/snf-pithos-backend/pithos/backends/lib/sqlite/permissions.py - Annotate - Synnefo - Greek Research and Technology Network's projects

| Branch: | Tag: | Revision:

root / snf-pithos-backend / pithos / backends / lib / sqlite / permissions.py @ a5b0519c

History | View | Annotate | Download (6.1 kB)

1	2e662088	Antony Chazapis	# Copyright 2011-2012 GRNET S.A. All rights reserved.
2	2715ade4	Sofia Papagiannaki	#
3	a9b3f29d	Antony Chazapis	# Redistribution and use in source and binary forms, with or
4	a9b3f29d	Antony Chazapis	# without modification, are permitted provided that the following
5	a9b3f29d	Antony Chazapis	# conditions are met:
6	2715ade4	Sofia Papagiannaki	#
7	a9b3f29d	Antony Chazapis	# 1. Redistributions of source code must retain the above
8	a9b3f29d	Antony Chazapis	# copyright notice, this list of conditions and the following
9	a9b3f29d	Antony Chazapis	# disclaimer.
10	2715ade4	Sofia Papagiannaki	#
11	a9b3f29d	Antony Chazapis	# 2. Redistributions in binary form must reproduce the above
12	a9b3f29d	Antony Chazapis	# copyright notice, this list of conditions and the following
13	a9b3f29d	Antony Chazapis	# disclaimer in the documentation and/or other materials
14	a9b3f29d	Antony Chazapis	# provided with the distribution.
15	2715ade4	Sofia Papagiannaki	#
16	a9b3f29d	Antony Chazapis	# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17	a9b3f29d	Antony Chazapis	# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18	a9b3f29d	Antony Chazapis	# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19	a9b3f29d	Antony Chazapis	# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20	a9b3f29d	Antony Chazapis	# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21	a9b3f29d	Antony Chazapis	# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22	a9b3f29d	Antony Chazapis	# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23	a9b3f29d	Antony Chazapis	# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24	a9b3f29d	Antony Chazapis	# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25	a9b3f29d	Antony Chazapis	# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26	a9b3f29d	Antony Chazapis	# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27	a9b3f29d	Antony Chazapis	# POSSIBILITY OF SUCH DAMAGE.
28	2715ade4	Sofia Papagiannaki	#
29	a9b3f29d	Antony Chazapis	# The views and conclusions contained in the software and
30	a9b3f29d	Antony Chazapis	# documentation are those of the authors and should not be
31	a9b3f29d	Antony Chazapis	# interpreted as representing official policies, either expressed
32	a9b3f29d	Antony Chazapis	# or implied, of GRNET S.A.
33	a9b3f29d	Antony Chazapis
34	a9b3f29d	Antony Chazapis	from xfeatures import XFeatures
35	a9b3f29d	Antony Chazapis	from groups import Groups
36	a9b3f29d	Antony Chazapis	from public import Public
37	a9b3f29d	Antony Chazapis
38	a9b3f29d	Antony Chazapis
39	6f4bce7b	Antony Chazapis	READ = 0
40	6f4bce7b	Antony Chazapis	WRITE = 1
41	6f4bce7b	Antony Chazapis
42	6f4bce7b	Antony Chazapis
43	a9b3f29d	Antony Chazapis	class Permissions(XFeatures, Groups, Public):
44	2715ade4	Sofia Papagiannaki
45	a9b3f29d	Antony Chazapis	def __init__(self, **params):
46	a9b3f29d	Antony Chazapis	XFeatures.__init__(self, **params)
47	a9b3f29d	Antony Chazapis	Groups.__init__(self, **params)
48	a9b3f29d	Antony Chazapis	Public.__init__(self, **params)
49	2715ade4	Sofia Papagiannaki
50	6f4bce7b	Antony Chazapis	def access_grant(self, path, access, members=()):
51	0f9d752c	Antony Chazapis	"""Grant members with access to path.
52	0f9d752c	Antony Chazapis	Members can also be '*' (all),
53	0f9d752c	Antony Chazapis	or some group specified as 'owner:group'."""
54	2715ade4	Sofia Papagiannaki
55	0f9d752c	Antony Chazapis	if not members:
56	0f9d752c	Antony Chazapis	return
57	6f4bce7b	Antony Chazapis	feature = self.xfeature_create(path)
58	6f4bce7b	Antony Chazapis	self.feature_setmany(feature, access, members)
59	2715ade4	Sofia Papagiannaki
60	0f9d752c	Antony Chazapis	def access_set(self, path, permissions):
61	0f9d752c	Antony Chazapis	"""Set permissions for path. The permissions dict
62	0f9d752c	Antony Chazapis	maps 'read', 'write' keys to member lists."""
63	2715ade4	Sofia Papagiannaki
64	5e068361	Antony Chazapis	r = permissions.get('read', [])
65	5e068361	Antony Chazapis	w = permissions.get('write', [])
66	5e068361	Antony Chazapis	if not r and not w:
67	5e068361	Antony Chazapis	self.xfeature_destroy(path)
68	5e068361	Antony Chazapis	return
69	5e068361	Antony Chazapis	feature = self.xfeature_create(path)
70	345dcf39	Antony Chazapis	self.feature_clear(feature, READ)
71	345dcf39	Antony Chazapis	self.feature_clear(feature, WRITE)
72	5e068361	Antony Chazapis	if r:
73	5e068361	Antony Chazapis	self.feature_setmany(feature, READ, r)
74	5e068361	Antony Chazapis	if w:
75	5e068361	Antony Chazapis	self.feature_setmany(feature, WRITE, w)
76	2715ade4	Sofia Papagiannaki
77	92da0e5a	Antony Chazapis	def access_get(self, path):
78	cf341da4	Antony Chazapis	"""Get permissions for path."""
79	2715ade4	Sofia Papagiannaki
80	92da0e5a	Antony Chazapis	feature = self.xfeature_get(path)
81	92da0e5a	Antony Chazapis	if not feature:
82	71dbc012	Antony Chazapis	return {}
83	92da0e5a	Antony Chazapis	permissions = self.feature_dict(feature)
84	92da0e5a	Antony Chazapis	if READ in permissions:
85	92da0e5a	Antony Chazapis	permissions['read'] = permissions[READ]
86	92da0e5a	Antony Chazapis	del(permissions[READ])
87	92da0e5a	Antony Chazapis	if WRITE in permissions:
88	92da0e5a	Antony Chazapis	permissions['write'] = permissions[WRITE]
89	92da0e5a	Antony Chazapis	del(permissions[WRITE])
90	92da0e5a	Antony Chazapis	return permissions
91	2715ade4	Sofia Papagiannaki
92	a74ba506	Sofia Papagiannaki	def access_members(self, path):
93	a74ba506	Sofia Papagiannaki	feature = self.xfeature_get(path)
94	a74ba506	Sofia Papagiannaki	if not feature:
95	a74ba506	Sofia Papagiannaki	return []
96	a74ba506	Sofia Papagiannaki	permissions = self.feature_dict(feature)
97	a74ba506	Sofia Papagiannaki	members = set()
98	a74ba506	Sofia Papagiannaki	members.update(permissions.get(READ, []))
99	a74ba506	Sofia Papagiannaki	members.update(permissions.get(WRITE, []))
100	a74ba506	Sofia Papagiannaki	for m in set(members):
101	a74ba506	Sofia Papagiannaki	parts = m.split(':', 1)
102	a74ba506	Sofia Papagiannaki	if len(parts) != 2:
103	a74ba506	Sofia Papagiannaki	continue
104	a74ba506	Sofia Papagiannaki	user, group = parts
105	a74ba506	Sofia Papagiannaki	members.remove(m)
106	a74ba506	Sofia Papagiannaki	members.update(self.group_members(user, group))
107	a74ba506	Sofia Papagiannaki	return members
108	2715ade4	Sofia Papagiannaki
109	0f9d752c	Antony Chazapis	def access_clear(self, path):
110	0f9d752c	Antony Chazapis	"""Revoke access to path (both permissions and public)."""
111	2715ade4	Sofia Papagiannaki
112	6f4bce7b	Antony Chazapis	self.xfeature_destroy(path)
113	0f9d752c	Antony Chazapis	self.public_unset(path)
114	2715ade4	Sofia Papagiannaki
115	4d15c94e	Sofia Papagiannaki	def access_clear_bulk(self, paths):
116	4d15c94e	Sofia Papagiannaki	"""Revoke access to path (both permissions and public)."""
117	2715ade4	Sofia Papagiannaki
118	4d15c94e	Sofia Papagiannaki	self.xfeature_destroy_bulk(paths)
119	4d15c94e	Sofia Papagiannaki	self.public_unset_bulk(paths)
120	2715ade4	Sofia Papagiannaki
121	6f4bce7b	Antony Chazapis	def access_check(self, path, access, member):
122	a9b3f29d	Antony Chazapis	"""Return true if the member has this access to the path."""
123	2715ade4	Sofia Papagiannaki
124	43763394	Antony Chazapis	feature = self.xfeature_get(path)
125	43763394	Antony Chazapis	if not feature:
126	6f4bce7b	Antony Chazapis	return False
127	6f4bce7b	Antony Chazapis	members = self.feature_get(feature, access)
128	6f4bce7b	Antony Chazapis	if member in members or '*' in members:
129	6f4bce7b	Antony Chazapis	return True
130	62f915a1	Antony Chazapis	for owner, group in self.group_parents(member):
131	6f4bce7b	Antony Chazapis	if owner + ':' + group in members:
132	6f4bce7b	Antony Chazapis	return True
133	676edf89	Antony Chazapis	return False
134	2715ade4	Sofia Papagiannaki
135	6f4bce7b	Antony Chazapis	def access_inherit(self, path):
136	43763394	Antony Chazapis	"""Return the paths influencing the access for path."""
137	2715ade4	Sofia Papagiannaki
138	d83c93c9	Antony Chazapis	# r = self.xfeature_inherit(path)
139	d83c93c9	Antony Chazapis	# if not r:
140	d83c93c9	Antony Chazapis	# return []
141	d83c93c9	Antony Chazapis	# # Compute valid.
142	d83c93c9	Antony Chazapis	# return [x[0] for x in r if x[0] in valid]
143	2715ade4	Sofia Papagiannaki
144	43763394	Antony Chazapis	# Only keep path components.
145	43763394	Antony Chazapis	parts = path.rstrip('/').split('/')
146	43763394	Antony Chazapis	valid = []
147	43763394	Antony Chazapis	for i in range(1, len(parts)):
148	43763394	Antony Chazapis	subp = '/'.join(parts[:i + 1])
149	43763394	Antony Chazapis	valid.append(subp)
150	d83c93c9	Antony Chazapis	if subp != path:
151	d83c93c9	Antony Chazapis	valid.append(subp + '/')
152	d83c93c9	Antony Chazapis	return [x for x in valid if self.xfeature_get(x)]
153	2715ade4	Sofia Papagiannaki
154	6f4bce7b	Antony Chazapis	def access_list_paths(self, member, prefix=None):
155	6f4bce7b	Antony Chazapis	"""Return the list of paths granted to member."""
156	2715ade4	Sofia Papagiannaki
157	6f4bce7b	Antony Chazapis	q = ("select distinct path from xfeatures inner join "
158	6f4bce7b	Antony Chazapis	" (select distinct feature_id, key from xfeaturevals inner join "
159	0f9d752c	Antony Chazapis	" (select owner \|\| ':' \|\| name as value from groups "
160	7f9d881d	Antony Chazapis	" where member = ? union select ? union select '*') "
161	a9b3f29d	Antony Chazapis	" using (value)) "
162	6f4bce7b	Antony Chazapis	"using (feature_id)")
163	6f4bce7b	Antony Chazapis	p = (member, member)
164	6f4bce7b	Antony Chazapis	if prefix:
165	7759260d	Antony Chazapis	q += " where path like ? escape '\\'"
166	7759260d	Antony Chazapis	p += (self.escape_like(prefix) + '%',)
167	6f4bce7b	Antony Chazapis	self.execute(q, p)
168	6f4bce7b	Antony Chazapis	return [r[0] for r in self.fetchall()]
169	2715ade4	Sofia Papagiannaki
170	6f4bce7b	Antony Chazapis	def access_list_shared(self, prefix=''):
171	6f4bce7b	Antony Chazapis	"""Return the list of shared paths."""
172	2715ade4	Sofia Papagiannaki
173	7759260d	Antony Chazapis	q = "select path from xfeatures where path like ? escape '\\'"
174	7759260d	Antony Chazapis	self.execute(q, (self.escape_like(prefix) + '%',))
175	6f4bce7b	Antony Chazapis	return [r[0] for r in self.fetchall()]