Statistics
| Branch: | Tag: | Revision:

root / pithos / backends / lib / sqlite / permissions.py @ 95d47e1a

History | View | Annotate | Download (5 kB)

1 a9b3f29d Antony Chazapis
# Copyright 2011 GRNET S.A. All rights reserved.
2 a9b3f29d Antony Chazapis
# 
3 a9b3f29d Antony Chazapis
# Redistribution and use in source and binary forms, with or
4 a9b3f29d Antony Chazapis
# without modification, are permitted provided that the following
5 a9b3f29d Antony Chazapis
# conditions are met:
6 a9b3f29d Antony Chazapis
# 
7 a9b3f29d Antony Chazapis
#   1. Redistributions of source code must retain the above
8 a9b3f29d Antony Chazapis
#      copyright notice, this list of conditions and the following
9 a9b3f29d Antony Chazapis
#      disclaimer.
10 a9b3f29d Antony Chazapis
# 
11 a9b3f29d Antony Chazapis
#   2. Redistributions in binary form must reproduce the above
12 a9b3f29d Antony Chazapis
#      copyright notice, this list of conditions and the following
13 a9b3f29d Antony Chazapis
#      disclaimer in the documentation and/or other materials
14 a9b3f29d Antony Chazapis
#      provided with the distribution.
15 a9b3f29d Antony Chazapis
# 
16 a9b3f29d Antony Chazapis
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 a9b3f29d Antony Chazapis
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 a9b3f29d Antony Chazapis
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 a9b3f29d Antony Chazapis
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 a9b3f29d Antony Chazapis
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 a9b3f29d Antony Chazapis
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 a9b3f29d Antony Chazapis
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 a9b3f29d Antony Chazapis
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 a9b3f29d Antony Chazapis
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 a9b3f29d Antony Chazapis
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 a9b3f29d Antony Chazapis
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 a9b3f29d Antony Chazapis
# POSSIBILITY OF SUCH DAMAGE.
28 a9b3f29d Antony Chazapis
# 
29 a9b3f29d Antony Chazapis
# The views and conclusions contained in the software and
30 a9b3f29d Antony Chazapis
# documentation are those of the authors and should not be
31 a9b3f29d Antony Chazapis
# interpreted as representing official policies, either expressed
32 a9b3f29d Antony Chazapis
# or implied, of GRNET S.A.
33 a9b3f29d Antony Chazapis
34 a9b3f29d Antony Chazapis
from xfeatures import XFeatures
35 a9b3f29d Antony Chazapis
from groups import Groups
36 a9b3f29d Antony Chazapis
from public import Public
37 a9b3f29d Antony Chazapis
38 a9b3f29d Antony Chazapis
39 6f4bce7b Antony Chazapis
READ = 0
40 6f4bce7b Antony Chazapis
WRITE = 1
41 6f4bce7b Antony Chazapis
42 6f4bce7b Antony Chazapis
43 a9b3f29d Antony Chazapis
class Permissions(XFeatures, Groups, Public):
44 a9b3f29d Antony Chazapis
    
45 a9b3f29d Antony Chazapis
    def __init__(self, **params):
46 a9b3f29d Antony Chazapis
        XFeatures.__init__(self, **params)
47 a9b3f29d Antony Chazapis
        Groups.__init__(self, **params)
48 a9b3f29d Antony Chazapis
        Public.__init__(self, **params)
49 a9b3f29d Antony Chazapis
    
50 6f4bce7b Antony Chazapis
    def access_grant(self, path, access, members=()):
51 0f9d752c Antony Chazapis
        """Grant members with access to path.
52 0f9d752c Antony Chazapis
           Members can also be '*' (all),
53 0f9d752c Antony Chazapis
           or some group specified as 'owner:group'."""
54 6f4bce7b Antony Chazapis
        
55 0f9d752c Antony Chazapis
        if not members:
56 0f9d752c Antony Chazapis
            return
57 6f4bce7b Antony Chazapis
        feature = self.xfeature_create(path)
58 6f4bce7b Antony Chazapis
        if feature is None:
59 6f4bce7b Antony Chazapis
            return
60 6f4bce7b Antony Chazapis
        self.feature_setmany(feature, access, members)
61 6f4bce7b Antony Chazapis
    
62 0f9d752c Antony Chazapis
    def access_set(self, path, permissions):
63 0f9d752c Antony Chazapis
        """Set permissions for path. The permissions dict
64 0f9d752c Antony Chazapis
           maps 'read', 'write' keys to member lists."""
65 0f9d752c Antony Chazapis
        
66 0f9d752c Antony Chazapis
        self.xfeature_destroy(path)
67 0f9d752c Antony Chazapis
        self.access_grant(path, READ, permissions.get('read', []))
68 0f9d752c Antony Chazapis
        self.access_grant(path, WRITE, permissions.get('write', []))
69 0f9d752c Antony Chazapis
    
70 0f9d752c Antony Chazapis
    def access_clear(self, path):
71 0f9d752c Antony Chazapis
        """Revoke access to path (both permissions and public)."""
72 6f4bce7b Antony Chazapis
        
73 6f4bce7b Antony Chazapis
        self.xfeature_destroy(path)
74 0f9d752c Antony Chazapis
        self.public_unset(path)
75 6f4bce7b Antony Chazapis
    
76 6f4bce7b Antony Chazapis
    def access_check(self, path, access, member):
77 a9b3f29d Antony Chazapis
        """Return true if the member has this access to the path."""
78 6f4bce7b Antony Chazapis
        
79 bb4eafc6 Antony Chazapis
        if access == READ and self.public_get(path) is not None:
80 6f4bce7b Antony Chazapis
            return True
81 6f4bce7b Antony Chazapis
        
82 a9b3f29d Antony Chazapis
        r = self.xfeature_inherit(path)
83 a9b3f29d Antony Chazapis
        if not r:
84 6f4bce7b Antony Chazapis
            return False
85 a9b3f29d Antony Chazapis
        fpath, feature = r
86 6f4bce7b Antony Chazapis
        members = self.feature_get(feature, access)
87 6f4bce7b Antony Chazapis
        if member in members or '*' in members:
88 6f4bce7b Antony Chazapis
            return True
89 62f915a1 Antony Chazapis
        for owner, group in self.group_parents(member):
90 6f4bce7b Antony Chazapis
            if owner + ':' + group in members:
91 6f4bce7b Antony Chazapis
                return True
92 676edf89 Antony Chazapis
        return False
93 6f4bce7b Antony Chazapis
    
94 6f4bce7b Antony Chazapis
    def access_inherit(self, path):
95 6f4bce7b Antony Chazapis
        """Return the inherited or assigned (path, permissions) pair for path."""
96 6f4bce7b Antony Chazapis
        
97 a9b3f29d Antony Chazapis
        r = self.xfeature_inherit(path)
98 a9b3f29d Antony Chazapis
        if not r:
99 6f4bce7b Antony Chazapis
            return (path, {})
100 a9b3f29d Antony Chazapis
        fpath, feature = r
101 0f9d752c Antony Chazapis
        permissions = self.feature_dict(feature)
102 0f9d752c Antony Chazapis
        if READ in permissions:
103 0f9d752c Antony Chazapis
            permissions['read'] = permissions[READ]
104 0f9d752c Antony Chazapis
            del(permissions[READ])
105 0f9d752c Antony Chazapis
        if WRITE in permissions:
106 0f9d752c Antony Chazapis
            permissions['write'] = permissions[WRITE]
107 0f9d752c Antony Chazapis
            del(permissions[WRITE])
108 0f9d752c Antony Chazapis
        return (fpath, permissions)
109 6f4bce7b Antony Chazapis
    
110 6f4bce7b Antony Chazapis
    def access_list(self, path):
111 6f4bce7b Antony Chazapis
        """List all permission paths inherited by or inheriting from path."""
112 6f4bce7b Antony Chazapis
        
113 6f4bce7b Antony Chazapis
        return [x[0] for x in self.xfeature_list(path) if x[0] != path]
114 6f4bce7b Antony Chazapis
    
115 6f4bce7b Antony Chazapis
    def access_list_paths(self, member, prefix=None):
116 6f4bce7b Antony Chazapis
        """Return the list of paths granted to member."""
117 6f4bce7b Antony Chazapis
        
118 6f4bce7b Antony Chazapis
        q = ("select distinct path from xfeatures inner join "
119 6f4bce7b Antony Chazapis
             "   (select distinct feature_id, key from xfeaturevals inner join "
120 0f9d752c Antony Chazapis
             "      (select owner || ':' || name as value from groups "
121 7f9d881d Antony Chazapis
             "       where member = ? union select ? union select '*') "
122 a9b3f29d Antony Chazapis
             "    using (value)) "
123 6f4bce7b Antony Chazapis
             "using (feature_id)")
124 6f4bce7b Antony Chazapis
        p = (member, member)
125 6f4bce7b Antony Chazapis
        if prefix:
126 7759260d Antony Chazapis
            q += " where path like ? escape '\\'"
127 7759260d Antony Chazapis
            p += (self.escape_like(prefix) + '%',)
128 6f4bce7b Antony Chazapis
        self.execute(q, p)
129 6f4bce7b Antony Chazapis
        return [r[0] for r in self.fetchall()]
130 6f4bce7b Antony Chazapis
    
131 6f4bce7b Antony Chazapis
    def access_list_shared(self, prefix=''):
132 6f4bce7b Antony Chazapis
        """Return the list of shared paths."""
133 6f4bce7b Antony Chazapis
        
134 7759260d Antony Chazapis
        q = "select path from xfeatures where path like ? escape '\\'"
135 7759260d Antony Chazapis
        self.execute(q, (self.escape_like(prefix) + '%',))
136 6f4bce7b Antony Chazapis
        return [r[0] for r in self.fetchall()]