[abac] Add core functions to remove an ABAC rule

2011-08-28 20:03:45 +02:00 · 2011-08-28 20:03:45 +02:00 · 4fa437246b
parent 071bfa5cea
commit 4fa437246b
1 changed files with 110 additions and 0 deletions
--- a/acs/abac/core.py
+++ b/acs/abac/core.py
@ -20,6 +20,7 @@
 import re
 import logging

+from django.db import transaction
 from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned

 from acs.abac.models import *
@ -694,3 +695,112 @@ def load_profile_by_dic(profile, dic):
                        add_assertion_to_profile(profile, s, d, attr['values'])
            else:
                print "No attributes for this source"
+
+
+@transaction.commit_manually
+def remove_predicate(predicate):
+    try:
+        if not predicate:
+            raise Exception(_('No predicate provided'))
+        else:
+            logger.debug('remove_predicate: Begin deletion of predicate %s with id %s' % (predicate, predicate.id))
+
+        '''
+            Objects to delete for predicate required:
+                - AssertionDefinition
+                    - Attached source
+
+            Objects to delete for predicate comparisons:
+                - AssertionDefinition
+                    - Attached source
+                - AssertionData
+                    - Attribute data
+                        - Values
+        '''
+
+        instance = predicate.get_predicate_instance()
+        if isinstance(instance, PredicateRequired):
+            logger.debug('remove_predicate: predicate required found')
+            for s in AttachedSource.objects.filter(assertion=instance.definition):
+                logger.debug('remove_predicate: remove attached source with id %s' %s.id)
+                s.delete()
+            logger.debug('remove_predicate: remove assertion definition with id %s' %instance.definition.id)
+            instance.definition.delete()
+        elif isinstance(instance, PredicateComparison):
+            logger.debug('remove_predicate: predicate comparison found')
+            assertion = instance.operand1.get_assertion_instance()
+            if isinstance(assertion, AssertionDefinition):
+                logger.debug('remove_predicate: operand one is an assertion definition')
+                for s in AttachedSource.objects.filter(assertion=assertion):
+                    logger.debug('remove_predicate: remove attached source with id %s' %s.id)
+                    s.delete()
+                logger.debug('remove_predicate: remove assertion definition with id %s' %assertion.id)
+                assertion.delete()
+            elif isinstance(assertion, AssertionData):
+                logger.debug('remove_predicate: operand one is an assertion data')
+                for v in assertion.get_values():
+                    logger.debug('remove_predicate: remove value %s with id %s' % (v, v.id))
+                    v.delete()
+                logger.debug('remove_predicate: remove attribute data with id %s' % assertion.attribute_data.id)
+                assertion.attribute_data.delete()
+                logger.debug('remove_predicate: remove assertion data with id %s' % assertion.id)
+                assertion.delete()
+            else:
+                raise Exception(_('Unknown operand one'))
+            assertion = instance.operand2.get_assertion_instance()
+            if isinstance(assertion, AssertionDefinition):
+                logger.debug('remove_predicate: operand two is an assertion definition')
+                for s in AttachedSource.objects.filter(assertion=assertion):
+                    logger.debug('remove_predicate: remove attached source with id %s' %s.id)
+                    s.delete()
+                logger.debug('remove_predicate: remove assertion definition with id %s' %assertion.id)
+                assertion.delete()
+            elif isinstance(assertion, AssertionData):
+                logger.debug('remove_predicate: operand two is an assertion data')
+                for v in assertion.get_values():
+                    logger.debug('remove_predicate: remove value %s with id %s' % (v, v.id))
+                    v.delete()
+                data = assertion.attribute_data
+                logger.debug('remove_predicate: remove assertion data with id %s' % assertion.id)
+                assertion.delete()
+                logger.debug('remove_predicate: remove attribute data with id %s' % data.id)
+                data.delete()
+            else:
+                raise Exception(_('Unknown operand two'))
+        else:
+            raise Exception(_('Unknown predicate type'))
+
+        logger.debug('remove_predicate: deletion of the predicate')
+        predicate.delete()
+    except Exception, err:
+        transaction.rollback()
+        logger.critical('remove_predicate: error deleting predicate due to %s'
+            % err)
+        raise err
+    else:
+        transaction.commit()
+        logger.debug('remove_predicate: predicate deleted')
+
+
+@transaction.commit_manually
+def remove_rule(rule):
+    try:
+        if not rule:
+            raise Exception(_('No rule provided'))
+        else:
+            logger.debug('remove_rule: Begin deletion of rule %s with id %s' % (rule, rule.id))
+
+        for p in Predicate.objects.filter(rule=rule):
+            logger.debug('remove_rule: found predicate %s' % p)
+            remove_predicate(p)
+
+        logger.debug('remove_rule: deletion of the rule')
+        rule.delete()
+    except Exception, err:
+        transaction.rollback()
+        logger.critical('remove_rule: error deleting rule due to %s'
+            % err)
+        raise err
+    else:
+        transaction.commit()
+        logger.debug('remove_rule: rule deleted')