From 08b1a620541add5c31f728ac6f7c6604b6fe8feb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Ates?= Date: Wed, 21 Mar 2012 17:30:32 +0100 Subject: [PATCH] Update test script for ABAC. --- acs/management/commands/test-abac.py | 60 ++++++++++++++-------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/acs/management/commands/test-abac.py b/acs/management/commands/test-abac.py index 0e3d974..e11709c 100644 --- a/acs/management/commands/test-abac.py +++ b/acs/management/commands/test-abac.py @@ -25,10 +25,11 @@ from django.core.management.base import BaseCommand, CommandError from django.db import transaction from django.contrib.auth.models import User -from attribute_aggregator.xacml_constants import * -from attribute_aggregator.models import AttributeSource, LdapSource, \ +from acs.attribute_aggregator.xacml_constants import * +from acs.attribute_aggregator.models import AttributeSource, LdapSource, \ AttributeData -from attribute_aggregator.core import set_user_alias_in_source +from acs.attribute_aggregator.core import set_user_alias_in_source, \ + load_or_create_user_profile from acs.abac.models import * from acs.abac.core import check_predicates, \ @@ -93,30 +94,25 @@ class Command(BaseCommand): rule.save() adef_sn1 = AssertionDefinition(definition='surname') - adef_sn1.save() adef_sn1.add_source(s1) print "AssertionDefinition: %s" % adef_sn1 adef_sn2 = AssertionDefinition(definition='surname') - adef_sn2.save() adef_sn2.add_source(s4) print "AssertionDefinition: %s" % adef_sn2 - p1 = PredicateRequired(assertion_definition=adef_sn1, - rule=rule) - p1.save() + p1 = PredicateRequired(assertion_definition=adef_sn1) + rule.add_predicate(p1) print "PredicateRequired: %s" % p1 - p2 = PredicateRequired(assertion_definition=adef_sn2, - rule=rule) - p2.save() + p2 = PredicateRequired(assertion_definition=adef_sn2) + rule.add_predicate(p2) print "PredicateRequired: %s" % p2 p3 = PredicateComparison(operand1=adef_sn1, operand2=adef_sn2, comparison_type=ACS_XACML_COMPARISON_EQUALITY_STRING_IGN_CASE, - multivalues='EQUAL_OP1_SUBSET_OP2', rule=rule) - p3.save() + multivalues='EQUAL_OP1_SUBSET_OP2') + rule.add_predicate(p3) adef_age1 = AssertionDefinition(definition='age') - adef_age1.save() adef_age1.add_source(s1) print "AssertionDefinition: %s" % adef_sn1 @@ -124,28 +120,24 @@ class Command(BaseCommand): print "AttributeData: %s" % val18.__unicode__() val18_d = AssertionData() val18_d.set_attribute_data(val18) - val18_d.save() print "AssertionData: %s" % val18_d p4 = PredicateComparison(operand1=adef_age1, operand2=val18_d, comparison_type=ACS_XACML_COMPARISON_INTEGER_GRT_OE, - operand1_single_value=True, operand2_single_value=True, - rule=rule) - p4.save() + operand1_single_value=True, operand2_single_value=True) + rule.add_predicate(p4) - adef_fn1 = AssertionDefinition(definition='firstname') - adef_fn1.save() + adef_fn1 = AssertionDefinition(definition='gn') adef_fn1.add_source(s1) print "AssertionDefinition: %s" % adef_fn1 - adef_fn2 = AssertionDefinition(definition='firstname') - adef_fn2.save() + adef_fn2 = AssertionDefinition(definition='gn') adef_fn2.add_source(s2) print "AssertionDefinition: %s" % adef_fn2 p5 = PredicateComparison(operand1=adef_fn1, operand2=adef_fn2, comparison_type=ACS_XACML_COMPARISON_EQUALITY_STRING_IGN_CASE, - multivalues='EQUAL_EXACT_MATCH', rule=rule) - p5.save() + multivalues='EQUAL_EXACT_MATCH') + rule.add_predicate(p5) print '--> Create a user' rdm_str = ''.join(random.choice(string.ascii_uppercase + \ @@ -218,21 +210,21 @@ class Command(BaseCommand): print '<--\n' print '--> Create one predicateRole' - p16 = PredicateRole(role=role_2, rule=rule) - p16.save() - print "Predicate role 16 %s, id: %s" % (p16, p16.id) + p6 = PredicateRole(role=role_2) + print "Predicate role 16 %s" % (p6) + rule.add_predicate(p6) ''' Set ABAC Rule ''' - str_rule = "%s&%s&%s&%s&%s&%s" % (p1.id, p2.id, p3.id, p4.id, p5.id, p16.id) + str_rule = "1&2&3&4&5&6" #TODO: set_rule (strip space!) rule.expression=str_rule rule.save() ''' r1 -- user - \_ r2 + \_ r2 v1 -- o1 \_ v2 -- o2 A1 -- a1 @@ -342,7 +334,7 @@ class Command(BaseCommand): attr = {} attr['name'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth' attr['namespace'] = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims' - attr['values'] = ('19', ) + attr['values'] = ('18', ) data.append(attr) attributes['IdP1'] = data @@ -354,6 +346,14 @@ class Command(BaseCommand): data.append(attr) attributes['IdP2'] = data + profile = load_or_create_user_profile(user=user) + print '--> The profile is %s' % profile + print '<--\n' + + profile.load_by_dic(attributes) + print '--> The profile is %s' % profile + print '<--\n' + decision, msg, error = \ is_authorized_by_names_with_abac(requestor_name=user.username, who_name=user.username,