Statistics
| Branch: | Tag: | Revision:

root / snf-pithos-backend / pithos / backends / lib / sqlalchemy / permissions.py @ a74ba506

History | View | Annotate | Download (6.5 kB)

1
# Copyright 2011-2012 GRNET S.A. All rights reserved.
2
# 
3
# Redistribution and use in source and binary forms, with or
4
# without modification, are permitted provided that the following
5
# conditions are met:
6
# 
7
#   1. Redistributions of source code must retain the above
8
#      copyright notice, this list of conditions and the following
9
#      disclaimer.
10
# 
11
#   2. Redistributions in binary form must reproduce the above
12
#      copyright notice, this list of conditions and the following
13
#      disclaimer in the documentation and/or other materials
14
#      provided with the distribution.
15
# 
16
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
# POSSIBILITY OF SUCH DAMAGE.
28
# 
29
# The views and conclusions contained in the software and
30
# documentation are those of the authors and should not be
31
# interpreted as representing official policies, either expressed
32
# or implied, of GRNET S.A.
33

    
34
from sqlalchemy.sql import select, literal
35
from sqlalchemy.sql.expression import join, union
36

    
37
from xfeatures import XFeatures
38
from groups import Groups
39
from public import Public
40

    
41

    
42
READ = 0
43
WRITE = 1
44

    
45

    
46
class Permissions(XFeatures, Groups, Public):
47
    
48
    def __init__(self, **params):
49
        XFeatures.__init__(self, **params)
50
        Groups.__init__(self, **params)
51
        Public.__init__(self, **params)
52
    
53
    def access_grant(self, path, access, members=()):
54
        """Grant members with access to path.
55
           Members can also be '*' (all),
56
           or some group specified as 'owner:group'."""
57
        
58
        if not members:
59
            return
60
        feature = self.xfeature_create(path)
61
        self.feature_setmany(feature, access, members)
62
    
63
    def access_set(self, path, permissions):
64
        """Set permissions for path. The permissions dict
65
           maps 'read', 'write' keys to member lists."""
66
        
67
        r = permissions.get('read', [])
68
        w = permissions.get('write', [])
69
        if not r and not w:
70
            self.xfeature_destroy(path)
71
            return
72
        feature = self.xfeature_create(path)
73
        if r:
74
            self.feature_clear(feature, READ)
75
            self.feature_setmany(feature, READ, r)
76
        if w:
77
            self.feature_clear(feature, WRITE)
78
            self.feature_setmany(feature, WRITE, w)
79
    
80
    def access_get(self, path):
81
        """Get permissions for path."""
82
        
83
        feature = self.xfeature_get(path)
84
        if not feature:
85
            return {}
86
        permissions = self.feature_dict(feature)
87
        if READ in permissions:
88
            permissions['read'] = permissions[READ]
89
            del(permissions[READ])
90
        if WRITE in permissions:
91
            permissions['write'] = permissions[WRITE]
92
            del(permissions[WRITE])
93
        return permissions
94
    
95
    def access_members(self, path):
96
        feature = self.xfeature_get(path)
97
        if not feature:
98
            return []
99
        permissions = self.feature_dict(feature)
100
        members = set()
101
        members.update(permissions.get(READ, []))
102
        members.update(permissions.get(WRITE, []))
103
        for m in set(members):
104
            parts = m.split(':', 1)
105
            if len(parts) != 2:
106
                continue
107
            user, group = parts
108
            members.remove(m)
109
            members.update(self.group_members(user, group))
110
        return list(members)
111
    
112
    def access_clear(self, path):
113
        """Revoke access to path (both permissions and public)."""
114
        
115
        self.xfeature_destroy(path)
116
        self.public_unset(path)
117
    
118
    def access_check(self, path, access, member):
119
        """Return true if the member has this access to the path."""
120
        
121
        feature = self.xfeature_get(path)
122
        if not feature:
123
            return False
124
        members = self.feature_get(feature, access)
125
        if member in members or '*' in members:
126
            return True
127
        for owner, group in self.group_parents(member):
128
            if owner + ':' + group in members:
129
                return True
130
        return False
131
    
132
    def access_inherit(self, path):
133
        """Return the paths influencing the access for path."""
134
        
135
#         r = self.xfeature_inherit(path)
136
#         if not r:
137
#             return []
138
#         # Compute valid.
139
#         return [x[0] for x in r if x[0] in valid]
140
        
141
        # Only keep path components.
142
        parts = path.rstrip('/').split('/')
143
        valid = []
144
        for i in range(1, len(parts)):
145
            subp = '/'.join(parts[:i + 1])
146
            valid.append(subp)
147
            if subp != path:
148
                valid.append(subp + '/')
149
        return [x for x in valid if self.xfeature_get(x)]
150
    
151
    def access_list_paths(self, member, prefix=None):
152
        """Return the list of paths granted to member."""
153
        
154
        xfeatures_xfeaturevals =  self.xfeatures.join(self.xfeaturevals)
155
        
156
        selectable = (self.groups.c.owner + ':' + self.groups.c.name)
157
        member_groups = select([selectable.label('value')],
158
            self.groups.c.member == member)
159
        
160
        members = select([literal(member).label('value')])
161
        any = select([literal('*').label('value')])
162
        
163
        u = union(member_groups, members, any).alias()
164
        inner_join = join(xfeatures_xfeaturevals, u,
165
                    self.xfeaturevals.c.value == u.c.value)
166
        s = select([self.xfeatures.c.path], from_obj=[inner_join]).distinct()
167
        if prefix:
168
            s = s.where(self.xfeatures.c.path.like(self.escape_like(prefix) + '%', escape='\\'))
169
        r = self.conn.execute(s)
170
        l = [row[0] for row in r.fetchall()]
171
        r.close()
172
        return l
173
    
174
    def access_list_shared(self, prefix=''):
175
        """Return the list of shared paths."""
176
        
177
        s = select([self.xfeatures.c.path],
178
            self.xfeatures.c.path.like(self.escape_like(prefix) + '%', escape='\\')).order_by(self.xfeatures.c.path.asc())
179
        r = self.conn.execute(s)
180
        l = [row[0] for row in r.fetchall()]
181
        r.close()
182
        return l