diff options
author | Ruan HE <ruan.he@orange.com> | 2015-07-08 09:17:35 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.206> | 2015-07-08 09:17:35 +0000 |
commit | cbda180fc4370b8eda4b886f79bfbc0fb739608e (patch) | |
tree | fbda1b8dd5d778ad3ddee1022e21f7f77d6f302a /keystone-moon/keystone/contrib | |
parent | 175e4b7ca2d7287f8a2404fb2a183e193ad55e15 (diff) | |
parent | 778fa0bc8228c523560674e509aecc01ba49a38e (diff) |
Merge "Fix some bugs on the enforce function."
Diffstat (limited to 'keystone-moon/keystone/contrib')
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 443 |
1 files changed, 225 insertions, 218 deletions
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 4d19e7cc..db31f4b9 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -68,9 +68,11 @@ def filter_args(func): def enforce(actions, object, **extra): + _actions = actions + def wrap(func): def wrapped(*args): - global actions + # global actions self = args[0] user_name = args[1] intra_extension_uuid = args[2] @@ -81,10 +83,12 @@ def enforce(actions, object, **extra): return func(*args) else: _authz = False - if type(actions) in (str, unicode): - actions = (actions, ) + if type(_actions) in (str, unicode): + actions = (_actions, ) + else: + actions = _actions for action in actions: - if self.authz_api.authz( + if self.admin_api.authz( intra_extension_uuid, user_name, object, @@ -275,7 +279,7 @@ class TenantDriver: raise exception.NotImplemented() # pragma: no cover -@dependency.requires('identity_api', 'moonlog_api', 'tenant_api', 'authz_api') +@dependency.requires('identity_api', 'moonlog_api', 'tenant_api', 'authz_api', 'admin_api') class IntraExtensionManager(manager.Manager): __genre__ = None @@ -307,7 +311,10 @@ class IntraExtensionManager(manager.Manager): raise IntraExtensionNotFound() # self.moonlog_api.authz("Unknown: Authorization framework disabled ({} {} {} {})".format(uuid, sub, obj, act)) # self.moonlog_api.warning("Unknown: Authorization framework disabled ({} {} {} {})".format(uuid, sub, obj, act)) - # return True + users = self.driver.get_subject_dict(uuid) + if sub in users and users[sub] == "admin": + return True + return False # #TODO (dthom): must raise IntraExtensionNotAuthorized # try: # _subject_category_dict = self.driver.get_subject_category_dict(extension_uuid) @@ -322,82 +329,82 @@ class IntraExtensionManager(manager.Manager): # return True # except exception: # TODO: exception.IntraExtension.NotAuthorized # pass - sub_meta_rule = self.driver.get_meta_rule(uuid) - subject_assignments = self.driver.get_subject_category_assignment_dict(uuid) - action_assignments = self.driver.get_action_category_assignment_dict(uuid) - object_assignments = self.driver.get_object_category_assignment_dict(uuid) - # check if subject exists - if sub not in self.driver.get_subject_dict(uuid): - self.moonlog_api.authz("KO: Subject {} unknown".format(sub)) - return False - # check if object exists - if obj not in self.driver.get_object_dict(uuid): - self.moonlog_api.authz("KO: Object {} unknown".format(obj)) - return False - # check if action exists - if act not in self.driver.get_action_dict(uuid): - self.moonlog_api.authz("KO: Action {} unknown".format(act)) - return False - # check if subject is in subject_assignment - for cat in subject_assignments.keys(): - if sub in subject_assignments[cat]: - break - else: - self.moonlog_api.authz("KO: Subject no found in categories {}".format( - subject_assignments.keys())) - return False - # check if object is in object_assignment - for cat in object_assignments.keys(): - if obj in object_assignments[cat]: - break - else: - self.moonlog_api.authz("KO: Object no found in categories {}".format( - object_assignments)) - return False - # check if action is in action_assignment - for cat in action_assignments.keys(): - if act in action_assignments[cat]: - break - else: - self.moonlog_api.authz("KO: Action no found in categories {}".format( - action_assignments.keys())) - return False - # get all rules for intra_extension - rules = self.driver.get_rules(uuid) - # check if relation exists in rules - relation_to_check = None - relations = self.driver.get_sub_meta_rule_relations(uuid) - for relation in rules: - if relation in relations: - # hypothesis: only one relation to check - relation_to_check = relation - break - else: - self.moonlog_api.authz("KO: No relation can be used {}".format(rules.keys())) - return False - for sub_rule in rules[relation_to_check]: - for cat in sub_meta_rule[relation_to_check]["subject_categories"]: - rule_scope = sub_rule.pop(0) - if rule_scope in subject_assignments[cat][sub]: - break - else: - continue - for cat in sub_meta_rule[relation_to_check]["action_categories"]: - rule_scope = sub_rule.pop(0) - if rule_scope in action_assignments[cat][act]: - break - else: - continue - for cat in sub_meta_rule[relation_to_check]["object_categories"]: - rule_scope = sub_rule.pop(0) - if rule_scope in object_assignments[cat][obj]: - break - else: - continue - self.moonlog_api.authz("OK ({} {},{},{})".format(uuid, sub, act, obj)) - return True - self.moonlog_api.authz("KO ({} {},{},{})".format(uuid, sub, act, obj)) - return False + # sub_meta_rule = self.driver.get_meta_rule(uuid) + # subject_assignments = self.driver.get_subject_category_assignment_dict(uuid) + # action_assignments = self.driver.get_action_category_assignment_dict(uuid) + # object_assignments = self.driver.get_object_category_assignment_dict(uuid) + # # check if subject exists + # if sub not in self.driver.get_subject_dict(uuid): + # self.moonlog_api.authz("KO: Subject {} unknown".format(sub)) + # return False + # # check if object exists + # if obj not in self.driver.get_object_dict(uuid): + # self.moonlog_api.authz("KO: Object {} unknown".format(obj)) + # return False + # # check if action exists + # if act not in self.driver.get_action_dict(uuid): + # self.moonlog_api.authz("KO: Action {} unknown".format(act)) + # return False + # # check if subject is in subject_assignment + # for cat in subject_assignments.keys(): + # if sub in subject_assignments[cat]: + # break + # else: + # self.moonlog_api.authz("KO: Subject no found in categories {}".format( + # subject_assignments.keys())) + # return False + # # check if object is in object_assignment + # for cat in object_assignments.keys(): + # if obj in object_assignments[cat]: + # break + # else: + # self.moonlog_api.authz("KO: Object no found in categories {}".format( + # object_assignments)) + # return False + # # check if action is in action_assignment + # for cat in action_assignments.keys(): + # if act in action_assignments[cat]: + # break + # else: + # self.moonlog_api.authz("KO: Action no found in categories {}".format( + # action_assignments.keys())) + # return False + # # get all rules for intra_extension + # rules = self.driver.get_rules(uuid) + # # check if relation exists in rules + # relation_to_check = None + # relations = self.driver.get_sub_meta_rule_relations(uuid) + # for relation in rules: + # if relation in relations: + # # hypothesis: only one relation to check + # relation_to_check = relation + # break + # else: + # self.moonlog_api.authz("KO: No relation can be used {}".format(rules.keys())) + # return False + # for sub_rule in rules[relation_to_check]: + # for cat in sub_meta_rule[relation_to_check]["subject_categories"]: + # rule_scope = sub_rule.pop(0) + # if rule_scope in subject_assignments[cat][sub]: + # break + # else: + # continue + # for cat in sub_meta_rule[relation_to_check]["action_categories"]: + # rule_scope = sub_rule.pop(0) + # if rule_scope in action_assignments[cat][act]: + # break + # else: + # continue + # for cat in sub_meta_rule[relation_to_check]["object_categories"]: + # rule_scope = sub_rule.pop(0) + # if rule_scope in object_assignments[cat][obj]: + # break + # else: + # continue + # self.moonlog_api.authz("OK ({} {},{},{})".format(uuid, sub, act, obj)) + # return True + # self.moonlog_api.authz("KO ({} {},{},{})".format(uuid, sub, act, obj)) + # return False def __get_key_from_value(self, value, values_dict): return filter(lambda v: v[1] == value, values_dict.iteritems())[0][0] @@ -677,12 +684,12 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subjects") - def get_subject_dict(self, user_name, intra_extension_uuid): + def get_subject_dict(self, user_uuid, intra_extension_uuid): return self.driver.get_subject_dict(intra_extension_uuid) @filter_args @enforce(("read", "write"), "subjects") - def set_subject_dict(self, user_name, intra_extension_uuid, subject_dict): + def set_subject_dict(self, user_uuid, intra_extension_uuid, subject_dict): for uuid in subject_dict: # Next line will raise an error if user is not present in Keystone database self.identity_api.get_user(uuid) @@ -690,70 +697,70 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce(("read", "write"), "subjects") - def add_subject_dict(self, user_name, intra_extension_uuid, subject_uuid): + def add_subject_dict(self, user_uuid, intra_extension_uuid, subject_uuid): # Next line will raise an error if user is not present in Keystone database user = self.identity_api.get_user(subject_uuid) return self.driver.add_subject(intra_extension_uuid, subject_uuid, user["name"]) @filter_args @enforce("write", "subjects") - def del_subject(self, user_name, intra_extension_uuid, subject_uuid): + def del_subject(self, user_uuid, intra_extension_uuid, subject_uuid): self.driver.remove_subject(intra_extension_uuid, subject_uuid) @filter_args @enforce("read", "objects") - def get_object_dict(self, user_name, intra_extension_uuid): + def get_object_dict(self, user_uuid, intra_extension_uuid): return self.driver.get_object_dict(intra_extension_uuid) @filter_args @enforce(("read", "write"), "objects") - def set_object_dict(self, user_name, intra_extension_uuid, object_dict): + def set_object_dict(self, user_uuid, intra_extension_uuid, object_dict): return self.driver.set_object_dict(intra_extension_uuid, object_dict) @filter_args @enforce(("read", "write"), "objects") - def add_object_dict(self, user_name, intra_extension_uuid, object_name): + def add_object_dict(self, user_uuid, intra_extension_uuid, object_name): object_uuid = uuid4().hex return self.driver.add_object(intra_extension_uuid, object_uuid, object_name) @filter_args @enforce("write", "objects") - def del_object(self, user_name, intra_extension_uuid, object_uuid): + def del_object(self, user_uuid, intra_extension_uuid, object_uuid): self.driver.remove_object(intra_extension_uuid, object_uuid) @filter_args @enforce("read", "actions") - def get_action_dict(self, user_name, intra_extension_uuid): + def get_action_dict(self, user_uuid, intra_extension_uuid): return self.driver.get_action_dict(intra_extension_uuid) @filter_args @enforce(("read", "write"), "actions") - def set_action_dict(self, user_name, intra_extension_uuid, action_dict): + def set_action_dict(self, user_uuid, intra_extension_uuid, action_dict): return self.driver.set_action_dict(intra_extension_uuid, action_dict) @filter_args @enforce(("read", "write"), "actions") - def add_action_dict(self, user_name, intra_extension_uuid, action_name): + def add_action_dict(self, user_uuid, intra_extension_uuid, action_name): action_uuid = uuid4().hex return self.driver.add_action(intra_extension_uuid, action_uuid, action_name) @filter_args @enforce("write", "actions") - def del_action(self, user_name, intra_extension_uuid, action_uuid): + def del_action(self, user_uuid, intra_extension_uuid, action_uuid): self.driver.remove_action(intra_extension_uuid, action_uuid) # Metadata functions @filter_args @enforce("read", "subject_categories") - def get_subject_category_dict(self, user_name, intra_extension_uuid): + def get_subject_category_dict(self, user_uuid, intra_extension_uuid): return self.driver.get_subject_category_dict(intra_extension_uuid) @filter_args @enforce("read", "subject_categories") @enforce("read", "subject_category_scope") @enforce("write", "subject_category_scope") - def set_subject_category_dict(self, user_name, intra_extension_uuid, subject_category): + def set_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category): subject_category_dict = self.driver.set_subject_category_dict(intra_extension_uuid, subject_category) # if we add a new category, we must add it to the subject_category_scope for _cat in subject_category.keys(): @@ -766,25 +773,25 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subject_categories") @enforce("write", "subject_categories") - def add_subject_category_dict(self, user_name, intra_extension_uuid, subject_category_name): + def add_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_name): subject_category_uuid = uuid4().hex return self.driver.add_subject_category_dict(intra_extension_uuid, subject_category_uuid, subject_category_name) @filter_args @enforce("write", "subject_categories") - def del_subject_category(self, user_name, intra_extension_uuid, subject_uuid): + def del_subject_category(self, user_uuid, intra_extension_uuid, subject_uuid): return self.driver.remove_subject_category(intra_extension_uuid, subject_uuid) @filter_args @enforce("read", "object_categories") - def get_object_category_dict(self, user_name, intra_extension_uuid): + def get_object_category_dict(self, user_uuid, intra_extension_uuid): return self.driver.get_object_category_dict(intra_extension_uuid) @filter_args @enforce("read", "object_categories") @enforce("read", "object_category_scope") @enforce("write", "object_category_scope") - def set_object_category_dict(self, user_name, intra_extension_uuid, object_category): + def set_object_category_dict(self, user_uuid, intra_extension_uuid, object_category): object_category_dict = self.driver.set_object_category_dict(intra_extension_uuid, object_category) # if we add a new category, we must add it to the object_category_scope for _cat in object_category.keys(): @@ -797,25 +804,25 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "object_categories") @enforce("write", "object_categories") - def add_object_category_dict(self, user_name, intra_extension_uuid, object_category_name): + def add_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_name): object_category_uuid = uuid4().hex return self.driver.add_object_category_dict(intra_extension_uuid, object_category_uuid, object_category_name) @filter_args @enforce("write", "object_categories") - def del_object_category(self, user_name, intra_extension_uuid, object_uuid): + def del_object_category(self, user_uuid, intra_extension_uuid, object_uuid): return self.driver.remove_object_category(intra_extension_uuid, object_uuid) @filter_args @enforce("read", "action_categories") - def get_action_category_dict(self, user_name, intra_extension_uuid): + def get_action_category_dict(self, user_uuid, intra_extension_uuid): return self.driver.get_action_category_dict(intra_extension_uuid) @filter_args @enforce("read", "action_categories") @enforce("read", "action_category_scope") @enforce("write", "action_category_scope") - def set_action_category_dict(self, user_name, intra_extension_uuid, action_category): + def set_action_category_dict(self, user_uuid, intra_extension_uuid, action_category): action_category_dict = self.driver.set_action_category_dict(intra_extension_uuid, action_category) # if we add a new category, we must add it to the action_category_scope for _cat in action_category.keys(): @@ -828,37 +835,37 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "action_categories") @enforce("write", "action_categories") - def add_action_category_dict(self, user_name, intra_extension_uuid, action_category_name): + def add_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_name): action_category_uuid = uuid4().hex return self.driver.add_action_category_dict(intra_extension_uuid, action_category_uuid, action_category_name) @filter_args @enforce("write", "action_categories") - def del_action_category(self, user_name, intra_extension_uuid, action_uuid): + def del_action_category(self, user_uuid, intra_extension_uuid, action_uuid): return self.driver.remove_action_category(intra_extension_uuid, action_uuid) # Scope functions @filter_args @enforce("read", "subject_category_scope") @enforce("read", "subject_category") - def get_subject_category_scope_dict(self, user_name, intra_extension_uuid, category): - if category not in self.get_subject_category_dict(user_name, intra_extension_uuid)["subject_categories"]: + def get_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category): + if category not in self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]: raise IntraExtensionError("Subject category {} is unknown.".format(category)) return self.driver.get_subject_category_scope_dict(intra_extension_uuid, category) @filter_args @enforce("read", "subject_category_scope") @enforce("read", "subject_category") - def set_subject_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): - if category not in self.get_subject_category_dict(user_name, intra_extension_uuid)["subject_categories"]: + def set_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): + if category not in self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]: raise IntraExtensionError("Subject category {} is unknown.".format(category)) return self.driver.set_subject_category_scope_dict(intra_extension_uuid, category, scope) @filter_args @enforce(("read", "write"), "subject_category_scope") @enforce("read", "subject_category") - def add_subject_category_scope_dict(self, user_name, intra_extension_uuid, subject_category, scope_name): - subject_categories = self.get_subject_category_dict(user_name, intra_extension_uuid) + def add_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, subject_category, scope_name): + subject_categories = self.get_subject_category_dict(user_uuid, intra_extension_uuid) # check if subject_category exists in database if subject_category not in subject_categories["subject_categories"]: raise IntraExtensionError("Subject category {} is unknown.".format(subject_category)) @@ -872,8 +879,8 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "subject_category_scope") @enforce("read", "subject_category") - def del_subject_category_scope(self, user_name, intra_extension_uuid, subject_category, subject_category_scope): - subject_categories = self.get_subject_category_dict(user_name, intra_extension_uuid) + def del_subject_category_scope(self, user_uuid, intra_extension_uuid, subject_category, subject_category_scope): + subject_categories = self.get_subject_category_dict(user_uuid, intra_extension_uuid) # check if subject_category exists in database if subject_category not in subject_categories["subject_categories"]: raise IntraExtensionError("Subject category {} is unknown.".format(subject_category)) @@ -885,24 +892,24 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "object_category_scope") @enforce("read", "object_category") - def get_object_category_scope_dict(self, user_name, intra_extension_uuid, category): - if category not in self.get_object_category_dict(user_name, intra_extension_uuid)["object_categories"]: + def get_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category): + if category not in self.get_object_category_dict(user_uuid, intra_extension_uuid)["object_categories"]: raise IntraExtensionError("Object category {} is unknown.".format(category)) return self.driver.get_object_category_scope_dict(intra_extension_uuid, category) @filter_args @enforce("read", "object_category_scope") @enforce("read", "object_category") - def set_object_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): - if category not in self.get_object_category_dict(user_name, intra_extension_uuid)["object_categories"]: + def set_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): + if category not in self.get_object_category_dict(user_uuid, intra_extension_uuid)["object_categories"]: raise IntraExtensionError("Object category {} is unknown.".format(category)) return self.driver.set_object_category_scope_dict(intra_extension_uuid, category, scope) @filter_args @enforce(("read", "write"), "object_category_scope") @enforce("read", "object_category") - def add_object_category_scope_dict(self, user_name, intra_extension_uuid, object_category, scope_name): - object_categories = self.get_object_category_dict(user_name, intra_extension_uuid) + def add_object_category_scope_dict(self, user_uuid, intra_extension_uuid, object_category, scope_name): + object_categories = self.get_object_category_dict(user_uuid, intra_extension_uuid) # check if object_category exists in database if object_category not in object_categories["object_categories"]: raise IntraExtensionError("Object category {} is unknown.".format(object_category)) @@ -916,8 +923,8 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "object_category_scope") @enforce("read", "object_category") - def del_object_category_scope(self, user_name, intra_extension_uuid, object_category, object_category_scope): - object_categories = self.get_object_category_dict(user_name, intra_extension_uuid) + def del_object_category_scope(self, user_uuid, intra_extension_uuid, object_category, object_category_scope): + object_categories = self.get_object_category_dict(user_uuid, intra_extension_uuid) # check if object_category exists in database if object_category not in object_categories["object_categories"]: raise IntraExtensionError("Object category {} is unknown.".format(object_category)) @@ -929,24 +936,24 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "action_category_scope") @enforce("read", "action_category") - def get_action_category_scope_dict(self, user_name, intra_extension_uuid, category): - if category not in self.get_action_category_dict(user_name, intra_extension_uuid)["action_categories"]: + def get_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category): + if category not in self.get_action_category_dict(user_uuid, intra_extension_uuid)["action_categories"]: raise IntraExtensionError("Action category {} is unknown.".format(category)) return self.driver.get_action_category_scope_dict(intra_extension_uuid, category) @filter_args @enforce(("read", "write"), "action_category_scope") @enforce("read", "action_category") - def set_action_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): - if category not in self.get_action_category_dict(user_name, intra_extension_uuid)["action_categories"]: + def set_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): + if category not in self.get_action_category_dict(user_uuid, intra_extension_uuid)["action_categories"]: raise IntraExtensionError("Action category {} is unknown.".format(category)) return self.driver.set_action_category_scope_dict(intra_extension_uuid, category, scope) @filter_args @enforce(("read", "write"), "action_category_scope") @enforce("read", "action_category") - def add_action_category_scope_dict(self, user_name, intra_extension_uuid, action_category, scope_name): - action_categories = self.get_action_category_dict(user_name, intra_extension_uuid) + def add_action_category_scope_dict(self, user_uuid, intra_extension_uuid, action_category, scope_name): + action_categories = self.get_action_category_dict(user_uuid, intra_extension_uuid) # check if action_category exists in database if action_category not in action_categories["action_categories"]: raise IntraExtensionError("Action category {} is unknown.".format(action_category)) @@ -960,8 +967,8 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("write", "action_category_scope") @enforce("read", "action_category") - def del_action_category_scope(self, user_name, intra_extension_uuid, action_category, action_category_scope): - action_categories = self.get_action_category_dict(user_name, intra_extension_uuid) + def del_action_category_scope(self, user_uuid, intra_extension_uuid, action_category, action_category_scope): + action_categories = self.get_action_category_dict(user_uuid, intra_extension_uuid) # check if action_category exists in database if action_category not in action_categories["action_categories"]: raise IntraExtensionError("Action category {} is unknown.".format(action_category)) @@ -975,9 +982,9 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "subject_category_assignment") @enforce("read", "subjects") - def get_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid): + def get_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid): # check if subject exists in database - if subject_uuid not in self.get_subject_dict(user_name, intra_extension_uuid)["subjects"]: + if subject_uuid not in self.get_subject_dict(user_uuid, intra_extension_uuid)["subjects"]: LOG.error("add_subject_assignment: unknown subject_id {}".format(subject_uuid)) raise IntraExtensionError("Bad input data") return self.driver.get_subject_category_assignment_dict(intra_extension_uuid, subject_uuid) @@ -986,9 +993,9 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "subject_category_assignment") @enforce("write", "subject_category_assignment") @enforce("read", "subjects") - def set_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, assignment_dict): + def set_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, assignment_dict): # check if subject exists in database - if subject_uuid not in self.get_subject_dict(user_name, intra_extension_uuid)["subjects"]: + if subject_uuid not in self.get_subject_dict(user_uuid, intra_extension_uuid)["subjects"]: LOG.error("add_subject_assignment: unknown subject_id {}".format(subject_uuid)) raise IntraExtensionError("Bad input data") return self.driver.set_subject_category_assignment_dict(intra_extension_uuid, subject_uuid, assignment_dict) @@ -998,13 +1005,13 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "subject_category_assignment") @enforce("read", "subjects") @enforce("read", "subject_category") - def del_subject_category_assignment(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_category_assignment(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): # check if category exists in database - if category_uuid not in self.get_subject_category_dict(user_name, intra_extension_uuid)["subject_categories"]: + if category_uuid not in self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]: LOG.error("add_subject_category_scope: unknown subject_category {}".format(category_uuid)) raise IntraExtensionError("Bad input data") # check if subject exists in database - if subject_uuid not in self.get_subject_dict(user_name, intra_extension_uuid)["subjects"]: + if subject_uuid not in self.get_subject_dict(user_uuid, intra_extension_uuid)["subjects"]: LOG.error("add_subject_assignment: unknown subject_id {}".format(subject_uuid)) raise IntraExtensionError("Bad input data") self.driver.remove_subject_category_assignment(intra_extension_uuid, subject_uuid, category_uuid, scope_uuid) @@ -1013,13 +1020,13 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "subject_category_assignment") @enforce("read", "subjects") @enforce("read", "subject_category") - def add_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def add_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): # check if category exists in database - if category_uuid not in self.get_subject_category_dict(user_name, intra_extension_uuid)["subject_categories"]: + if category_uuid not in self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]: LOG.error("add_subject_category_scope: unknown subject_category {}".format(category_uuid)) raise IntraExtensionError("Bad input data") # check if subject exists in database - if subject_uuid not in self.get_subject_dict(user_name, intra_extension_uuid)["subjects"]: + if subject_uuid not in self.get_subject_dict(user_uuid, intra_extension_uuid)["subjects"]: LOG.error("add_subject_assignment: unknown subject_id {}".format(subject_uuid)) raise IntraExtensionError("Bad input data") return self.driver.add_subject_category_assignment_dict(intra_extension_uuid, subject_uuid, category_uuid, scope_uuid) @@ -1027,9 +1034,9 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "object_category_assignment") @enforce("read", "objects") - def get_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid): + def get_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid): # check if object exists in database - if object_uuid not in self.get_object_dict(user_name, intra_extension_uuid)["objects"]: + if object_uuid not in self.get_object_dict(user_uuid, intra_extension_uuid)["objects"]: LOG.error("add_object_assignment: unknown object_id {}".format(object_uuid)) raise IntraExtensionError("Bad input data") return self.driver.get_object_category_assignment_dict(intra_extension_uuid, object_uuid) @@ -1038,9 +1045,9 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "object_category_assignment") @enforce("write", "object_category_assignment") @enforce("read", "objects") - def set_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, assignment_dict): + def set_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, assignment_dict): # check if object exists in database - if object_uuid not in self.get_object_dict(user_name, intra_extension_uuid)["objects"]: + if object_uuid not in self.get_object_dict(user_uuid, intra_extension_uuid)["objects"]: LOG.error("add_object_assignment: unknown object_id {}".format(object_uuid)) raise IntraExtensionError("Bad input data") return self.driver.set_object_category_assignment_dict(intra_extension_uuid, object_uuid, assignment_dict) @@ -1050,13 +1057,13 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "object_category_assignment") @enforce("read", "objects") @enforce("read", "object_category") - def del_object_category_assignment(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_category_assignment(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): # check if category exists in database - if category_uuid not in self.get_object_category_dict(user_name, intra_extension_uuid)["object_categories"]: + if category_uuid not in self.get_object_category_dict(user_uuid, intra_extension_uuid)["object_categories"]: LOG.error("add_object_category_scope: unknown object_category {}".format(category_uuid)) raise IntraExtensionError("Bad input data") # check if object exists in database - if object_uuid not in self.get_object_dict(user_name, intra_extension_uuid)["objects"]: + if object_uuid not in self.get_object_dict(user_uuid, intra_extension_uuid)["objects"]: LOG.error("add_object_assignment: unknown object_id {}".format(object_uuid)) raise IntraExtensionError("Bad input data") self.driver.remove_object_category_assignment(intra_extension_uuid, object_uuid, category_uuid, scope_uuid) @@ -1065,13 +1072,13 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "object_category_assignment") @enforce("read", "objects") @enforce("read", "object_category") - def add_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def add_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): # check if category exists in database - if category_uuid not in self.get_object_category_dict(user_name, intra_extension_uuid)["object_categories"]: + if category_uuid not in self.get_object_category_dict(user_uuid, intra_extension_uuid)["object_categories"]: LOG.error("add_object_category_scope: unknown object_category {}".format(category_uuid)) raise IntraExtensionError("Bad input data") # check if object exists in database - if object_uuid not in self.get_object_dict(user_name, intra_extension_uuid)["objects"]: + if object_uuid not in self.get_object_dict(user_uuid, intra_extension_uuid)["objects"]: LOG.error("add_object_assignment: unknown object_id {}".format(object_uuid)) raise IntraExtensionError("Bad input data") return self.driver.add_object_category_assignment_dict(intra_extension_uuid, object_uuid, category_uuid, scope_uuid) @@ -1079,9 +1086,9 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "action_category_assignment") @enforce("read", "actions") - def get_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid): + def get_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid): # check if action exists in database - if action_uuid not in self.get_action_dict(user_name, intra_extension_uuid)["actions"]: + if action_uuid not in self.get_action_dict(user_uuid, intra_extension_uuid)["actions"]: LOG.error("add_action_assignment: unknown action_id {}".format(action_uuid)) raise IntraExtensionError("Bad input data") return self.driver.get_action_category_assignment_dict(intra_extension_uuid, action_uuid) @@ -1090,9 +1097,9 @@ class IntraExtensionManager(manager.Manager): @enforce("read", "action_category_assignment") @enforce("write", "action_category_assignment") @enforce("read", "actions") - def set_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, assignment_dict): + def set_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, assignment_dict): # check if action exists in database - if action_uuid not in self.get_action_dict(user_name, intra_extension_uuid)["actions"]: + if action_uuid not in self.get_action_dict(user_uuid, intra_extension_uuid)["actions"]: LOG.error("add_action_assignment: unknown action_id {}".format(action_uuid)) raise IntraExtensionError("Bad input data") return self.driver.set_action_category_assignment_dict(intra_extension_uuid, action_uuid, assignment_dict) @@ -1102,13 +1109,13 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "action_category_assignment") @enforce("read", "actions") @enforce("read", "action_category") - def del_action_category_assignment(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_category_assignment(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): # check if category exists in database - if category_uuid not in self.get_action_category_dict(user_name, intra_extension_uuid)["action_categories"]: + if category_uuid not in self.get_action_category_dict(user_uuid, intra_extension_uuid)["action_categories"]: LOG.error("add_action_category_scope: unknown action_category {}".format(category_uuid)) raise IntraExtensionError("Bad input data") # check if action exists in database - if action_uuid not in self.get_action_dict(user_name, intra_extension_uuid)["actions"]: + if action_uuid not in self.get_action_dict(user_uuid, intra_extension_uuid)["actions"]: LOG.error("add_action_assignment: unknown action_id {}".format(action_uuid)) raise IntraExtensionError("Bad input data") self.driver.remove_action_category_assignment(intra_extension_uuid, action_uuid, category_uuid, scope_uuid) @@ -1117,13 +1124,13 @@ class IntraExtensionManager(manager.Manager): @enforce("write", "action_category_assignment") @enforce("read", "actions") @enforce("read", "action_category") - def add_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def add_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): # check if category exists in database - if category_uuid not in self.get_action_category_dict(user_name, intra_extension_uuid)["action_categories"]: + if category_uuid not in self.get_action_category_dict(user_uuid, intra_extension_uuid)["action_categories"]: LOG.error("add_action_category_scope: unknown action_category {}".format(category_uuid)) raise IntraExtensionError("Bad input data") # check if action exists in database - if action_uuid not in self.get_action_dict(user_name, intra_extension_uuid)["actions"]: + if action_uuid not in self.get_action_dict(user_uuid, intra_extension_uuid)["actions"]: LOG.error("add_action_assignment: unknown action_id {}".format(action_uuid)) raise IntraExtensionError("Bad input data") return self.driver.add_action_category_assignment_dict( @@ -1135,21 +1142,21 @@ class IntraExtensionManager(manager.Manager): # Metarule functions @filter_args - def get_aggregation_algorithms(self, user_name, intra_extension_uuid): + def get_aggregation_algorithms(self, user_uuid, intra_extension_uuid): # TODO: check which algorithms are really usable return {"aggregation_algorithms": ["and_true_aggregation", "test_aggregation"]} @filter_args @enforce("read", "aggregation_algorithms") - def get_aggregation_algorithm(self, user_name, intra_extension_uuid): + def get_aggregation_algorithm(self, user_uuid, intra_extension_uuid): return self.driver.get_meta_rule_dict(intra_extension_uuid) @filter_args @enforce("read", "aggregation_algorithms") @enforce("write", "aggregation_algorithms") - def set_aggregation_algorithm(self, user_name, intra_extension_uuid, aggregation_algorithm): + def set_aggregation_algorithm(self, user_uuid, intra_extension_uuid, aggregation_algorithm): if aggregation_algorithm not in self.get_aggregation_algorithms( - user_name, intra_extension_uuid)["aggregation_algorithms"]: + user_uuid, intra_extension_uuid)["aggregation_algorithms"]: raise IntraExtensionError("Unknown aggregation_algorithm: {}".format(aggregation_algorithm)) meta_rule = self.driver.get_meta_rule_dict(intra_extension_uuid) meta_rule["aggregation"] = aggregation_algorithm @@ -1157,17 +1164,17 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "sub_meta_rule") - def get_sub_meta_rule(self, user_name, intra_extension_uuid): + def get_sub_meta_rule(self, user_uuid, intra_extension_uuid): return self.driver.get_meta_rule_dict(intra_extension_uuid) @filter_args @enforce("read", "sub_meta_rule") @enforce("write", "sub_meta_rule") - def set_sub_meta_rule(self, user_name, intra_extension_uuid, sub_meta_rules): + def set_sub_meta_rule(self, user_uuid, intra_extension_uuid, sub_meta_rules): # TODO (dthom): When sub_meta_rule is set, all rules must be dropped # because the previous rules cannot be mapped to the new sub_meta_rule. for relation in sub_meta_rules.keys(): - if relation not in self.get_sub_meta_rule_relations(user_name, intra_extension_uuid)["sub_meta_rule_relations"]: + if relation not in self.get_sub_meta_rule_relations(user_uuid, intra_extension_uuid)["sub_meta_rule_relations"]: LOG.error("set_sub_meta_rule unknown MetaRule relation {}".format(relation)) raise IntraExtensionError("Bad input data.") for cat in ("subject_categories", "object_categories", "action_categories"): @@ -1177,19 +1184,19 @@ class IntraExtensionManager(manager.Manager): if type(sub_meta_rules[relation][cat]) is not list: LOG.error("set_sub_meta_rule category {} is not a list".format(cat)) raise IntraExtensionError("Bad input data.") - subject_categories = self.get_subject_category_dict(user_name, intra_extension_uuid) + subject_categories = self.get_subject_category_dict(user_uuid, intra_extension_uuid) for data in sub_meta_rules[relation]["subject_categories"]: if data not in subject_categories["subject_categories"]: LOG.error("set_sub_meta_rule category {} is not part of subject_categories {}".format( data, subject_categories)) raise IntraExtensionError("Bad input data.") - object_categories = self.get_object_category_dict(user_name, intra_extension_uuid) + object_categories = self.get_object_category_dict(user_uuid, intra_extension_uuid) for data in sub_meta_rules[relation]["object_categories"]: if data not in object_categories["object_categories"]: LOG.error("set_sub_meta_rule category {} is not part of object_categories {}".format( data, object_categories)) raise IntraExtensionError("Bad input data.") - action_categories = self.get_action_category_dict(user_name, intra_extension_uuid) + action_categories = self.get_action_category_dict(user_uuid, intra_extension_uuid) for data in sub_meta_rules[relation]["action_categories"]: if data not in action_categories["action_categories"]: LOG.error("set_sub_meta_rule category {} is not part of action_categories {}".format( @@ -1206,24 +1213,24 @@ class IntraExtensionManager(manager.Manager): # Sub-rules functions @filter_args @enforce("read", "sub_rules") - def get_sub_rules(self, user_name, intra_extension_uuid): + def get_sub_rules(self, user_uuid, intra_extension_uuid): return self.driver.get_rules(intra_extension_uuid) @filter_args @enforce("read", "sub_rules") @enforce("write", "sub_rules") - def set_sub_rule(self, user_name, intra_extension_uuid, relation, sub_rule): + def set_sub_rule(self, user_uuid, intra_extension_uuid, relation, sub_rule): for item in sub_rule: if type(item) not in (str, unicode, bool): raise IntraExtensionError("Bad input data (sub_rule).") ref_rules = self.driver.get_rules(intra_extension_uuid) _sub_rule = list(sub_rule) - if relation not in self.get_sub_meta_rule_relations(user_name, intra_extension_uuid)["sub_meta_rule_relations"]: + if relation not in self.get_sub_meta_rule_relations(user_uuid, intra_extension_uuid)["sub_meta_rule_relations"]: raise IntraExtensionError("Bad input data (rules).") # filter strings in sub_rule sub_rule = [filter_input(x) for x in sub_rule] # check if length of sub_rule is correct from metadata_sub_rule - metadata_sub_rule = self.get_sub_meta_rule(user_name, intra_extension_uuid) + metadata_sub_rule = self.get_sub_meta_rule(user_uuid, intra_extension_uuid) metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]) + \ len(metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]) + \ len(metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]) + 1 @@ -1234,12 +1241,12 @@ class IntraExtensionManager(manager.Manager): for category in metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]: item = _sub_rule.pop(0) if item not in self.get_subject_category_scope_dict( - user_name, + user_uuid, intra_extension_uuid, category)["subject_category_scope"][category].keys(): raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item)) for category in metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]: action_categories = self.get_action_category_scope_dict( - user_name, + user_uuid, intra_extension_uuid, category)["action_category_scope"][category] item = _sub_rule.pop(0) if item not in action_categories.keys(): @@ -1248,7 +1255,7 @@ class IntraExtensionManager(manager.Manager): for category in metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]: item = _sub_rule.pop(0) if item not in self.get_object_category_scope_dict( - user_name, + user_uuid, intra_extension_uuid, category)["object_category_scope"][category].keys(): raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item)) # check if relation is already there @@ -1261,7 +1268,7 @@ class IntraExtensionManager(manager.Manager): @filter_args @enforce("read", "sub_rules") @enforce("write", "sub_rules") - def del_sub_rule(self, user_name, intra_extension_uuid, relation_name, rule): + def del_sub_rule(self, user_uuid, intra_extension_uuid, relation_name, rule): ref_rules = self.driver.get_rules(intra_extension_uuid) rule = rule.split("+") for index, _item in enumerate(rule): @@ -1300,124 +1307,124 @@ class IntraExtensionAuthzManager(IntraExtensionManager): def delete_intra_extension(self, intra_extension_id): raise AdminException() - def set_subject_dict(self, user_name, intra_extension_uuid, subject_dict): + def set_subject_dict(self, user_uuid, intra_extension_uuid, subject_dict): raise SubjectAddNotAuthorized() - def add_subject_dict(self, user_name, intra_extension_uuid, subject_uuid): + def add_subject_dict(self, user_uuid, intra_extension_uuid, subject_uuid): raise SubjectAddNotAuthorized() - def del_subject(self, user_name, intra_extension_uuid, subject_uuid): + def del_subject(self, user_uuid, intra_extension_uuid, subject_uuid): raise SubjectDelNotAuthorized() - def set_object_dict(self, user_name, intra_extension_uuid, object_dict): + def set_object_dict(self, user_uuid, intra_extension_uuid, object_dict): raise ObjectAddNotAuthorized() - def add_object_dict(self, user_name, intra_extension_uuid, object_name): + def add_object_dict(self, user_uuid, intra_extension_uuid, object_name): raise ObjectAddNotAuthorized() - def del_object(self, user_name, intra_extension_uuid, object_uuid): + def del_object(self, user_uuid, intra_extension_uuid, object_uuid): raise ObjectDelNotAuthorized() - def set_action_dict(self, user_name, intra_extension_uuid, action_dict): + def set_action_dict(self, user_uuid, intra_extension_uuid, action_dict): raise ActionAddNotAuthorized() - def add_action_dict(self, user_name, intra_extension_uuid, action_name): + def add_action_dict(self, user_uuid, intra_extension_uuid, action_name): raise ActionAddNotAuthorized() - def del_action(self, user_name, intra_extension_uuid, action_uuid): + def del_action(self, user_uuid, intra_extension_uuid, action_uuid): raise ActionDelNotAuthorized() - def set_subject_category_dict(self, user_name, intra_extension_uuid, subject_category): + def set_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category): raise SubjectCategoryAddNotAuthorized() - def add_subject_category_dict(self, user_name, intra_extension_uuid, subject_category_name): + def add_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_name): raise SubjectCategoryAddNotAuthorized() - def del_subject_category(self, user_name, intra_extension_uuid, subject_uuid): + def del_subject_category(self, user_uuid, intra_extension_uuid, subject_uuid): raise SubjectCategoryDelNotAuthorized() - def set_object_category_dict(self, user_name, intra_extension_uuid, object_category): + def set_object_category_dict(self, user_uuid, intra_extension_uuid, object_category): raise ObjectCategoryAddNotAuthorized() - def add_object_category_dict(self, user_name, intra_extension_uuid, object_category_name): + def add_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_name): raise ObjectCategoryAddNotAuthorized() - def del_object_category(self, user_name, intra_extension_uuid, object_uuid): + def del_object_category(self, user_uuid, intra_extension_uuid, object_uuid): raise ObjectCategoryDelNotAuthorized() - def set_action_category_dict(self, user_name, intra_extension_uuid, action_category): + def set_action_category_dict(self, user_uuid, intra_extension_uuid, action_category): raise ActionCategoryAddNotAuthorized() - def add_action_category_dict(self, user_name, intra_extension_uuid, action_category_name): + def add_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_name): raise ActionCategoryAddNotAuthorized() - def del_action_category(self, user_name, intra_extension_uuid, action_uuid): + def del_action_category(self, user_uuid, intra_extension_uuid, action_uuid): raise ActionCategoryDelNotAuthorized() - def set_subject_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): + def set_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): raise SubjectCategoryScopeAddNotAuthorized() - def add_subject_category_scope_dict(self, user_name, intra_extension_uuid, subject_category, scope_name): + def add_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, subject_category, scope_name): raise SubjectCategoryScopeAddNotAuthorized() - def del_subject_category_scope(self, user_name, intra_extension_uuid, subject_category, subject_category_scope): + def del_subject_category_scope(self, user_uuid, intra_extension_uuid, subject_category, subject_category_scope): raise SubjectCategoryScopeDelNotAuthorized() - def set_object_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): + def set_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): raise ObjectCategoryScopeAddNotAuthorized() - def add_object_category_scope_dict(self, user_name, intra_extension_uuid, object_category, scope_name): + def add_object_category_scope_dict(self, user_uuid, intra_extension_uuid, object_category, scope_name): raise ObjectCategoryScopeAddNotAuthorized() - def del_object_category_scope(self, user_name, intra_extension_uuid, object_category, object_category_scope): + def del_object_category_scope(self, user_uuid, intra_extension_uuid, object_category, object_category_scope): raise ObjectCategoryScopeDelNotAuthorized() - def set_action_category_scope_dict(self, user_name, intra_extension_uuid, category, scope): + def set_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope): raise ActionCategoryScopeAddNotAuthorized() - def add_action_category_scope_dict(self, user_name, intra_extension_uuid, action_category, scope_name): + def add_action_category_scope_dict(self, user_uuid, intra_extension_uuid, action_category, scope_name): raise ActionCategoryScopeAddNotAuthorized() - def del_action_category_scope(self, user_name, intra_extension_uuid, action_category, action_category_scope): + def del_action_category_scope(self, user_uuid, intra_extension_uuid, action_category, action_category_scope): raise ActionCategoryScopeDelNotAuthorized() - def set_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, assignment_dict): + def set_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, assignment_dict): raise SubjectCategoryAssignmentAddNotAuthorized() - def del_subject_category_assignment(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def del_subject_category_assignment(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): raise SubjectCategoryAssignmentAddNotAuthorized() - def add_subject_category_assignment_dict(self, user_name, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): + def add_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid): raise SubjectCategoryAssignmentDelNotAuthorized() - def set_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, assignment_dict): + def set_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, assignment_dict): raise ObjectCategoryAssignmentAddNotAuthorized() - def del_object_category_assignment(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def del_object_category_assignment(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): raise ObjectCategoryAssignmentAddNotAuthorized() - def add_object_category_assignment_dict(self, user_name, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): + def add_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid): raise ObjectCategoryAssignmentDelNotAuthorized() - def set_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, assignment_dict): + def set_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, assignment_dict): raise ActionCategoryAssignmentAddNotAuthorized() - def del_action_category_assignment(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def del_action_category_assignment(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): raise ActionCategoryAssignmentAddNotAuthorized() - def add_action_category_assignment_dict(self, user_name, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): + def add_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid): raise ActionCategoryAssignmentDelNotAuthorized() - def set_aggregation_algorithm(self, user_name, intra_extension_uuid, aggregation_algorithm): + def set_aggregation_algorithm(self, user_uuid, intra_extension_uuid, aggregation_algorithm): raise MetaRuleAddNotAuthorized() - def set_sub_meta_rule(self, user_name, intra_extension_uuid, sub_meta_rules): + def set_sub_meta_rule(self, user_uuid, intra_extension_uuid, sub_meta_rules): raise MetaRuleAddNotAuthorized() - def set_sub_rule(self, user_name, intra_extension_uuid, relation, sub_rule): + def set_sub_rule(self, user_uuid, intra_extension_uuid, relation, sub_rule): raise RuleAddNotAuthorized() - def del_sub_rule(self, user_name, intra_extension_uuid, relation_name, rule): + def del_sub_rule(self, user_uuid, intra_extension_uuid, relation_name, rule): raise RuleAddNotAuthorized() @dependency.provider('admin_api') |