Check logical expressions of ABAC permissions at form filling
This commit is contained in:
parent
463985b73a
commit
071bfa5cea
|
@ -601,9 +601,35 @@ def add_abac_permission(request):
|
|||
messages.add_message(request, messages.ERROR,
|
||||
_('No predicates to define the rule'))
|
||||
else:
|
||||
if 'rule' in request.session:
|
||||
request.session.pop('rule')
|
||||
request.session['rule'] = request.POST['rule_string']
|
||||
'''
|
||||
Check that the expression only contains predicate ids and
|
||||
characters '(', ')', '&', '|', '-'
|
||||
'''
|
||||
check = request.POST['rule_string']
|
||||
p_id = 1
|
||||
for predicate in request.session['predicates']:
|
||||
check = re.sub(str(p_id), '', check)
|
||||
p_id = p_id + 1
|
||||
check = re.sub(' ', '', check)
|
||||
check = re.sub('\)', '', check)
|
||||
check = re.sub('\(', '', check)
|
||||
check = re.sub('&', '', check)
|
||||
check = re.sub('|', '', check)
|
||||
check = re.sub('-', '', check)
|
||||
if check:
|
||||
messages.add_message(request, messages.ERROR,
|
||||
_('The logical expression contains unknown \
|
||||
predicates or unauthorized characters (%s)' % check))
|
||||
elif not is_proposition(request.POST['rule_string']):
|
||||
'''
|
||||
Check that the logical expression is well-formed
|
||||
'''
|
||||
messages.add_message(request, messages.ERROR,
|
||||
_('The logical expression is malformed'))
|
||||
else:
|
||||
if 'rule' in request.session:
|
||||
request.session.pop('rule')
|
||||
request.session['rule'] = request.POST['rule_string']
|
||||
return return_add_abac_permission_form(request)
|
||||
|
||||
if 'add_permission' in request.POST:
|
||||
|
@ -780,18 +806,18 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
|
||||
pred.save()
|
||||
|
||||
'''
|
||||
Here we substitute friendly predicate identifiers (displayed on
|
||||
the GUI) with their primary key.
|
||||
'''
|
||||
Here we substitute friendly predicate identifiers (displayed on
|
||||
the GUI) with their primary key.
|
||||
|
||||
The substitution might fail if some primary keys are equal to
|
||||
friendly identifiers since with an iterative substitution, a
|
||||
primary key resulting from a previsous substitution would be
|
||||
replaced by another primary key.
|
||||
The substitution might fail if some primary keys are equal to
|
||||
friendly identifiers since with an iterative substitution, a
|
||||
primary key resulting from a previsous substitution would be
|
||||
replaced by another primary key.
|
||||
|
||||
To prevent this we realize a two-round substitution with unique
|
||||
identifiers.
|
||||
'''
|
||||
To prevent this we realize a two-round substitution with unique
|
||||
identifiers.
|
||||
'''
|
||||
|
||||
rdm_str = ''.join(random.choice(string.ascii_uppercase) for x in range(8))
|
||||
p_ids1[p_id] = rdm_str
|
||||
|
@ -801,8 +827,29 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
if not p_ids1:
|
||||
raise Exception('No predicate defined')
|
||||
expression = request.session['rule']
|
||||
|
||||
'''
|
||||
Check that the expression only contains predicate ids and
|
||||
characters '(', ')', '&', '|', '-'
|
||||
'''
|
||||
check = expression
|
||||
for key in p_ids1.keys():
|
||||
check = re.sub(str(key), '', check)
|
||||
check = re.sub(' ', '', check)
|
||||
check = re.sub('\)', '', check)
|
||||
check = re.sub('\(', '', check)
|
||||
check = re.sub('&', '', check)
|
||||
check = re.sub('|', '', check)
|
||||
check = re.sub('-', '', check)
|
||||
if check:
|
||||
raise Exception('The logical expression contains unknown \
|
||||
predicates or unauthorized characters (%s)' % check)
|
||||
|
||||
'''
|
||||
Check that the logical expression is well-formed
|
||||
'''
|
||||
if not is_proposition(expression):
|
||||
raise Exception('The logic expression is malformed')
|
||||
raise Exception('The logical expression is malformed')
|
||||
|
||||
for key in p_ids1.keys():
|
||||
expression = re.sub(str(key), str(p_ids1[key]), expression)
|
||||
|
|
Reference in New Issue