From 1dbc34accf16ad9175d515da9c078388b73eca56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Ates?= Date: Mon, 5 Sep 2011 12:14:32 +0200 Subject: [PATCH] [abac] AssertionData --- acs/abac/models.py | 57 ++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/acs/abac/models.py b/acs/abac/models.py index 88890e3..cfe1c7f 100644 --- a/acs/abac/models.py +++ b/acs/abac/models.py @@ -155,10 +155,6 @@ class IpAddressM(models.Model): return str(self.value) -class UserAttributeProfile(models.Model): - user = models.ForeignKey(User, null=True, blank=True) - - class Certificate(models.Model): raw_data = models.TextField() @@ -203,10 +199,11 @@ class AssertionData(AssertionAny): No source when used in a rule for a comparison for instance. A unique source when used in a profile for instance. ''' - profile = models.ForeignKey(UserAttributeProfile, null=True, blank=True) attribute_data = models.ForeignKey(AttributeData) source = models.ForeignKey(Source, null=True, blank=True) certificate = models.ForeignKey(Certificate, null=True, blank=True) + creation_date = models.DateTimeField(auto_now_add=True) + expiration_date = models.DateTimeField(null=True, blank=True) def get_values(self): values = None @@ -233,18 +230,40 @@ class AssertionData(AssertionAny): def __unicode__(self): values = self.get_values() - s = "attribute %s with values %s" \ + s = "Attribute %s with values %s" \ % (str(self.attribute_data.definition), [str(x) for x in values]) if self.source: s += ' (provided by %s)' % str(self.source) if self.certificate: s += ' (signed with %s)' % str(self.certificate) - if self.profile: - s += ' (added to profile %s)' % str(self.profile) + if self.expiration_date: + s += ' (expires on %s)' % str(self.expiration_date) return s +class UserAttributeProfile(models.Model): + user = models.OneToOneField(User, null=True, blank=True, + related_name='profile') + assertions = models.ManyToManyField(AssertionData, + verbose_name=_('data_assertions'), blank=True) + + def __unicode__(self): + if not self.user: + s = 'Anonymous profile' + else: + s = 'Profile of user %s' % self.user + if not self.assertions: + return s + ' is empty.' + else: + for ad in self.assertions.all(): + attribute_data = ad.attribute_data + s += " - assertion from %s with definition %s and values %s" \ + % (ad.source, attribute_data.definition.id, + str([str(x.value) for x in ad.get_values()])) + return s + + ''' An ABAC rule is a string containing logical statements (and, or, not) and the identifiers of predicates. @@ -308,27 +327,6 @@ class PredicateRole(Predicate): return "Predicate role on %s" % str(self.role) -#MULTIVALUES_OPTION = ( -# ('NO_MULTIVALUES', _('Only accept single valued attributes')), -# ('EQUAL_ONE_VALUE', _('At least one value matches')), -# ('EQUAL_OP1_SUBSET_OP2', -# _('The values of operand 1 are a subset of values of operand 2')), -# ('EQUAL_EXACT_MATCH', _('Equal subsets')), -# ('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2', -# _('All values of operand 1 satisfy the condition with the smallest \ -# value of operand 2')), -# ('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2', -# _('All values of operand 1 satisfy the condition with the highest \ -# value of operand 2')), -# ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2', -# _('At least one value of operand 1 satisfy the condition with the \ -# smallest value of operand 2')), -# ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2', -# _('At least one value of operand 1 satisfy the condition with the \ -# highest value of operand 2')), -#) - - class PredicateComparison(Predicate): operand1 = models.ForeignKey(AssertionAny, related_name = 'operand1') operand2 = models.ForeignKey(AssertionAny, related_name = 'operand2') @@ -339,7 +337,6 @@ class PredicateComparison(Predicate): verbose_name = 'type of comparison', default = ACS_XACML_COMPARISON_EQUALITY_STRING) multivalues = models.CharField(max_length = 100, -# choices = MULTIVALUES_OPTION, verbose_name = 'How to handle multivalued attributes', default = 'NO_MULTIVALUES') multivalues_explanation = models.CharField(max_length = 500, blank=True)