Update the view to add an ABAC permission.
This commit is contained in:
parent
69f91f28b4
commit
75a6ea11eb
|
@ -32,12 +32,12 @@ from django.http import HttpResponseRedirect
|
|||
from django.conf import settings
|
||||
from django.db import transaction
|
||||
|
||||
from attribute_aggregator.models import AttributeSource, AttributeData
|
||||
from attribute_aggregator.xacml_constants import *
|
||||
from attribute_aggregator.core import get_all_attribute_definitions, \
|
||||
from acs.attribute_aggregator.models import AttributeSource, AttributeData
|
||||
from acs.attribute_aggregator.xacml_constants import *
|
||||
from acs.attribute_aggregator.core import get_all_attribute_definitions, \
|
||||
get_all_sources, get_attribute_type_of_definition, \
|
||||
convert_from_string
|
||||
from attribute_aggregator.mapping import ATTRIBUTE_MAPPING
|
||||
from acs.attribute_aggregator.mapping import ATTRIBUTE_MAPPING
|
||||
|
||||
from acs.abac.core import remove_rule
|
||||
from acs.abac.logic import is_proposition
|
||||
|
@ -552,7 +552,7 @@ def add_abac_permission(request):
|
|||
% working_predicate['working_operand']['sources_selected'][0][1])
|
||||
return return_add_abac_permission_form(request)
|
||||
if (s.id, s.name) in working_predicate['working_operand']['sources_selected']:
|
||||
messages.add_message(request, messages.ERROR,
|
||||
messages.add_message(request, messages.ERROR,
|
||||
_('Source already added'))
|
||||
return return_add_abac_permission_form(request)
|
||||
else:
|
||||
|
@ -732,7 +732,7 @@ def add_abac_permission(request):
|
|||
except Exception, err:
|
||||
logger.error('add_permission: \
|
||||
Fail to find an object due to %s' % err)
|
||||
messages.add_message(request, messages.ERROR,
|
||||
messages.add_message(request, messages.ERROR,
|
||||
_('Fail to find an object due to %s') % err)
|
||||
return return_add_abac_permission_form(request)
|
||||
if not check_object_or_view(request, what) \
|
||||
|
@ -772,11 +772,9 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
try:
|
||||
rule = AbacRule()
|
||||
rule.save()
|
||||
except:
|
||||
raise Exception('Unable to initialize rule')
|
||||
p_ids1 = {}
|
||||
p_ids2 = {}
|
||||
p_id = 1
|
||||
except Exception, err:
|
||||
raise Exception('Unable to initialize rule due to %s' %str(err))
|
||||
count = 1
|
||||
for predicate in request.session['predicates']:
|
||||
if not 'type' in predicate:
|
||||
raise Exception('Missing type of predicate %s' %str(p_id))
|
||||
|
@ -792,7 +790,6 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
try:
|
||||
ad = AssertionDefinition(\
|
||||
definition=predicate['definition_name'])
|
||||
ad.save()
|
||||
except:
|
||||
raise Exception(\
|
||||
'Unable to create assertion for predicate %s' \
|
||||
|
@ -804,22 +801,22 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
except:
|
||||
raise Exception(\
|
||||
'Unable to find source (%s, %s) for predicate %s' \
|
||||
% (s_id, s_name, str(p_id)))
|
||||
% (s_id, s_name, str(count)))
|
||||
try:
|
||||
ad.add_source(source)
|
||||
except:
|
||||
raise Exception(\
|
||||
'Unable to add source %s to predicate %s' \
|
||||
% (source, str(p_id)))
|
||||
% (source, str(count)))
|
||||
single_value = False
|
||||
if 'singlevalued' in predicate:
|
||||
single_value = True
|
||||
pred = PredicateRequired(assertion_definition=ad,
|
||||
single_value=single_value, rule=rule)
|
||||
single_value=single_value)
|
||||
elif predicate['type'] == PREDICATE_ROLE:
|
||||
if not 'role' in predicate:
|
||||
raise Exception('Missing role of predicate %s' %str(p_id))
|
||||
pred = PredicateRole(role=predicate['role'], rule=rule)
|
||||
pred = PredicateRole(role=predicate['role'])
|
||||
else:
|
||||
if not 'multivalues_step_two' in predicate \
|
||||
or not 'multivalues_explanation' in predicate \
|
||||
|
@ -843,32 +840,32 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
|
||||
if not 'operand1_defined' in predicate:
|
||||
raise Exception('Missing operand1 for predicate %s' \
|
||||
% str(p_id))
|
||||
% str(count))
|
||||
if not 'type' in predicate['operand1_defined']:
|
||||
raise Exception('Missing type of operand1 for predicate \
|
||||
%s' % str(p_id))
|
||||
%s' % str(count))
|
||||
if not 'definition_name' in predicate['operand1_defined']:
|
||||
raise Exception('Missing definition of operand1 of \
|
||||
predicate %s' %str(p_id))
|
||||
predicate %s' %str(count))
|
||||
if not 'operand2_defined' in predicate:
|
||||
raise Exception('Missing operand2 for predicate %s' \
|
||||
% str(p_id))
|
||||
% str(count))
|
||||
if not 'type' in predicate['operand2_defined']:
|
||||
raise Exception('Missing type of operand2 for predicate \
|
||||
%s' % str(p_id))
|
||||
%s' % str(count))
|
||||
if not 'definition_name' in predicate['operand2_defined']:
|
||||
raise Exception('Missing definition of operand2 of \
|
||||
predicate %s' % str(p_id))
|
||||
predicate %s' % str(count))
|
||||
|
||||
d1 = predicate['operand1_defined']['definition_name']
|
||||
d2 = predicate['operand2_defined']['definition_name']
|
||||
if get_attribute_type_of_definition(d1) \
|
||||
!= get_attribute_type_of_definition(d2):
|
||||
raise Exception('Data types of the two operands of \
|
||||
predicate %s differ' %str(p_id))
|
||||
predicate %s differ' %str(count))
|
||||
|
||||
a1 = handle_operand(predicate, p_id, 'operand1', d1)
|
||||
a2 = handle_operand(predicate, p_id, 'operand2', d2)
|
||||
a1 = handle_operand(predicate, count, 'operand1', d1)
|
||||
a2 = handle_operand(predicate, count, 'operand2', d2)
|
||||
|
||||
operand1_single_value = False
|
||||
if 'operandone_singlevalued' in predicate:
|
||||
|
@ -882,10 +879,9 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
operand2_single_value=operand2_single_value,
|
||||
comparison_type=predicate['type'],
|
||||
multivalues=predicate['multivalues_step_two'],
|
||||
multivalues_explanation=predicate['multivalues_explanation'],
|
||||
rule=rule)
|
||||
multivalues_explanation=predicate['multivalues_explanation'])
|
||||
|
||||
pred.save()
|
||||
rule.add_predicate(pred)
|
||||
|
||||
'''
|
||||
Here we substitute friendly predicate identifiers (displayed on
|
||||
|
@ -900,12 +896,9 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
identifiers.
|
||||
'''
|
||||
|
||||
rdm_str = ''.join(random.choice(string.ascii_uppercase) for x in range(8))
|
||||
p_ids1[p_id] = rdm_str
|
||||
p_ids2[rdm_str] = pred.id
|
||||
p_id = p_id + 1
|
||||
count = count + 1
|
||||
|
||||
if not p_ids1:
|
||||
if count < 2:
|
||||
raise Exception('No predicate defined')
|
||||
expression = request.session['rule']
|
||||
|
||||
|
@ -914,7 +907,7 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
characters '(', ')', '&', '|', '-'
|
||||
'''
|
||||
check = expression
|
||||
for key in p_ids1.keys():
|
||||
for key in range(count):
|
||||
check = re.sub(str(key), '', check)
|
||||
for it in [' ', '\)', '\(', '&', '\|', '-']:
|
||||
check = re.sub(it, '', check)
|
||||
|
@ -928,11 +921,6 @@ def check_data_and_create_permission(request, who, what, how):
|
|||
if not is_proposition(expression):
|
||||
raise Exception('The logical expression is malformed')
|
||||
|
||||
for key in p_ids1.keys():
|
||||
expression = re.sub(str(key), str(p_ids1[key]), expression)
|
||||
for key in p_ids2.keys():
|
||||
expression = re.sub(str(key), str(p_ids2[key]), expression)
|
||||
|
||||
rule.expression = expression
|
||||
rule.save()
|
||||
|
||||
|
@ -970,7 +958,6 @@ def handle_operand(predicate, p_id, name, d):
|
|||
% (name, str(p_id)))
|
||||
try:
|
||||
a = AssertionDefinition(definition=d)
|
||||
a.save()
|
||||
except:
|
||||
raise Exception(\
|
||||
'Unable to create assertion of %s of predicate %s' \
|
||||
|
@ -1002,7 +989,6 @@ def handle_operand(predicate, p_id, name, d):
|
|||
values=predicate[name + '_defined']['values_selected'])
|
||||
try:
|
||||
a = AssertionData()
|
||||
a.save()
|
||||
a.set_attribute_data(data)
|
||||
except Exception, err:
|
||||
raise Exception(\
|
||||
|
|
Reference in New Issue