Statistics
| Branch: | Tag: | Revision:

root / pithos / backends / lib / sqlite / permissions.py @ 371d907a

History | View | Annotate | Download (5.5 kB)

1 2e662088 Antony Chazapis
# Copyright 2011-2012 GRNET S.A. All rights reserved.
2 a9b3f29d Antony Chazapis
# 
3 a9b3f29d Antony Chazapis
# Redistribution and use in source and binary forms, with or
4 a9b3f29d Antony Chazapis
# without modification, are permitted provided that the following
5 a9b3f29d Antony Chazapis
# conditions are met:
6 a9b3f29d Antony Chazapis
# 
7 a9b3f29d Antony Chazapis
#   1. Redistributions of source code must retain the above
8 a9b3f29d Antony Chazapis
#      copyright notice, this list of conditions and the following
9 a9b3f29d Antony Chazapis
#      disclaimer.
10 a9b3f29d Antony Chazapis
# 
11 a9b3f29d Antony Chazapis
#   2. Redistributions in binary form must reproduce the above
12 a9b3f29d Antony Chazapis
#      copyright notice, this list of conditions and the following
13 a9b3f29d Antony Chazapis
#      disclaimer in the documentation and/or other materials
14 a9b3f29d Antony Chazapis
#      provided with the distribution.
15 a9b3f29d Antony Chazapis
# 
16 a9b3f29d Antony Chazapis
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 a9b3f29d Antony Chazapis
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 a9b3f29d Antony Chazapis
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 a9b3f29d Antony Chazapis
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 a9b3f29d Antony Chazapis
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 a9b3f29d Antony Chazapis
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 a9b3f29d Antony Chazapis
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 a9b3f29d Antony Chazapis
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 a9b3f29d Antony Chazapis
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 a9b3f29d Antony Chazapis
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 a9b3f29d Antony Chazapis
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 a9b3f29d Antony Chazapis
# POSSIBILITY OF SUCH DAMAGE.
28 a9b3f29d Antony Chazapis
# 
29 a9b3f29d Antony Chazapis
# The views and conclusions contained in the software and
30 a9b3f29d Antony Chazapis
# documentation are those of the authors and should not be
31 a9b3f29d Antony Chazapis
# interpreted as representing official policies, either expressed
32 a9b3f29d Antony Chazapis
# or implied, of GRNET S.A.
33 a9b3f29d Antony Chazapis
34 a9b3f29d Antony Chazapis
from xfeatures import XFeatures
35 a9b3f29d Antony Chazapis
from groups import Groups
36 a9b3f29d Antony Chazapis
from public import Public
37 a9b3f29d Antony Chazapis
38 a9b3f29d Antony Chazapis
39 6f4bce7b Antony Chazapis
READ = 0
40 6f4bce7b Antony Chazapis
WRITE = 1
41 6f4bce7b Antony Chazapis
42 6f4bce7b Antony Chazapis
43 a9b3f29d Antony Chazapis
class Permissions(XFeatures, Groups, Public):
44 a9b3f29d Antony Chazapis
    
45 a9b3f29d Antony Chazapis
    def __init__(self, **params):
46 a9b3f29d Antony Chazapis
        XFeatures.__init__(self, **params)
47 a9b3f29d Antony Chazapis
        Groups.__init__(self, **params)
48 a9b3f29d Antony Chazapis
        Public.__init__(self, **params)
49 a9b3f29d Antony Chazapis
    
50 6f4bce7b Antony Chazapis
    def access_grant(self, path, access, members=()):
51 0f9d752c Antony Chazapis
        """Grant members with access to path.
52 0f9d752c Antony Chazapis
           Members can also be '*' (all),
53 0f9d752c Antony Chazapis
           or some group specified as 'owner:group'."""
54 6f4bce7b Antony Chazapis
        
55 0f9d752c Antony Chazapis
        if not members:
56 0f9d752c Antony Chazapis
            return
57 6f4bce7b Antony Chazapis
        feature = self.xfeature_create(path)
58 6f4bce7b Antony Chazapis
        self.feature_setmany(feature, access, members)
59 6f4bce7b Antony Chazapis
    
60 0f9d752c Antony Chazapis
    def access_set(self, path, permissions):
61 0f9d752c Antony Chazapis
        """Set permissions for path. The permissions dict
62 0f9d752c Antony Chazapis
           maps 'read', 'write' keys to member lists."""
63 0f9d752c Antony Chazapis
        
64 5e068361 Antony Chazapis
        r = permissions.get('read', [])
65 5e068361 Antony Chazapis
        w = permissions.get('write', [])
66 5e068361 Antony Chazapis
        if not r and not w:
67 5e068361 Antony Chazapis
            self.xfeature_destroy(path)
68 5e068361 Antony Chazapis
            return
69 5e068361 Antony Chazapis
        feature = self.xfeature_create(path)
70 5e068361 Antony Chazapis
        if r:
71 71dbc012 Antony Chazapis
            self.feature_clear(feature, READ)
72 5e068361 Antony Chazapis
            self.feature_setmany(feature, READ, r)
73 5e068361 Antony Chazapis
        if w:
74 71dbc012 Antony Chazapis
            self.feature_clear(feature, WRITE)
75 5e068361 Antony Chazapis
            self.feature_setmany(feature, WRITE, w)
76 0f9d752c Antony Chazapis
    
77 92da0e5a Antony Chazapis
    def access_get(self, path):
78 cf341da4 Antony Chazapis
        """Get permissions for path."""
79 cf341da4 Antony Chazapis
        
80 92da0e5a Antony Chazapis
        feature = self.xfeature_get(path)
81 92da0e5a Antony Chazapis
        if not feature:
82 71dbc012 Antony Chazapis
            return {}
83 92da0e5a Antony Chazapis
        permissions = self.feature_dict(feature)
84 92da0e5a Antony Chazapis
        if READ in permissions:
85 92da0e5a Antony Chazapis
            permissions['read'] = permissions[READ]
86 92da0e5a Antony Chazapis
            del(permissions[READ])
87 92da0e5a Antony Chazapis
        if WRITE in permissions:
88 92da0e5a Antony Chazapis
            permissions['write'] = permissions[WRITE]
89 92da0e5a Antony Chazapis
            del(permissions[WRITE])
90 92da0e5a Antony Chazapis
        return permissions
91 92da0e5a Antony Chazapis
    
92 0f9d752c Antony Chazapis
    def access_clear(self, path):
93 0f9d752c Antony Chazapis
        """Revoke access to path (both permissions and public)."""
94 6f4bce7b Antony Chazapis
        
95 6f4bce7b Antony Chazapis
        self.xfeature_destroy(path)
96 0f9d752c Antony Chazapis
        self.public_unset(path)
97 6f4bce7b Antony Chazapis
    
98 6f4bce7b Antony Chazapis
    def access_check(self, path, access, member):
99 a9b3f29d Antony Chazapis
        """Return true if the member has this access to the path."""
100 6f4bce7b Antony Chazapis
        
101 43763394 Antony Chazapis
        feature = self.xfeature_get(path)
102 43763394 Antony Chazapis
        if not feature:
103 6f4bce7b Antony Chazapis
            return False
104 6f4bce7b Antony Chazapis
        members = self.feature_get(feature, access)
105 6f4bce7b Antony Chazapis
        if member in members or '*' in members:
106 6f4bce7b Antony Chazapis
            return True
107 62f915a1 Antony Chazapis
        for owner, group in self.group_parents(member):
108 6f4bce7b Antony Chazapis
            if owner + ':' + group in members:
109 6f4bce7b Antony Chazapis
                return True
110 676edf89 Antony Chazapis
        return False
111 6f4bce7b Antony Chazapis
    
112 6f4bce7b Antony Chazapis
    def access_inherit(self, path):
113 43763394 Antony Chazapis
        """Return the paths influencing the access for path."""
114 6f4bce7b Antony Chazapis
        
115 d83c93c9 Antony Chazapis
#         r = self.xfeature_inherit(path)
116 d83c93c9 Antony Chazapis
#         if not r:
117 d83c93c9 Antony Chazapis
#             return []
118 d83c93c9 Antony Chazapis
#         # Compute valid.
119 d83c93c9 Antony Chazapis
#         return [x[0] for x in r if x[0] in valid]
120 43763394 Antony Chazapis
        
121 43763394 Antony Chazapis
        # Only keep path components.
122 43763394 Antony Chazapis
        parts = path.rstrip('/').split('/')
123 43763394 Antony Chazapis
        valid = []
124 43763394 Antony Chazapis
        for i in range(1, len(parts)):
125 43763394 Antony Chazapis
            subp = '/'.join(parts[:i + 1])
126 43763394 Antony Chazapis
            valid.append(subp)
127 d83c93c9 Antony Chazapis
            if subp != path:
128 d83c93c9 Antony Chazapis
                valid.append(subp + '/')
129 d83c93c9 Antony Chazapis
        return [x for x in valid if self.xfeature_get(x)]
130 6f4bce7b Antony Chazapis
    
131 6f4bce7b Antony Chazapis
    def access_list_paths(self, member, prefix=None):
132 6f4bce7b Antony Chazapis
        """Return the list of paths granted to member."""
133 6f4bce7b Antony Chazapis
        
134 6f4bce7b Antony Chazapis
        q = ("select distinct path from xfeatures inner join "
135 6f4bce7b Antony Chazapis
             "   (select distinct feature_id, key from xfeaturevals inner join "
136 0f9d752c Antony Chazapis
             "      (select owner || ':' || name as value from groups "
137 7f9d881d Antony Chazapis
             "       where member = ? union select ? union select '*') "
138 a9b3f29d Antony Chazapis
             "    using (value)) "
139 6f4bce7b Antony Chazapis
             "using (feature_id)")
140 6f4bce7b Antony Chazapis
        p = (member, member)
141 6f4bce7b Antony Chazapis
        if prefix:
142 7759260d Antony Chazapis
            q += " where path like ? escape '\\'"
143 7759260d Antony Chazapis
            p += (self.escape_like(prefix) + '%',)
144 6f4bce7b Antony Chazapis
        self.execute(q, p)
145 6f4bce7b Antony Chazapis
        return [r[0] for r in self.fetchall()]
146 6f4bce7b Antony Chazapis
    
147 6f4bce7b Antony Chazapis
    def access_list_shared(self, prefix=''):
148 6f4bce7b Antony Chazapis
        """Return the list of shared paths."""
149 6f4bce7b Antony Chazapis
        
150 7759260d Antony Chazapis
        q = "select path from xfeatures where path like ? escape '\\'"
151 7759260d Antony Chazapis
        self.execute(q, (self.escape_like(prefix) + '%',))
152 6f4bce7b Antony Chazapis
        return [r[0] for r in self.fetchall()]