[abac] Modify core functions to handle more precise multi-valued attributes
The following options for dealing with multivalued attributes in comparison are now supported:
All:
NO_MULTIVALUES
Both operand are single valued attributes
Equality:
EQUAL_ONE_VALUE
At least one value of the values of OP1 is equal to one value of the values of OP2
EQUAL_OP1_SUBSET_OP2
The values of OP1 is is a subset of the values of OP2
EQUAL_EXACT_MATCH
Equal set of values
Diff strict:
DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT
All values of OP1 must be less than the highest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT
All values of OP1 must be greater than the highest value of OP2
DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT
All values of OP1 must be less than the smallest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT
All values of OP1 must be greater than the smallest value of OP2
DIFF_ONE_OP1_WITH_UPPER_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT
At least one value of OP1 must be less than the highest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT
At least one value of OP1 must be greater than the highest value of OP2
DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT
At least one value of OP1 must be less than the smallest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT
At least one value of OP1 must be greater than the smallest value of OP2
Diff or equal:
Same as for strict and equality is treated as follows:
DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT_OE
All values of OP1 must be less than or equal to the highest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT_OE
All values of OP1 must be greater than or equal to the highest value of OP2
DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT_OE
All values of OP1 must be less than or equal to the smallest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT_OE
All values of OP1 must be greater than or equal to the smallest value of OP2
DIFF_ONE_OP1_WITH_UPPER_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT_OE
At least one value of OP1 must be less than or equal to the highest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT_OE
At least one value of OP1 must be greater than or equal to the highest value of OP2
DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2
ACS_XACML_COMPARISON_INTEGER_LT_OE
At least one value of OP1 must be less than or equal to the smallest value of OP2
ACS_XACML_COMPARISON_INTEGER_GRT_OE
At least one value of OP1 must be greater than or equal to the smallest value of OP2
To deal with richer comparison and equality of multivalued attributes, a 'or' statement should be used
This commit is contained in:
Mikaël Ates
parent
8acb29c711
commit
38eccafb74
|
|
@ -30,7 +30,9 @@ from acs.xacml.constants import *
|
|||
|
||||
SOURCE_TYPE = (
|
||||
('DIRECT', _('Direct trusted source')),
|
||||
('ANCHOR', _('Trust anchor')))
|
||||
('ANCHOR', _('Trust anchor')),
|
||||
('LOCAL', _('Local source')),
|
||||
('SELF', _('Untrusted or user self-asserted')))
|
||||
|
||||
|
||||
class Source(models.Model):
|
||||
|
|
@ -256,6 +258,12 @@ class PredicateRequired(Predicate):
|
|||
def __unicode__(self):
|
||||
return "Predicate required: %s" % str(self.definition)
|
||||
|
||||
#class PredicateRole(Predicate):
|
||||
# role = models.ForeignKey('Role')
|
||||
|
||||
# def __unicode__(self):
|
||||
# return "Predicate role: %s" % str(self.role)
|
||||
|
||||
MULTIVALUES_OPTION = (
|
||||
('NO_MULTIVALUES', _('Only accept single valued attributes')),
|
||||
('EQUAL_ONE_VALUE', _('At least one value matches')),
|
||||
|
|
|
|||
Reference in New Issue