[abac] Add a new predicate to couple RBAC and ABAC

2011-09-01 08:34:35 +02:00 · 2011-09-01 08:34:35 +02:00 · ecd590f463
parent 4759e8ccc3
commit ecd590f463
1 changed files with 37 additions and 21 deletions
--- a/acs/abac/models.py
+++ b/acs/abac/models.py
@ -27,7 +27,6 @@ from django.utils.translation import ugettext as _

 from acs.xacml.constants import *

-
 SOURCE_TYPE = (
    ('DIRECT', _('Direct trusted source')),
    ('ANCHOR', _('Trust anchor')))
@ -265,6 +264,10 @@ class Predicate(models.Model):
    rule = models.ForeignKey('AbacRule')

    def get_predicate_instance(self):
+        try:
+            return self.predicaterole
+        except:
+            pass
        try:
            return self.predicaterequired
        except:
@ -292,25 +295,38 @@ class PredicateRequired(Predicate):
        return "Predicate required: %s" % str(self.definition)


-MULTIVALUES_OPTION = (
-    ('NO_MULTIVALUES', _('Only accept single valued attributes')),
-    ('EQUAL_ONE_VALUE', _('At least one value matches')),
-    ('EQUAL_OP1_SUBSET_OP2',
-        _('The values of operand 1 are a subset of values of operand 2')),
-    ('EQUAL_EXACT_MATCH', _('Equal subsets')),
-    ('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2',
-        _('All values of operand 1 satisfy the condition with the smallest \
-            value of operand 2')),
-    ('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2',
-        _('All values of operand 1 satisfy the condition with the highest \
-            value of operand 2')),
-    ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
-        _('At least one value of operand 1 satisfy the condition with the \
-            smallest value of operand 2')),
-    ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
-        _('At least one value of operand 1 satisfy the condition with the \
-            highest value of operand 2')),
-)
+class PredicateRole(Predicate):
+    '''
+        Role are only handled from the ACS role tree
+
+        Else, use attributes equality with roles provided as attributes from
+        sources.
+    '''
+    role = models.ForeignKey('acs.Role')
+
+    def __unicode__(self):
+        return "Predicate role on %s" % str(self.role)
+
+
+#MULTIVALUES_OPTION = (
+#    ('NO_MULTIVALUES', _('Only accept single valued attributes')),
+#    ('EQUAL_ONE_VALUE', _('At least one value matches')),
+#    ('EQUAL_OP1_SUBSET_OP2',
+#        _('The values of operand 1 are a subset of values of operand 2')),
+#    ('EQUAL_EXACT_MATCH', _('Equal subsets')),
+#    ('DIFF_ALL_OP1_WITH_BOTTOM_LIMIT_OP2',
+#        _('All values of operand 1 satisfy the condition with the smallest \
+#            value of operand 2')),
+#    ('DIFF_ALL_OP1_WITH_UPPER_LIMIT_OP2',
+#        _('All values of operand 1 satisfy the condition with the highest \
+#            value of operand 2')),
+#    ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
+#        _('At least one value of operand 1 satisfy the condition with the \
+#            smallest value of operand 2')),
+#    ('DIFF_ONE_OP1_WITH_BOTTOM_LIMIT_OP2',
+#        _('At least one value of operand 1 satisfy the condition with the \
+#            highest value of operand 2')),
+#)


 class PredicateComparison(Predicate):
@ -323,7 +339,7 @@ class PredicateComparison(Predicate):
        verbose_name = 'type of comparison',
        default = ACS_XACML_COMPARISON_EQUALITY_STRING)
    multivalues = models.CharField(max_length = 100,
-        choices = MULTIVALUES_OPTION,
+#        choices = MULTIVALUES_OPTION,
        verbose_name = 'How to handle multivalued attributes',
        default = 'NO_MULTIVALUES')
    multivalues_explanation = models.CharField(max_length = 500, blank=True)