entrouvert
/
veridic
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

[abac] Predicate models modified to handle checking of single-valued attributes 

The attribute single_value is added to PredicateRequired model to indicate
    that each source satisfying this predicate must provide an attribute with a
    single value.

    The attributes operand1_single_value and operand2_single_value are added
    to PredicateComparison to enforce than a unique value must be provided
    to have the predicate evaluated.
This commit is contained in:
Mikaël Ates 2011-08-23 16:43:35 +02:00
parent 62c10be454
commit 8acb29c711
1 changed files with 26 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
acs/abac/models.py
View File

@ -251,46 +251,37 @@ class Predicate(models.Model):
class PredicateRequired(Predicate):
definition = models.ForeignKey(AssertionDefinition)
single_value = models.BooleanField(default=False)
def __unicode__(self):
return "Predicate required: %s" % str(self.definition)
MULTIVALUES_OPTION = (
('NO_MULTIVALUES', _('Only accept single valued attributes')),
('EQUAL_ONE_VALUE', _('At least one value matches')),
('EQUAL_OP1_SUBSET_OP2',
_('The values of operand 1 are a subset of values of operand 2')),
('EQUAL_EXACT_MATCH', _('Equal subsets')),
('DIFF_ONE_VALUE', _('At least on value satisfy the condition')),
('DIFF_ALL_VALUES',
_('All values of operand 1 satisfy the condition with all values of \
operand 2')),
('DE_ONE_VALUE_ONE_VALUE',
_('Diff: At least on value satisfy the condition, Equal: At least \
one value matches')),
('DE_ONE_VALUE_OP1_SUBSET_OP2',
_('Diff: At least on value satisfy the condition, Equal: The values \
of operand 1 are a subset of values of operand 2')),
('DE_ONE_VALUE_EXACT_MATCH',
_('Diff: At least on value satisfy the condition, Equal: Equal \
subsets')),
('DE_ALL_VALUES_ONE_VALUE',
_('Diff: All values of operand 1 satisfy the condition with all \
values of operand 2, Equal: At least one value matches')),
('DE_ALL_VALUES_OP1_SUBSET_OP2',
_('Diff: All values of operand 1 satisfy the condition with all \
values of operand 2, Equal: The values of operand 1 are a subset \
of values of operand 2')),
('DE_ALL_VALUES_EXACT_MATCH',
_('Diff: All values of operand 1 satisfy the condition with all \
values of operand 2, Equal: Equal subsets')),
('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2',
_('All values of operand 1 satisfy the condition with the smallest \
value of operand 2')),
('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2',
_('All values of operand 1 satisfy the condition with the highest \
value of operand 2')),
('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
_('At least one value of operand 1 satisfy the condition with the \
smallest value of operand 2')),
('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
_('At least one value of operand 1 satisfy the condition with the \
highest value of operand 2')),
)
class PredicateComparison(Predicate):
operand1 = models.ForeignKey(AssertionAny, related_name = 'operand1')
operand2 = models.ForeignKey(AssertionAny, related_name = 'operand2')
operand1_single_value = models.BooleanField(default=False)
operand2_single_value = models.BooleanField(default=False)
comparison_type = models.CharField(max_length = 100,
choices = XACML_COMPARISON_TYPE,
verbose_name = 'type of comparison',
@ -312,11 +303,19 @@ class PredicateComparison(Predicate):
operator = '>'
elif self.comparison_type in ACS_XACML_COMPARISON_GRT_OE:
operator = '>='
return 'Predicate comparison: %s %s %s \
(multivalue management parameter: %s)' \
s = 'Predicate comparison: %s %s %s (' \
% (str(self.operand1.get_assertion_instance()),
operator, str(self.operand2.get_assertion_instance()),
self.multivalues)
)
if self.operand1_single_value:
s += 'operand one requires a single-valued attribute - '
if self.operand2_single_value:
s += 'operand two requires a single-valued attribute - '
if not self.operand1_single_value or not self.operand2_single_value:
s += 'multivalues management is %s - ' \
% self.multivalues
s += ')'
return s
'''