entrouvert
/
veridic
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Check logical expressions of ABAC permissions at form filling

This commit is contained in:
Mikaël Ates 2011-08-28 17:59:27 +02:00
parent 463985b73a
commit 071bfa5cea
1 changed files with 61 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
acs/abac_views.py
View File

@ -601,9 +601,35 @@ def add_abac_permission(request):
messages.add_message(request, messages.ERROR,
_('No predicates to define the rule'))
else:
if 'rule' in request.session:
request.session.pop('rule')
request.session['rule'] = request.POST['rule_string']
'''
Check that the expression only contains predicate ids and
characters '(', ')', '&', '|', '-'
'''
check = request.POST['rule_string']
p_id = 1
for predicate in request.session['predicates']:
check = re.sub(str(p_id), '', check)
p_id = p_id + 1
check = re.sub(' ', '', check)
check = re.sub('\)', '', check)
check = re.sub('\(', '', check)
check = re.sub('&', '', check)
check = re.sub('|', '', check)
check = re.sub('-', '', check)
if check:
messages.add_message(request, messages.ERROR,
_('The logical expression contains unknown \
predicates or unauthorized characters (%s)' % check))
elif not is_proposition(request.POST['rule_string']):
'''
Check that the logical expression is well-formed
'''
messages.add_message(request, messages.ERROR,
_('The logical expression is malformed'))
else:
if 'rule' in request.session:
request.session.pop('rule')
request.session['rule'] = request.POST['rule_string']
return return_add_abac_permission_form(request)
if 'add_permission' in request.POST:
@ -780,18 +806,18 @@ def check_data_and_create_permission(request, who, what, how):
pred.save()
'''
Here we substitute friendly predicate identifiers (displayed on
the GUI) with their primary key.
'''
Here we substitute friendly predicate identifiers (displayed on
the GUI) with their primary key.
The substitution might fail if some primary keys are equal to
friendly identifiers since with an iterative substitution, a
primary key resulting from a previsous substitution would be
replaced by another primary key.
The substitution might fail if some primary keys are equal to
friendly identifiers since with an iterative substitution, a
primary key resulting from a previsous substitution would be
replaced by another primary key.
To prevent this we realize a two-round substitution with unique
identifiers.
'''
To prevent this we realize a two-round substitution with unique
identifiers.
'''
rdm_str = ''.join(random.choice(string.ascii_uppercase) for x in range(8))
p_ids1[p_id] = rdm_str
@ -801,8 +827,29 @@ def check_data_and_create_permission(request, who, what, how):
if not p_ids1:
raise Exception('No predicate defined')
expression = request.session['rule']
'''
Check that the expression only contains predicate ids and
characters '(', ')', '&', '|', '-'
'''
check = expression
for key in p_ids1.keys():
check = re.sub(str(key), '', check)
check = re.sub(' ', '', check)
check = re.sub('\)', '', check)
check = re.sub('\(', '', check)
check = re.sub('&', '', check)
check = re.sub('|', '', check)
check = re.sub('-', '', check)
if check:
raise Exception('The logical expression contains unknown \
predicates or unauthorized characters (%s)' % check)
'''
Check that the logical expression is well-formed
'''
if not is_proposition(expression):
raise Exception('The logic expression is malformed')
raise Exception('The logical expression is malformed')
for key in p_ids1.keys():
expression = re.sub(str(key), str(p_ids1[key]), expression)