[abac] AssertionData
This commit is contained in:
parent
d072eeb192
commit
1dbc34accf
|
@ -155,10 +155,6 @@ class IpAddressM(models.Model):
|
|||
return str(self.value)
|
||||
|
||||
|
||||
class UserAttributeProfile(models.Model):
|
||||
user = models.ForeignKey(User, null=True, blank=True)
|
||||
|
||||
|
||||
class Certificate(models.Model):
|
||||
raw_data = models.TextField()
|
||||
|
||||
|
@ -203,10 +199,11 @@ class AssertionData(AssertionAny):
|
|||
No source when used in a rule for a comparison for instance.
|
||||
A unique source when used in a profile for instance.
|
||||
'''
|
||||
profile = models.ForeignKey(UserAttributeProfile, null=True, blank=True)
|
||||
attribute_data = models.ForeignKey(AttributeData)
|
||||
source = models.ForeignKey(Source, null=True, blank=True)
|
||||
certificate = models.ForeignKey(Certificate, null=True, blank=True)
|
||||
creation_date = models.DateTimeField(auto_now_add=True)
|
||||
expiration_date = models.DateTimeField(null=True, blank=True)
|
||||
|
||||
def get_values(self):
|
||||
values = None
|
||||
|
@ -233,18 +230,40 @@ class AssertionData(AssertionAny):
|
|||
|
||||
def __unicode__(self):
|
||||
values = self.get_values()
|
||||
s = "attribute %s with values %s" \
|
||||
s = "Attribute %s with values %s" \
|
||||
% (str(self.attribute_data.definition),
|
||||
[str(x) for x in values])
|
||||
if self.source:
|
||||
s += ' (provided by %s)' % str(self.source)
|
||||
if self.certificate:
|
||||
s += ' (signed with %s)' % str(self.certificate)
|
||||
if self.profile:
|
||||
s += ' (added to profile %s)' % str(self.profile)
|
||||
if self.expiration_date:
|
||||
s += ' (expires on %s)' % str(self.expiration_date)
|
||||
return s
|
||||
|
||||
|
||||
class UserAttributeProfile(models.Model):
|
||||
user = models.OneToOneField(User, null=True, blank=True,
|
||||
related_name='profile')
|
||||
assertions = models.ManyToManyField(AssertionData,
|
||||
verbose_name=_('data_assertions'), blank=True)
|
||||
|
||||
def __unicode__(self):
|
||||
if not self.user:
|
||||
s = 'Anonymous profile'
|
||||
else:
|
||||
s = 'Profile of user %s' % self.user
|
||||
if not self.assertions:
|
||||
return s + ' is empty.'
|
||||
else:
|
||||
for ad in self.assertions.all():
|
||||
attribute_data = ad.attribute_data
|
||||
s += " - assertion from %s with definition %s and values %s" \
|
||||
% (ad.source, attribute_data.definition.id,
|
||||
str([str(x.value) for x in ad.get_values()]))
|
||||
return s
|
||||
|
||||
|
||||
'''
|
||||
An ABAC rule is a string containing logical statements (and, or, not) and
|
||||
the identifiers of predicates.
|
||||
|
@ -308,27 +327,6 @@ class PredicateRole(Predicate):
|
|||
return "Predicate role on %s" % str(self.role)
|
||||
|
||||
|
||||
#MULTIVALUES_OPTION = (
|
||||
# ('NO_MULTIVALUES', _('Only accept single valued attributes')),
|
||||
# ('EQUAL_ONE_VALUE', _('At least one value matches')),
|
||||
# ('EQUAL_OP1_SUBSET_OP2',
|
||||
# _('The values of operand 1 are a subset of values of operand 2')),
|
||||
# ('EQUAL_EXACT_MATCH', _('Equal subsets')),
|
||||
# ('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2',
|
||||
# _('All values of operand 1 satisfy the condition with the smallest \
|
||||
# value of operand 2')),
|
||||
# ('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2',
|
||||
# _('All values of operand 1 satisfy the condition with the highest \
|
||||
# value of operand 2')),
|
||||
# ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
|
||||
# _('At least one value of operand 1 satisfy the condition with the \
|
||||
# smallest value of operand 2')),
|
||||
# ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
|
||||
# _('At least one value of operand 1 satisfy the condition with the \
|
||||
# highest value of operand 2')),
|
||||
#)
|
||||
|
||||
|
||||
class PredicateComparison(Predicate):
|
||||
operand1 = models.ForeignKey(AssertionAny, related_name = 'operand1')
|
||||
operand2 = models.ForeignKey(AssertionAny, related_name = 'operand2')
|
||||
|
@ -339,7 +337,6 @@ class PredicateComparison(Predicate):
|
|||
verbose_name = 'type of comparison',
|
||||
default = ACS_XACML_COMPARISON_EQUALITY_STRING)
|
||||
multivalues = models.CharField(max_length = 100,
|
||||
# choices = MULTIVALUES_OPTION,
|
||||
verbose_name = 'How to handle multivalued attributes',
|
||||
default = 'NO_MULTIVALUES')
|
||||
multivalues_explanation = models.CharField(max_length = 500, blank=True)
|
||||
|
|
Reference in New Issue