Update the view to add an ABAC permission.

This commit is contained in:
Mikaël Ates 2012-03-21 17:28:01 +01:00
parent 69f91f28b4
commit 75a6ea11eb
1 changed files with 27 additions and 41 deletions

View File

@ -32,12 +32,12 @@ from django.http import HttpResponseRedirect
from django.conf import settings
from django.db import transaction
from attribute_aggregator.models import AttributeSource, AttributeData
from attribute_aggregator.xacml_constants import *
from attribute_aggregator.core import get_all_attribute_definitions, \
from acs.attribute_aggregator.models import AttributeSource, AttributeData
from acs.attribute_aggregator.xacml_constants import *
from acs.attribute_aggregator.core import get_all_attribute_definitions, \
get_all_sources, get_attribute_type_of_definition, \
convert_from_string
from attribute_aggregator.mapping import ATTRIBUTE_MAPPING
from acs.attribute_aggregator.mapping import ATTRIBUTE_MAPPING
from acs.abac.core import remove_rule
from acs.abac.logic import is_proposition
@ -552,7 +552,7 @@ def add_abac_permission(request):
% working_predicate['working_operand']['sources_selected'][0][1])
return return_add_abac_permission_form(request)
if (s.id, s.name) in working_predicate['working_operand']['sources_selected']:
messages.add_message(request, messages.ERROR,
messages.add_message(request, messages.ERROR,
_('Source already added'))
return return_add_abac_permission_form(request)
else:
@ -732,7 +732,7 @@ def add_abac_permission(request):
except Exception, err:
logger.error('add_permission: \
Fail to find an object due to %s' % err)
messages.add_message(request, messages.ERROR,
messages.add_message(request, messages.ERROR,
_('Fail to find an object due to %s') % err)
return return_add_abac_permission_form(request)
if not check_object_or_view(request, what) \
@ -772,11 +772,9 @@ def check_data_and_create_permission(request, who, what, how):
try:
rule = AbacRule()
rule.save()
except:
raise Exception('Unable to initialize rule')
p_ids1 = {}
p_ids2 = {}
p_id = 1
except Exception, err:
raise Exception('Unable to initialize rule due to %s' %str(err))
count = 1
for predicate in request.session['predicates']:
if not 'type' in predicate:
raise Exception('Missing type of predicate %s' %str(p_id))
@ -792,7 +790,6 @@ def check_data_and_create_permission(request, who, what, how):
try:
ad = AssertionDefinition(\
definition=predicate['definition_name'])
ad.save()
except:
raise Exception(\
'Unable to create assertion for predicate %s' \
@ -804,22 +801,22 @@ def check_data_and_create_permission(request, who, what, how):
except:
raise Exception(\
'Unable to find source (%s, %s) for predicate %s' \
% (s_id, s_name, str(p_id)))
% (s_id, s_name, str(count)))
try:
ad.add_source(source)
except:
raise Exception(\
'Unable to add source %s to predicate %s' \
% (source, str(p_id)))
% (source, str(count)))
single_value = False
if 'singlevalued' in predicate:
single_value = True
pred = PredicateRequired(assertion_definition=ad,
single_value=single_value, rule=rule)
single_value=single_value)
elif predicate['type'] == PREDICATE_ROLE:
if not 'role' in predicate:
raise Exception('Missing role of predicate %s' %str(p_id))
pred = PredicateRole(role=predicate['role'], rule=rule)
pred = PredicateRole(role=predicate['role'])
else:
if not 'multivalues_step_two' in predicate \
or not 'multivalues_explanation' in predicate \
@ -843,32 +840,32 @@ def check_data_and_create_permission(request, who, what, how):
if not 'operand1_defined' in predicate:
raise Exception('Missing operand1 for predicate %s' \
% str(p_id))
% str(count))
if not 'type' in predicate['operand1_defined']:
raise Exception('Missing type of operand1 for predicate \
%s' % str(p_id))
%s' % str(count))
if not 'definition_name' in predicate['operand1_defined']:
raise Exception('Missing definition of operand1 of \
predicate %s' %str(p_id))
predicate %s' %str(count))
if not 'operand2_defined' in predicate:
raise Exception('Missing operand2 for predicate %s' \
% str(p_id))
% str(count))
if not 'type' in predicate['operand2_defined']:
raise Exception('Missing type of operand2 for predicate \
%s' % str(p_id))
%s' % str(count))
if not 'definition_name' in predicate['operand2_defined']:
raise Exception('Missing definition of operand2 of \
predicate %s' % str(p_id))
predicate %s' % str(count))
d1 = predicate['operand1_defined']['definition_name']
d2 = predicate['operand2_defined']['definition_name']
if get_attribute_type_of_definition(d1) \
!= get_attribute_type_of_definition(d2):
raise Exception('Data types of the two operands of \
predicate %s differ' %str(p_id))
predicate %s differ' %str(count))
a1 = handle_operand(predicate, p_id, 'operand1', d1)
a2 = handle_operand(predicate, p_id, 'operand2', d2)
a1 = handle_operand(predicate, count, 'operand1', d1)
a2 = handle_operand(predicate, count, 'operand2', d2)
operand1_single_value = False
if 'operandone_singlevalued' in predicate:
@ -882,10 +879,9 @@ def check_data_and_create_permission(request, who, what, how):
operand2_single_value=operand2_single_value,
comparison_type=predicate['type'],
multivalues=predicate['multivalues_step_two'],
multivalues_explanation=predicate['multivalues_explanation'],
rule=rule)
multivalues_explanation=predicate['multivalues_explanation'])
pred.save()
rule.add_predicate(pred)
'''
Here we substitute friendly predicate identifiers (displayed on
@ -900,12 +896,9 @@ def check_data_and_create_permission(request, who, what, how):
identifiers.
'''
rdm_str = ''.join(random.choice(string.ascii_uppercase) for x in range(8))
p_ids1[p_id] = rdm_str
p_ids2[rdm_str] = pred.id
p_id = p_id + 1
count = count + 1
if not p_ids1:
if count < 2:
raise Exception('No predicate defined')
expression = request.session['rule']
@ -914,7 +907,7 @@ def check_data_and_create_permission(request, who, what, how):
characters '(', ')', '&', '|', '-'
'''
check = expression
for key in p_ids1.keys():
for key in range(count):
check = re.sub(str(key), '', check)
for it in [' ', '\)', '\(', '&', '\|', '-']:
check = re.sub(it, '', check)
@ -928,11 +921,6 @@ def check_data_and_create_permission(request, who, what, how):
if not is_proposition(expression):
raise Exception('The logical expression is malformed')
for key in p_ids1.keys():
expression = re.sub(str(key), str(p_ids1[key]), expression)
for key in p_ids2.keys():
expression = re.sub(str(key), str(p_ids2[key]), expression)
rule.expression = expression
rule.save()
@ -970,7 +958,6 @@ def handle_operand(predicate, p_id, name, d):
% (name, str(p_id)))
try:
a = AssertionDefinition(definition=d)
a.save()
except:
raise Exception(\
'Unable to create assertion of %s of predicate %s' \
@ -1002,7 +989,6 @@ def handle_operand(predicate, p_id, name, d):
values=predicate[name + '_defined']['values_selected'])
try:
a = AssertionData()
a.save()
a.set_attribute_data(data)
except Exception, err:
raise Exception(\