Changeset e83f2f2 for fedd/federation/authorizer.py
- Timestamp:
- Dec 14, 2010 6:58:28 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- c092b7f
- Parents:
- 2627eb3
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/authorizer.py
r2627eb3 re83f2f2 1 1 #/usr/local/bin/python 2 2 3 from string import join4 3 from tempfile import mkstemp 5 4 from subprocess import call … … 12 11 from service_error import service_error 13 12 from util import abac_pem_type, abac_split_cert 13 from proof import proof 14 14 15 15 … … 116 116 if attrs: attrs.discard(attr) 117 117 118 def check_attribute(self, name, attr ):118 def check_attribute(self, name, attr, with_proof=False): 119 119 """ 120 120 Return True if name has attr (or if attr is global). Tuple names match … … 130 130 self.valid_name(name) 131 131 if attr in self.globals: 132 return True 132 if with_proof: return True, proof("me", name, attr) 133 else: return True 133 134 134 135 if isinstance(name, tuple): … … 137 138 if self.attrs.has_key(lookup): 138 139 if attr in self.attrs[lookup]: 139 return True 140 else: 141 return attr in self.attrs.get(self.auth_name(name), set()) 140 if with_proof: return True, proof("me", name, attr) 141 else: return True 142 # Drop through 143 if with_proof: return False, proof("me", name, attr) 144 else: return False 145 else: 146 if with_proof: 147 return attr in self.attrs.get(self.auth_name(name), set()), \ 148 proof("me", name, attr) 149 else: 150 return attr in self.attrs.get(self.auth_name(name), set()) 142 151 143 152 def set_global_attribute(self, attr): … … 375 384 376 385 377 def check_attribute(self, name, attr): 378 # XXX proof soon 386 def check_attribute(self, name, attr, with_proof=False): 379 387 if isinstance(name, tuple): 380 388 raise abac_authorizer.bad_name( … … 399 407 # Sigh. Unicode vs swig and swig seems to lose. Make sure 400 408 # everything we pass into ABAC is a str not a unicode. 401 rv, p roof= self.context.query(a, n)409 rv, p = self.context.query(a, n) 402 410 # XXX delete soon 403 if not rv and attr in self.globals: rv = True 404 self.lock.release() 405 406 return rv 411 if not rv and attr in self.globals: 412 rv = True 413 p = None 414 self.lock.release() 415 if with_proof: return rv, proof(self.fedid, name, a, p) 416 else: return rv 407 417 408 418 def set_global_attribute(self, attr):
Note: See TracChangeset
for help on using the changeset viewer.