1 # Copyright 2011 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
34 from xfeatures import XFeatures
35 from groups import Groups
36 from public import Public
39 class Permissions(XFeatures, Groups, Public):
41 def __init__(self, **params):
42 XFeatures.__init__(self, **params)
43 Groups.__init__(self, **params)
44 Public.__init__(self, **params)
46 def access_grant(self, access, path, member='all', members=()):
47 """Grant a member with an access to a path."""
48 xfeatures = self.xfeature_list(path)
50 if xfl > 1 or (xfl == 1 and xfeatures[0][0] != path):
53 feature = self.alloc_serial()
54 self.xfeature_bestow(path, feature)
56 fpath, feature = xfeatures[0]
59 self.feature_setmany(feature, access, members)
61 self.feature_set(feature, access, member)
65 def access_revoke(self, access, path, member='all', members=()):
66 """Revoke access to path from members.
67 Note that this will not revoke access for members
68 that are indirectly granted access through group membership.
70 # XXX: Maybe provide a force_revoke that will kick out
71 # all groups containing the given members?
72 xfeatures = self.xfeature_list(path)
74 if xfl != 1 or xfeatures[0][0] != path:
77 fpath, feature = xfeatures[0]
80 self.feature_unsetmany(feature, access, members=members)
82 self.feature_unset(feature, access, member)
84 # XXX: provide a meaningful return value?
88 def access_check(self, access, path, member):
89 """Return true if the member has this access to the path."""
90 r = self.xfeature_inherit(path)
95 memberset = set(self.feature_get(feature, access))
96 if member in memberset:
99 for group in self.group_parents(self, member):
100 if group in memberset:
105 def access_list(self, path):
106 """Return the list of (access, member) pairs for the path."""
107 r = self.xfeature_inherit(path)
112 return self.feature_list(feature)
114 def access_list_paths(self, member):
115 """Return the list of (access, path) pairs granted to member."""
116 q = ("select distinct key, path from xfeatures inner join "
117 " (select distinct feature, key from xfeaturevals inner join "
118 " (select name as value from members "
119 " where member = ? union select ?) "
123 self.execute(q, (member, member))
124 return self.fetchall()