f = filter 257 else: f = lambda(x): True 258 259 check = sorted([ a for a in self.access if f(a)], cmp=c) 260 261 # Check every attribute that we know how to map and take the first 262 # success. 263 for attr in check: 264 if self.auth.check_attribute(fid, attr.attr): 265 self.log.debug("Access succeeded for %s %s" % (attr.attr, fid)) 266 # XXX: needs to deal with dynamics 267 return copy.copy(attr.value), (False, False, False), \ 268 [ fid ] 269 else: 270 self.log.debug("Access failed for %s %s" % (attr.attr, fid)) 271 else: 272 raise service_error(service_error.access, "Access denied") 273 228 274 229 275
Note: See TracChangeset
for help on using the changeset viewer.