Changeset dee164e for fedd/federation/emulab_access.py
- Timestamp:
- Nov 30, 2010 7:20:16 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c324ad3
- Parents:
- 4692a16
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/emulab_access.py
r4692a16 rdee164e 328 328 [ fid ] 329 329 330 def lookup_access(self, req, fid, filter=None, compare=None):331 """332 Check all the attributes that this controller knows how to map and see333 if the requester is allowed to use any of them. If so return one.334 Filter defined the objects to check - it's a function that returns true335 for the objects to check - and cmp defines the order to check them in336 as the cmp field of sorted(). If filter is None, all possibilities are337 checked. If cmp is None, the choices are sorted by priority.338 """339 340 # Import request credentials into this (clone later??)341 if self.auth.import_credentials(342 data_list=req.get('abac_credential', [])):343 self.auth.save()344 345 # NB: in the default case (the else), the comparison order is reversed346 # so numerically larger priorities are checked first.347 if compare: c = compare348 else: c = lambda(a, b): cmp(b,a)349 350 if filter: f = filter351 else: f = lambda(x): True352 353 check = sorted([ a for a in self.access if f(a)], cmp=c)354 355 # Check every attribute that we know how to map and take the first356 # success.357 for attr in check:358 if self.auth.check_attribute(fid, attr.attr):359 self.log.debug("Access succeeded for %s %s" % (attr.attr, fid))360 # XXX: needs to deal with dynamics361 return copy.copy(attr.value), (False, False, False), \362 [ fid ]363 else:364 self.log.debug("Access failed for %s %s" % (attr.attr, fid))365 else:366 raise service_error(service_error.access, "Access denied")367 368 369 330 def do_project_allocation(self, dyn, project, user): 370 331 """
Note: See TracChangeset
for help on using the changeset viewer.