Context Navigation

← Previous Changeset
Next Changeset →

Changeset 48

Timestamp:

08/27/06 02:11:07 (4 years ago)

Author:

johnbywater

Message:

Tests all pass again.

Location:

Files:

: 4 modified

accesscontrol.py (modified) (6 diffs)
dom/meta.py (modified) (1 diff)
exceptions.py (modified) (1 diff)
test.py (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/src/dm/accesscontrol.py

r47	r48
3	3	from dm.dictionarywords import VISITOR_NAME
4	4
5		class ~~Abstract~~AccessController(object):
6		"~~Authorises a person to take an action with an object~~."
	5	class BaseAccessController(object):
	6	"Controls authorisations for named actions with protected objects."
7	7
8	8	dictionary = RequiredFeature('SystemDictionary')
…	…
11	11	debug = RequiredFeature('Debug')
12	12
13		def __init__(self):
14		self.visitor = None
	13	def isAuthorised(self, **kwds):
	14	singleuseInstance = self.__class__()
	15	return singleuseInstance.isAccessAuthorised(**kwds)
	16
	17	def isAccessAuthorised(self, person, actionName, protectedObject, **kwds):
	18	self.action = None
	19	self.person = None
15	20	self.permissionObject = None
16
17		def getVisitor(self):
18		if self.visitor == None:
19		visitorName = self.dictionary[VISITOR_NAME]
20		self.visitor = self.registry.persons[visitorName]
21		return self.visitor
22
23		def isAuthorised(self, person=None, actionName='', protectedObject=None):
	21	self.protectionObject = None
	22	self.protectedObject = None
	23	self.visitor = None
24	24	if not actionName:
25	25	return False
…	…
29	29	self.setAction(actionName)
30	30	self.setProtectedObject(protectedObject)
31		if self.hasAuthorisedRole():
	31	try:
	32	self.assertAccessAuthorised()
	33	except AccessNotAuthorised, inst:
	34	self.logger.info(
	35	"Access Denied: Person '%s' to '%s' object '%s': %s" % (
	36	self.person.name,
	37	self.actionName,
	38	self.protectedObject,
	39	inst,
	40	)
	41	)
	42	return False
	43	else:
32	44	if self.debug:
33	45	self.logger.debug(
34		"Access allowed: Person '%s' to '%s' object '%s'" % (
35		self.person.name, self.actionName, self.protectedObject
	46	"Access Authorised: Person '%s' to '%s' object '%s'" % (
	47	self.person.name,
	48	self.actionName,
	49	self.protectedObject,
36	50	)
37	51	)
38	52	return True
39		~~elif self.debug:~~
40		~~self.logger.info(~~
41		~~"Access denied: Person '%s' to '%s' object '%s'" % (~~
42		~~self.person.name, self.actionName, self.protectedObject~~
43		)
44		)
45		~~return False~~
46	53
47	54	def setPerson(self, person=None):
…	…
60	67	self.setProtectionObject()
61	68
62		def hasAuthorisedRole(self):
63		message = "Abstract method not implemented on: %s" % str(self)
64		raise Exception(message)
	69	def assertAccessAuthorised(self):
	70	raise AccessNotAuthorised("Access not authorised by default.")
65	71
66	72	def getPermissionObject(self):
…	…
74	80	if permission in role.grants:
75	81	if self.debug:
76		msg = "Access by role authorised: '%s' to '%s' with '%s'." % (
77		role.name, self.actionName, self.protectedObject
78		)
79		self.logger.debug(msg)
80		return True
81		else:
82		if self.debug:
83		msg = "Access by role not authorised: '%s' to '%s' with '%s'."%(
84		role.name, self.actionName, self.protectedObject
85		)
	82	msg = "Access authorised against '%s' role." % role.name
	83	self.logger.debug(msg)
	84	return True
	85	else:
	86	if self.debug:
	87	msg = "Access not authorised by '%s' role." % role.name
86	88	self.logger.debug(msg)
87	89	return False
…	…
108	110	raise "No protection object available for %s" % self.protectedNames
109	111
110
111		class SystemAccessController(AbstractAccessController):
112		"Authorises a person to take an action with an object in the system."
113
114		def hasAuthorisedRole(self):
	112	def getVisitor(self):
	113	if self.visitor == None:
	114	visitorName = self.dictionary[VISITOR_NAME]
	115	self.visitor = self.registry.persons[visitorName]
	116	return self.visitor
	117
	118	def isPersonNotVisitor(self):
	119	return self.person.name != self.getVisitor().name
	120
	121
	122	class SystemAccessController(BaseAccessController):
	123	"Introduces personal role, person system role, and visitor system role."
	124
	125	def assertAccessAuthorised(self):
115	126	if self.isPersonBarred():
116		return False
117		if self.isSystemRoleAuthorised():
118		return True
119		if self.isPersonAuthorised():
120		return True
121		return False
122
	127	raise AccessNotAuthorised(
	128	"Access barred to person."
	129	)
	130	if self.isPersonAuthorisedPersonally():
	131	return
	132	if self.isPersonAuthorisedOnSystem():
	133	return
	134	if self.isPersonNotVisitor() and self.isVisitorBarred():
	135	raise AccessNotAuthorised(
	136	"Access barred to visitor person."
	137	)
	138	if self.isPersonNotVisitor() and self.isVisitorAuthorisedOnSystem():
	139	return
	140	super(SystemAccessController, self).assertAccessAuthorised()
	141
123	142	def isPersonBarred(self):
124	143	permission = self.getPermissionObject()
125	144	if self.person in permission.personalBars:
126	145	if self.debug:
127		msg = "Access personal barred: '%s' to '%s' with '%s'." % (
128		self.person.name, self.actionName, self.protectedObject
129		)
130		self.logger.debug(msg)
131		return True
132		else:
133		if self.debug:
134		msg = "Access personal not barred: '%s' to '%s' with '%s'." %(
135		self.person.name, self.actionName, self.protectedObject
136		)
137		self.logger.debug(msg)
138		return False
139
140		def isPersonAuthorised(self):
	146	msg = "Access personally barred."
	147	self.logger.debug(msg)
	148	return True
	149	else:
	150	if self.debug:
	151	msg = "Access not personally barred."
	152	self.logger.debug(msg)
	153	return False
	154
	155	def isVisitorBarred(self):
	156	permission = self.getPermissionObject()
	157	if self.getVisitor() in permission.personalBars:
	158	if self.debug:
	159	msg = "Access barred to visitor."
	160	self.logger.debug(msg)
	161	return True
	162	else:
	163	if self.debug:
	164	msg = "Access not barred to visitor."
	165	self.logger.debug(msg)
	166	return False
	167
	168	def isPersonAuthorisedPersonally(self):
141	169	permission = self.getPermissionObject()
142	170	if self.person in permission.personalGrants:
143	171	if self.debug:
144		msg = "Access personal authorised: '%s' to '%s' with '%s'." %(
145		self.person.name, self.actionName, self.protectedObject
146		)
147		self.logger.debug(msg)
148		return True
149		else:
150		if self.debug:
151		msg = "Access personal not auth'd: '%s' to '%s' with '%s'." % (
152		self.person.name, self.actionName, self.protectedObject
153		)
154		self.logger.debug(msg)
155		return False
156
157		def isSystemRoleAuthorised(self):
158		systemRole = self.getSystemRole()
	172	msg = "Access personally authorised"
	173	self.logger.debug(msg)
	174	return True
	175	else:
	176	if self.debug:
	177	msg = "Access not personally authorised"
	178	self.logger.debug(msg)
	179	return False
	180
	181	def isPersonAuthorisedOnSystem(self):
	182	systemRole = self.getPersonSystemRole()
159	183	if self.isRoleAuthorised(systemRole):
160	184	if self.debug:
161		msg = "Access system authorised: '%s' to '%s' with '%s'." %(
162		self.person.name, self.actionName, self.protectedObject
163		)
164		self.logger.debug(msg)
165		return True
166		else:
167		if self.debug:
168		msg = "Access system not authorised: '%s' to '%s' with '%s'." %(
169		self.person.name, self.actionName, self.protectedObject
170		)
171		self.logger.debug(msg)
172		return False
173
174		def getSystemRole(self):
	185	msg = "Access authorised by person's system role."
	186	self.logger.debug(msg)
	187	return True
	188	else:
	189	if self.debug:
	190	msg = "Access not authorised by person's system role."
	191	self.logger.debug(msg)
	192	return False
	193
	194	def isVisitorAuthorisedOnSystem(self):
	195	systemRole = self.getVisitorSystemRole()
	196	if self.isRoleAuthorised(systemRole):
	197	if self.debug:
	198	msg = "Access authorised by visitor's system role."
	199	self.logger.debug(msg)
	200	return True
	201	else:
	202	if self.debug:
	203	msg = "Access not authorised by visitor's system role."
	204	self.logger.debug(msg)
	205	return False
	206
	207	def getPersonSystemRole(self):
175	208	return self.person.role
176	209
	210	def getVisitorSystemRole(self):
	211	return self.getVisitor().role
	212

trunk/src/dm/dom/meta.py

r45	r48
459	459	# create where missing
460	460	for associatedObjectKey in associatedObjectKeys:
	461	if associatedObjectKey == None:
	462	continue
	463
461	464	if self.isKeyDomainObject():
462	465	associatedObjectKey = associatedObjectRegister[associatedObjectKey]

trunk/src/dm/exceptions.py

r2	r48
1		"""~~KForge exception C~~lasses."""
	1	"""System exception classes."""
2	2
	3	# todo: Rename Kforge out of this module.
	4
	5	class DmException(StandardError):
	6	"System exception super class."
	7	pass
	8
	9	class AccessControlException(DmException):
	10	pass
	11
	12	class AccessNotAuthorised(AccessControlException):
	13	pass
3	14
4	15	class KforgeError(StandardError):

trunk/src/dm/test.py

r24	r48
11	11	import dm.commandtest
12	12	import dm.filesystemtest
	13	import dm.accesscontroltest
13	14	import dm.applicationtest
14	15	import dm.viewtest
…	…
27	28	dm.dictionarytest.suite(),
28	29	dm.commandtest.suite(),
	30	#dm.filesystemtest.suite(),
	31	dm.accesscontroltest.suite(),
	32	dm.viewtest.suite(),
29	33	dm.applicationtest.suite(),
30		~~dm.viewtest.suite(),~~
31	34	]
32	35	return ApplicationTestSuite(suites)

Download in other formats: