From ecd590f463729cccd65323cc302ab93c6d4b5548 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Ates?= Date: Thu, 1 Sep 2011 08:34:35 +0200 Subject: [PATCH] [abac] Add a new predicate to couple RBAC and ABAC --- acs/abac/models.py | 58 +++++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/acs/abac/models.py b/acs/abac/models.py index 545aeb4..88890e3 100644 --- a/acs/abac/models.py +++ b/acs/abac/models.py @@ -27,7 +27,6 @@ from django.utils.translation import ugettext as _ from acs.xacml.constants import * - SOURCE_TYPE = ( ('DIRECT', _('Direct trusted source')), ('ANCHOR', _('Trust anchor'))) @@ -265,6 +264,10 @@ class Predicate(models.Model): rule = models.ForeignKey('AbacRule') def get_predicate_instance(self): + try: + return self.predicaterole + except: + pass try: return self.predicaterequired except: @@ -292,25 +295,38 @@ class PredicateRequired(Predicate): return "Predicate required: %s" % str(self.definition) -MULTIVALUES_OPTION = ( - ('NO_MULTIVALUES', _('Only accept single valued attributes')), - ('EQUAL_ONE_VALUE', _('At least one value matches')), - ('EQUAL_OP1_SUBSET_OP2', - _('The values of operand 1 are a subset of values of operand 2')), - ('EQUAL_EXACT_MATCH', _('Equal subsets')), - ('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2', - _('All values of operand 1 satisfy the condition with the smallest \ - value of operand 2')), - ('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2', - _('All values of operand 1 satisfy the condition with the highest \ - value of operand 2')), - ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2', - _('At least one value of operand 1 satisfy the condition with the \ - smallest value of operand 2')), - ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2', - _('At least one value of operand 1 satisfy the condition with the \ - highest value of operand 2')), -) +class PredicateRole(Predicate): + ''' + Role are only handled from the ACS role tree + + Else, use attributes equality with roles provided as attributes from + sources. + ''' + role = models.ForeignKey('acs.Role') + + def __unicode__(self): + return "Predicate role on %s" % str(self.role) + + +#MULTIVALUES_OPTION = ( +# ('NO_MULTIVALUES', _('Only accept single valued attributes')), +# ('EQUAL_ONE_VALUE', _('At least one value matches')), +# ('EQUAL_OP1_SUBSET_OP2', +# _('The values of operand 1 are a subset of values of operand 2')), +# ('EQUAL_EXACT_MATCH', _('Equal subsets')), +# ('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2', +# _('All values of operand 1 satisfy the condition with the smallest \ +# value of operand 2')), +# ('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2', +# _('All values of operand 1 satisfy the condition with the highest \ +# value of operand 2')), +# ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2', +# _('At least one value of operand 1 satisfy the condition with the \ +# smallest value of operand 2')), +# ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2', +# _('At least one value of operand 1 satisfy the condition with the \ +# highest value of operand 2')), +#) class PredicateComparison(Predicate): @@ -323,7 +339,7 @@ class PredicateComparison(Predicate): verbose_name = 'type of comparison', default = ACS_XACML_COMPARISON_EQUALITY_STRING) multivalues = models.CharField(max_length = 100, - choices = MULTIVALUES_OPTION, +# choices = MULTIVALUES_OPTION, verbose_name = 'How to handle multivalued attributes', default = 'NO_MULTIVALUES') multivalues_explanation = models.CharField(max_length = 500, blank=True)