[abac] Add core functions to remove an ABAC rule
This commit is contained in:
parent
071bfa5cea
commit
4fa437246b
110
acs/abac/core.py
110
acs/abac/core.py
|
@ -20,6 +20,7 @@
|
|||
import re
|
||||
import logging
|
||||
|
||||
from django.db import transaction
|
||||
from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned
|
||||
|
||||
from acs.abac.models import *
|
||||
|
@ -694,3 +695,112 @@ def load_profile_by_dic(profile, dic):
|
|||
add_assertion_to_profile(profile, s, d, attr['values'])
|
||||
else:
|
||||
print "No attributes for this source"
|
||||
|
||||
|
||||
@transaction.commit_manually
|
||||
def remove_predicate(predicate):
|
||||
try:
|
||||
if not predicate:
|
||||
raise Exception(_('No predicate provided'))
|
||||
else:
|
||||
logger.debug('remove_predicate: Begin deletion of predicate %s with id %s' % (predicate, predicate.id))
|
||||
|
||||
'''
|
||||
Objects to delete for predicate required:
|
||||
- AssertionDefinition
|
||||
- Attached source
|
||||
|
||||
Objects to delete for predicate comparisons:
|
||||
- AssertionDefinition
|
||||
- Attached source
|
||||
- AssertionData
|
||||
- Attribute data
|
||||
- Values
|
||||
'''
|
||||
|
||||
instance = predicate.get_predicate_instance()
|
||||
if isinstance(instance, PredicateRequired):
|
||||
logger.debug('remove_predicate: predicate required found')
|
||||
for s in AttachedSource.objects.filter(assertion=instance.definition):
|
||||
logger.debug('remove_predicate: remove attached source with id %s' %s.id)
|
||||
s.delete()
|
||||
logger.debug('remove_predicate: remove assertion definition with id %s' %instance.definition.id)
|
||||
instance.definition.delete()
|
||||
elif isinstance(instance, PredicateComparison):
|
||||
logger.debug('remove_predicate: predicate comparison found')
|
||||
assertion = instance.operand1.get_assertion_instance()
|
||||
if isinstance(assertion, AssertionDefinition):
|
||||
logger.debug('remove_predicate: operand one is an assertion definition')
|
||||
for s in AttachedSource.objects.filter(assertion=assertion):
|
||||
logger.debug('remove_predicate: remove attached source with id %s' %s.id)
|
||||
s.delete()
|
||||
logger.debug('remove_predicate: remove assertion definition with id %s' %assertion.id)
|
||||
assertion.delete()
|
||||
elif isinstance(assertion, AssertionData):
|
||||
logger.debug('remove_predicate: operand one is an assertion data')
|
||||
for v in assertion.get_values():
|
||||
logger.debug('remove_predicate: remove value %s with id %s' % (v, v.id))
|
||||
v.delete()
|
||||
logger.debug('remove_predicate: remove attribute data with id %s' % assertion.attribute_data.id)
|
||||
assertion.attribute_data.delete()
|
||||
logger.debug('remove_predicate: remove assertion data with id %s' % assertion.id)
|
||||
assertion.delete()
|
||||
else:
|
||||
raise Exception(_('Unknown operand one'))
|
||||
assertion = instance.operand2.get_assertion_instance()
|
||||
if isinstance(assertion, AssertionDefinition):
|
||||
logger.debug('remove_predicate: operand two is an assertion definition')
|
||||
for s in AttachedSource.objects.filter(assertion=assertion):
|
||||
logger.debug('remove_predicate: remove attached source with id %s' %s.id)
|
||||
s.delete()
|
||||
logger.debug('remove_predicate: remove assertion definition with id %s' %assertion.id)
|
||||
assertion.delete()
|
||||
elif isinstance(assertion, AssertionData):
|
||||
logger.debug('remove_predicate: operand two is an assertion data')
|
||||
for v in assertion.get_values():
|
||||
logger.debug('remove_predicate: remove value %s with id %s' % (v, v.id))
|
||||
v.delete()
|
||||
data = assertion.attribute_data
|
||||
logger.debug('remove_predicate: remove assertion data with id %s' % assertion.id)
|
||||
assertion.delete()
|
||||
logger.debug('remove_predicate: remove attribute data with id %s' % data.id)
|
||||
data.delete()
|
||||
else:
|
||||
raise Exception(_('Unknown operand two'))
|
||||
else:
|
||||
raise Exception(_('Unknown predicate type'))
|
||||
|
||||
logger.debug('remove_predicate: deletion of the predicate')
|
||||
predicate.delete()
|
||||
except Exception, err:
|
||||
transaction.rollback()
|
||||
logger.critical('remove_predicate: error deleting predicate due to %s'
|
||||
% err)
|
||||
raise err
|
||||
else:
|
||||
transaction.commit()
|
||||
logger.debug('remove_predicate: predicate deleted')
|
||||
|
||||
|
||||
@transaction.commit_manually
|
||||
def remove_rule(rule):
|
||||
try:
|
||||
if not rule:
|
||||
raise Exception(_('No rule provided'))
|
||||
else:
|
||||
logger.debug('remove_rule: Begin deletion of rule %s with id %s' % (rule, rule.id))
|
||||
|
||||
for p in Predicate.objects.filter(rule=rule):
|
||||
logger.debug('remove_rule: found predicate %s' % p)
|
||||
remove_predicate(p)
|
||||
|
||||
logger.debug('remove_rule: deletion of the rule')
|
||||
rule.delete()
|
||||
except Exception, err:
|
||||
transaction.rollback()
|
||||
logger.critical('remove_rule: error deleting rule due to %s'
|
||||
% err)
|
||||
raise err
|
||||
else:
|
||||
transaction.commit()
|
||||
logger.debug('remove_rule: rule deleted')
|
||||
|
|
Reference in New Issue