diff options
author | WuKong <rebirthmonkey@gmail.com> | 2015-08-07 18:08:59 +0200 |
---|---|---|
committer | WuKong <rebirthmonkey@gmail.com> | 2015-08-07 18:08:59 +0200 |
commit | b7666a6b98b4f935f0eb95826aa43610521ed6dc (patch) | |
tree | e1f7c7ba41a9b6accf365a0b1340dde1b52318dc /keystone-moon/keystone/contrib | |
parent | 51f7872f4902093cb0f0d445737c5892dd784191 (diff) |
review code
Change-Id: Idf3aedc0355fbe714a4a4808fcd2e4749da53195
Signed-off-by: WuKong <rebirthmonkey@gmail.com>
Diffstat (limited to 'keystone-moon/keystone/contrib')
-rw-r--r-- | keystone-moon/keystone/contrib/moon/backends/memory.py | 27 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/backends/sql.py | 5 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/controllers.py | 606 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/moon/core.py | 163 |
4 files changed, 406 insertions, 395 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/memory.py b/keystone-moon/keystone/contrib/moon/backends/memory.py index f7fe5ef1..675240e5 100644 --- a/keystone-moon/keystone/contrib/moon/backends/memory.py +++ b/keystone-moon/keystone/contrib/moon/backends/memory.py @@ -8,8 +8,6 @@ from glob import glob import os from keystone import config from keystone.contrib.moon.core import ConfigurationDriver -# from keystone.contrib.moon.core import SuperExtensionDriver - CONF = config.CONF @@ -19,21 +17,28 @@ class ConfigurationConnector(ConfigurationDriver): def __init__(self): super(ConfigurationConnector, self).__init__() - self.aggregation_algorithm_dict = dict() - self.aggregation_algorithm_dict[uuid4().hex] = {'name': 'all_true', 'description': 'all_true'} - self.sub_meta_rule_algorithm_dict = dict() - self.sub_meta_rule_algorithm_dict[uuid4().hex] = {'name': 'inclusion', 'description': 'inclusion'} - self.sub_meta_rule_algorithm_dict[uuid4().hex] = {'name': 'comparison', 'description': 'comparison'} + self.aggregation_algorithms_dict = dict() + self.aggregation_algorithms_dict[uuid4().hex] = {'name': 'all_true', 'description': 'all_true'} + self.sub_meta_rule_algorithms_dict = dict() + self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'inclusion', 'description': 'inclusion'} + self.sub_meta_rule_algorithms_dict[uuid4().hex] = {'name': 'comparison', 'description': 'comparison'} def get_policy_templates_dict(self): + # TODO (dthom): this function should return a dictionary of all policy templates as: + """ + :return: { + template_id1: {name: template_name, description: template_description}, + template_id2: {name: template_name, description: template_description}, + ... + } + """ nodes = glob(os.path.join(CONF.moon.policy_directory, "*")) return { - "authz_templates": - [os.path.basename(n) for n in nodes if os.path.isdir(n)] + "authz_templates": [os.path.basename(n) for n in nodes if os.path.isdir(n)] } def get_aggregation_algorithm_dict(self): - return self.aggregation_algorithm_dict + return self.aggregation_algorithms_dict def get_sub_meta_rule_algorithms_dict(self): - return self.sub_meta_rule_algorithm_dict
\ No newline at end of file + return self.sub_meta_rule_algorithms_dict diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py index ebc6a4d3..5ceb5c5b 100644 --- a/keystone-moon/keystone/contrib/moon/backends/sql.py +++ b/keystone-moon/keystone/contrib/moon/backends/sql.py @@ -365,7 +365,7 @@ class TenantConnector(TenantDriver): class IntraExtensionConnector(IntraExtensionDriver): - # Tenant functions + # IntraExtension functions def get_intra_extensions_dict(self): with sql.transaction() as session: @@ -401,9 +401,6 @@ class IntraExtensionConnector(IntraExtensionDriver): session.add(new_intra_extension) ref = new_intra_extension else: - # intra_extension_ref = ref.to_dict() - # intra_extension_ref.update(intra_extension_dict) - # new_intra_extension = IntraExtension.from_dict(id=intra_extension_id, intra_extension=intra_extension_ref) for attr in IntraExtension.attributes: if attr != 'id': setattr(ref, attr, getattr(new_intra_extension, attr)) diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py index 047059d0..46590892 100644 --- a/keystone-moon/keystone/contrib/moon/controllers.py +++ b/keystone-moon/keystone/contrib/moon/controllers.py @@ -8,8 +8,6 @@ from keystone.common import dependency from keystone import config from keystone.models import token_model from keystone.contrib.moon.exception import * -import os -import glob from oslo_log import log CONF = config.CONF @@ -31,27 +29,17 @@ class Configuration(controller.V3Controller): @controller.protected() def get_policy_templates(self, context, **kw): - user_id = self._get_user_uuid_from_token(context.get("token_id")) - return self.configuration_api_get_policy_templete_dict(user_id) + user_id = self._get_user_id_from_token(context.get('token_id')) + return self.configuration_api.get_policy_templates_dict(user_id) @controller.protected() def get_aggregation_algorithms(self, context, **kw): - """ - :param context: - :param kw: - :return: {aggregation_algorithm_id: description} - """ - user_id = self._get_user_uuid_from_token(context.get("token_id")) + user_id = self._get_user_id_from_token(context.get('token_id')) return self.configuration_api.get_aggregation_algorithms_dict(user_id) @controller.protected() def get_sub_meta_rule_algorithms(self, context, **kw): - """ - :param context: - :param kw: - :return: {sub_meta_rule_algorithm_id: description} - """ - user_id = self._get_user_uuid_from_token(context.get("token_id")) + user_id = self._get_user_id_from_token(context.get('token_id')) return self.configuration_api.get_sub_meta_rule_algorithms_dict(user_id) @@ -68,45 +56,45 @@ class Tenants(controller.V3Controller): @controller.protected() def get_tenants(self, context, **kw): - user_id = self._get_user_id_from_token(context.get("token_id")) + user_id = self._get_user_id_from_token(context.get('token_id')) return self.tenant_api.get_tenants_dict(user_id) @controller.protected() def add_tenant(self, context, **kw): - user_id = self._get_user_id_from_token(context.get("token_id")) + user_id = self._get_user_id_from_token(context.get('token_id')) # Next line will raise an error if tenant doesn't exist - k_tenant_dict = self.resource_api.get_project_by_name(kw.get("name", None)) + k_tenant_dict = self.resource_api.get_project_by_name(kw.get('tenant_name', None)) tenant_dict = dict() tenant_dict['id'] = k_tenant_dict['id'] - tenant_dict['name'] = kw.get("name", None) - tenant_dict['description'] = kw.get("description", None) - tenant_dict['intra_authz_ext_id'] = kw.get("intra_authz_ext_id", None) - tenant_dict['intra_admin_ext_id'] = kw.get("intra_admin_ext_id", None) + tenant_dict['name'] = kw.get('tenant_name', None) + tenant_dict['description'] = kw.get('tenant_description', None) + tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None) + tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None) return self.tenant_api.add_tenant_dict(user_id, tenant_dict) @controller.protected() def get_tenant(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - tenant_id = kw.get("tenant_id", None) - return self.tenant_api.get_tenants_dict(user_id, tenant_id) + tenant_id = kw.get('tenant_id', None) + return self.tenant_api.get_tenant_dict(user_id, tenant_id) @controller.protected() def del_tenant(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - tenant_id = kw.get("tenant_id", None) + tenant_id = kw.get('tenant_id', None) return self.tenant_api.del_tenant(user_id, tenant_id) @controller.protected() def set_tenant(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) # Next line will raise an error if tenant doesn't exist - k_tenant_dict = self.resource_api.get_project(kw.get('id', None)) - tenant_id = kw.get('id', None) + k_tenant_dict = self.resource_api.get_project(kw.get('tenant_id', None)) + tenant_id = kw.get('tenant_id', None) tenant_dict = dict() - tenant_dict['name'] = k_tenant_dict.get("name", None) - tenant_dict['description'] = kw.get("description", None) - tenant_dict['intra_authz_ext_id'] = kw.get("intra_authz_ext_id", None) - tenant_dict['intra_admin_ext_id'] = kw.get("intra_admin_ext_id", None) + tenant_dict['name'] = k_tenant_dict.get('name', None) + tenant_dict['description'] = kw.get('tenant_description', None) + tenant_dict['intra_authz_extension_id'] = kw.get('tenant_intra_authz_extension_id', None) + tenant_dict['intra_admin_extension_id'] = kw.get('tenant_intra_admin_extension_id', None) self.tenant_api.set_tenant_dict(user_id, tenant_id, tenant_dict) @@ -135,7 +123,7 @@ class IntraExtensions(controller.V3Controller): def _get_user_id_from_token(self, token_id): response = self.token_provider_api.validate_token(token_id) token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response) - return token_ref['user'] + return token_ref.get('user') # IntraExtension functions @controller.protected() @@ -147,607 +135,607 @@ class IntraExtensions(controller.V3Controller): def add_intra_extension(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) intra_extension_dict = dict() - intra_extension_dict["name"] = kw.get("intra_extension_name", None) - intra_extension_dict["model"] = kw.get("intra_extension_model", None) - intra_extension_dict["genre"] = kw.get("intra_extension_genre", None) - intra_extension_dict["description"] = kw.get("intra_extension_description", None) - intra_extension_dict["subject_categories"] = kw.get("intra_extension_subject_categories", dict()) - intra_extension_dict["object_categories"] = kw.get("intra_extension_object_categories", dict()) - intra_extension_dict["action_categories"] = kw.get("intra_extension_action_categories", dict()) - intra_extension_dict["subjects"] = kw.get("intra_extension_subjects", dict()) - intra_extension_dict["objects"] = kw.get("intra_extension_objects", dict()) - intra_extension_dict["actions"] = kw.get("intra_extension_actions", dict()) - intra_extension_dict["subject_category_scopes"] = kw.get("intra_extension_subject_category_scopes", dict()) - intra_extension_dict["object_category_scopes"] = kw.get("intra_extension_object_category_scopes", dict()) - intra_extension_dict["action_category_scopes"] = kw.get("intra_extension_action_category_scopes", dict()) - intra_extension_dict["subject_assignments"] = kw.get("intra_extension_subject_assignments", dict()) - intra_extension_dict["object_assignments"] = kw.get("intra_extension_object_assignments", dict()) - intra_extension_dict["action_assignments"] = kw.get("intra_extension_action_assignments", dict()) - intra_extension_dict["aggregation_algorithm"] = kw.get("intra_extension_aggregation_algorithm", dict()) - intra_extension_dict["sub_meta_rules"] = kw.get("intra_extension_sub_meta_rules", dict()) - intra_extension_dict["rules"] = kw.get("intra_extension_rules", dict()) + intra_extension_dict['name'] = kw.get('intra_extension_name', None) + intra_extension_dict['model'] = kw.get('intra_extension_model', None) + intra_extension_dict['genre'] = kw.get('intra_extension_genre', None) + intra_extension_dict['description'] = kw.get('intra_extension_description', None) + intra_extension_dict['subject_categories'] = kw.get('intra_extension_subject_categories', dict()) + intra_extension_dict['object_categories'] = kw.get('intra_extension_object_categories', dict()) + intra_extension_dict['action_categories'] = kw.get('intra_extension_action_categories', dict()) + intra_extension_dict['subjects'] = kw.get('intra_extension_subjects', dict()) + intra_extension_dict['objects'] = kw.get('intra_extension_objects', dict()) + intra_extension_dict['actions'] = kw.get('intra_extension_actions', dict()) + intra_extension_dict['subject_scopes'] = kw.get('intra_extension_subject_scopes', dict()) + intra_extension_dict['object_scopes'] = kw.get('intra_extension_object_scopes', dict()) + intra_extension_dict['action_scopes'] = kw.get('intra_extension_action_scopes', dict()) + intra_extension_dict['subject_assignments'] = kw.get('intra_extension_subject_assignments', dict()) + intra_extension_dict['object_assignments'] = kw.get('intra_extension_object_assignments', dict()) + intra_extension_dict['action_assignments'] = kw.get('intra_extension_action_assignments', dict()) + intra_extension_dict['aggregation_algorithm'] = kw.get('intra_extension_aggregation_algorithm', dict()) + intra_extension_dict['sub_meta_rules'] = kw.get('intra_extension_sub_meta_rules', dict()) + intra_extension_dict['rules'] = kw.get('intra_extension_rules', dict()) return self.admin_api.load_intra_extension_dict(user_id, intra_extension_dict=intra_extension_dict) @controller.protected() def get_intra_extension(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - return self.admin_api.get_intra_extensions_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_intra_extension_dict(user_id, intra_extension_id) @controller.protected() def del_intra_extension(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - self.admin_api.del_intra_extension(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + self.admin_api.del_intra_extension(user_id, intra_extension_id) @controller.protected() def set_intra_extension(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) intra_extension_dict = dict() - intra_extension_dict["name"] = kw.get("intra_extension_name", None) - intra_extension_dict["model"] = kw.get("intra_extension_model", None) - intra_extension_dict["genre"] = kw.get("intra_extension_genre", None) - intra_extension_dict["description"] = kw.get("intra_extension_description", None) - return self.admin_api.set_intra_extension_dict(user_id, ie_id, intra_extension_dict) + intra_extension_dict['name'] = kw.get('intra_extension_name', None) + intra_extension_dict['model'] = kw.get('intra_extension_model', None) + intra_extension_dict['genre'] = kw.get('intra_extension_genre', None) + intra_extension_dict['description'] = kw.get('intra_extension_description', None) + return self.admin_api.set_intra_extension_dict(user_id, intra_extension_id, intra_extension_dict) # Metadata functions @controller.protected() def get_subject_categories(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - return self.admin_api.get_subject_categories_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_subject_categories_dict(user_id, intra_extension_id) @controller.protected() def add_subject_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) subject_category_dict = dict() - subject_category_dict['name'] = kw.get("subject_category_name", None) - subject_category_dict['description'] = kw.get("subject_category_description", None) - return self.admin_api.add_subject_category(user_id, ie_id, subject_category_dict) + subject_category_dict['name'] = kw.get('subject_category_name', None) + subject_category_dict['description'] = kw.get('subject_category_description', None) + return self.admin_api.add_subject_category(user_id, intra_extension_id, subject_category_dict) @controller.protected() def get_subject_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get("subject_category_id", None) - return self.admin_api.get_subject_category_dict(user_id, ie_id, subject_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + return self.admin_api.get_subject_category_dict(user_id, intra_extension_id, subject_category_id) @controller.protected() def del_subject_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - subject_category_id = kw.get("subject_category_id", None) - self.admin_api.del_subject_category(user_id, ie_id, subject_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + self.admin_api.del_subject_category(user_id, intra_extension_id, subject_category_id) @controller.protected() def set_subject_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) subject_category_id = kw.get('subject_category_id', None) subject_category_dict = dict() - subject_category_dict['name'] = kw.get("subject_category_name", None) - subject_category_dict['description'] = kw.get("subject_category_description", None) - return self.admin_api.set_subject_category(user_id, ie_id, subject_category_id, subject_category_dict) + subject_category_dict['name'] = kw.get('subject_category_name', None) + subject_category_dict['description'] = kw.get('subject_category_description', None) + return self.admin_api.set_subject_category(user_id, intra_extension_id, subject_category_id, subject_category_dict) @controller.protected() def get_object_categories(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - return self.admin_api.get_object_categories_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_object_categories_dict(user_id, intra_extension_id) @controller.protected() def add_object_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) object_category_dict = dict() object_category_dict['name'] = kw.get('object_category_name', None) object_category_dict['description'] = kw.get('object_category_description', None) - return self.admin_api.add_object_category(user_id, ie_id, object_category_dict) + return self.admin_api.add_object_category(user_id, intra_extension_id, object_category_dict) @controller.protected() def get_object_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - object_category_id = kw.get("object_category_id", None) - return self.admin_api.get_object_categories_dict(user_id, ie_id, object_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + return self.admin_api.get_object_categories_dict(user_id, intra_extension_id, object_category_id) @controller.protected() def del_object_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - object_category_id = kw.get("object_category_id", None) - self.admin_api.del_object_category(user_id, ie_id, object_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + self.admin_api.del_object_category(user_id, intra_extension_id, object_category_id) @controller.protected() def set_object_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) object_category_id = kw.get('object_category_id', None) object_category_dict = dict() - object_category_dict['name'] = kw.get("object_category_name", None) - object_category_dict['description'] = kw.get("object_category_description", None) - return self.admin_api.set_object_category(user_id, ie_id, object_category_id, object_category_dict) + object_category_dict['name'] = kw.get('object_category_name', None) + object_category_dict['description'] = kw.get('object_category_description', None) + return self.admin_api.set_object_category(user_id, intra_extension_id, object_category_id, object_category_dict) @controller.protected() def get_action_categories(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - return self.admin_api.get_action_categories_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_action_categories_dict(user_id, intra_extension_id) @controller.protected() def add_action_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) action_category_dict = dict() - action_category_dict['name'] = kw.get("action_category_name", None) - action_category_dict['description'] = kw.get("action_category_description", None) - return self.admin_api.add_action_category(user_id, ie_id, action_category_dict) + action_category_dict['name'] = kw.get('action_category_name', None) + action_category_dict['description'] = kw.get('action_category_description', None) + return self.admin_api.add_action_category(user_id, intra_extension_id, action_category_dict) @controller.protected() def get_action_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - action_category_id = kw.get("action_category_id", None) - return self.admin_api.get_action_categories_dict(user_id, ie_id, action_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + return self.admin_api.get_action_categories_dict(user_id, intra_extension_id, action_category_id) @controller.protected() def del_action_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - action_category_id = kw.get("action_category_id", None) - self.admin_api.del_action_category(user_id, ie_id, action_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + self.admin_api.del_action_category(user_id, intra_extension_id, action_category_id) @controller.protected() def set_action_category(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) action_category_id = kw.get('action_category_id', None) action_category_dict = dict() - action_category_dict['name'] = kw.get("action_category_name", None) - action_category_dict['description'] = kw.get("action_category_description", None) - return self.admin_api.set_action_category(user_id, ie_id, action_category_id, action_category_dict) + action_category_dict['name'] = kw.get('action_category_name', None) + action_category_dict['description'] = kw.get('action_category_description', None) + return self.admin_api.set_action_category(user_id, intra_extension_id, action_category_id, action_category_dict) # Perimeter functions @controller.protected() def get_subjects(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - return self.admin_api.get_subjects_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_subjects_dict(user_id, intra_extension_id) @controller.protected() def add_subject(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) + intra_extension_id = kw.get('intra_extension_id', None) subject_dict = dict() - subject_dict['name'] = kw.get("subject_name", None) - subject_dict['description'] = kw.get("description", None) - return self.admin_api.add_subject_dict(user_id, ie_id, subject_dict) + subject_dict['name'] = kw.get('subject_name', None) + subject_dict['description'] = kw.get('description', None) + return self.admin_api.add_subject_dict(user_id, intra_extension_id, subject_dict) @controller.protected() def get_subject(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - subject_id = kw.get("subject_id", None) - return self.admin_api.get_subject_dict(user_id, ie_id, subject_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + return self.admin_api.get_subject_dict(user_id, intra_extension_id, subject_id) @controller.protected() def del_subject(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - subject_id = kw.get("subject_id", None) - self.admin_api.del_subject(user_id, ie_id, subject_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + self.admin_api.del_subject(user_id, intra_extension_id, subject_id) @controller.protected() def set_subject(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - subject_id = kw.get("subject_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) subject_dict = dict() - subject_dict['name'] = kw.get("subject_name", None) - subject_dict['description'] = kw.get("subject_description", None) - return self.admin_api.set_subject_dict(user_id, ie_id, subject_id, subject_dict) + subject_dict['name'] = kw.get('subject_name', None) + subject_dict['description'] = kw.get('subject_description', None) + return self.admin_api.set_subject_dict(user_id, intra_extension_id, subject_id, subject_dict) @controller.protected() def get_objects(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - return self.admin_api.get_objects_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_objects_dict(user_id, intra_extension_id) @controller.protected() def add_object(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) + intra_extension_id = kw.get('intra_extension_id', None) object_dict = dict() - object_dict['name'] = kw.get("object_name", None) - object_dict['description'] = kw.get("object_description", None) - return self.admin_api.add_object_dict(user_id, ie_id, object_dict) + object_dict['name'] = kw.get('object_name', None) + object_dict['description'] = kw.get('object_description', None) + return self.admin_api.add_object_dict(user_id, intra_extension_id, object_dict) @controller.protected() def get_object(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_id = kw.get("object_id", None) - return self.admin_api.get_objects_dict(user_id, ie_id, object_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + return self.admin_api.get_objects_dict(user_id, intra_extension_id, object_id) @controller.protected() def del_object(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_id = kw.get("object_id", None) - self.admin_api.del_object(user_id, ie_id, object_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + self.admin_api.del_object(user_id, intra_extension_id, object_id) @controller.protected() def set_object(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - object_id = kw.get("object_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) object_dict = dict() - object_dict['name'] = kw.get("object_name", None) - object_dict['description'] = kw.get("object_description", None) - return self.admin_api.set_object_dict(user_id, ie_id, object_id, object_dict) + object_dict['name'] = kw.get('object_name', None) + object_dict['description'] = kw.get('object_description', None) + return self.admin_api.set_object_dict(user_id, intra_extension_id, object_id, object_dict) @controller.protected() def get_actions(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - return self.admin_api.get_actions_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_actions_dict(user_id, intra_extension_id) @controller.protected() def add_action(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) + intra_extension_id = kw.get('intra_extension_id', None) action_dict = dict() - action_dict['name'] = kw.get("action_name", None) - action_dict['description'] = kw.get("action_description", None) - return self.admin_api.add_action_dict(user_id, ie_id, action_dict) + action_dict['name'] = kw.get('action_name', None) + action_dict['description'] = kw.get('action_description', None) + return self.admin_api.add_action_dict(user_id, intra_extension_id, action_dict) @controller.protected() def get_action(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_id = kw.get("action_id", None) - return self.admin_api.get_actions_dict(user_id, ie_id, action_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + return self.admin_api.get_actions_dict(user_id, intra_extension_id, action_id) @controller.protected() def del_action(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_id = kw.get("action_id", None) - self.admin_api.del_action(user_id, ie_id, action_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + self.admin_api.del_action(user_id, intra_extension_id, action_id) @controller.protected() def set_action(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get('intra_extension_id', None) - action_id = kw.get("action_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) action_dict = dict() - action_dict['name'] = kw.get("action_name", None) - action_dict['description'] = kw.get("action_description", None) - return self.admin_api.set_action_dict(user_id, ie_id, action_id, action_dict) + action_dict['name'] = kw.get('action_name', None) + action_dict['description'] = kw.get('action_description', None) + return self.admin_api.set_action_dict(user_id, intra_extension_id, action_id, action_dict) # Scope functions @controller.protected() def get_subject_scopes(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_category_id = kw.get("subject_category_id", None) - return self.admin_api.get_subject_scopes_dict(user_id, ie_id, subject_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + return self.admin_api.get_subject_scopes_dict(user_id, intra_extension_id, subject_category_id) @controller.protected() def add_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_category_id = kw.get("subject_category_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) subject_scope_dict = dict() - subject_scope_dict['name'] = kw.get("subject_scope_name", None) - subject_scope_dict['description'] = kw.get("subject_scope_description", None) - return self.admin_api.add_subject_scope_dict(user_id, ie_id, subject_category_id, subject_scope_dict) + subject_scope_dict['name'] = kw.get('subject_scope_name', None) + subject_scope_dict['description'] = kw.get('subject_scope_description', None) + return self.admin_api.add_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_dict) @controller.protected() def get_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_category_id = kw.get("subject_category_id", None) - subject_scope_id = kw.get("subject_scope_id", None) - return self.admin_api.get_subject_scope_dict(user_id, ie_id, subject_category_id, subject_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + return self.admin_api.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_id) @controller.protected() def del_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_category_id = kw.get("subject_category_id", None) - subject_scope_id = kw.get("subject_scope_id", None) - self.admin_api.del_subject_scope(user_id, ie_id, subject_category_id, subject_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + self.admin_api.del_subject_scope(user_id, intra_extension_id, subject_category_id, subject_scope_id) @controller.protected() def set_subject_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_category_id = kw.get("subject_category_id", None) - subject_scope_id = kw.get("subject_scope_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) subject_scope_dict = dict() - subject_scope_dict['name'] = kw.get("subject_scope_name", None) - subject_scope_dict['description'] = kw.get("subject_scope_description", None) - return self.admin_api.set_subject_scope_dict(user_id, ie_id, subject_category_id, subject_scope_id, subject_scope_dict) + subject_scope_dict['name'] = kw.get('subject_scope_name', None) + subject_scope_dict['description'] = kw.get('subject_scope_description', None) + return self.admin_api.set_subject_scope_dict(user_id, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict) @controller.protected() def get_object_scopes(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_category_id = kw.get("object_category_id", None) - return self.admin_api.get_object_scopes_dict(user_id, ie_id, object_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + return self.admin_api.get_object_scopes_dict(user_id, intra_extension_id, object_category_id) @controller.protected() def add_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_category_id = kw.get("object_category_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) object_scope_dict = dict() - object_scope_dict['name'] = kw.get("object_scope_name", None) - object_scope_dict['description'] = kw.get("object_scope_description", None) - return self.admin_api.add_object_scope_dict(user_id, ie_id, object_category_id, object_scope_dict) + object_scope_dict['name'] = kw.get('object_scope_name', None) + object_scope_dict['description'] = kw.get('object_scope_description', None) + return self.admin_api.add_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_dict) @controller.protected() def get_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_category_id = kw.get("object_category_id", None) - object_scope_id = kw.get("object_scope_id", None) - return self.admin_api.get_object_scopes_dict(user_id, ie_id, object_category_id, object_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + return self.admin_api.get_object_scopes_dict(user_id, intra_extension_id, object_category_id, object_scope_id) @controller.protected() def del_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_category_id = kw.get("object_category_id", None) - object_scope_id = kw.get("object_scope_id", None) - self.admin_api.del_object_scope(user_id, ie_id, object_category_id, object_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + self.admin_api.del_object_scope(user_id, intra_extension_id, object_category_id, object_scope_id) @controller.protected() def set_object_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_category_id = kw.get("object_category_id", None) - object_scope_id = kw.get("object_scope_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) object_scope_dict = dict() - object_scope_dict['name'] = kw.get("object_scope_name", None) - object_scope_dict['description'] = kw.get("object_scope_description", None) - return self.admin_api.set_object_scope_dict(user_id, ie_id, object_category_id, object_scope_id, object_scope_dict) + object_scope_dict['name'] = kw.get('object_scope_name', None) + object_scope_dict['description'] = kw.get('object_scope_description', None) + return self.admin_api.set_object_scope_dict(user_id, intra_extension_id, object_category_id, object_scope_id, object_scope_dict) @controller.protected() def get_action_scopes(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_category_id = kw.get("action_category_id", None) - return self.admin_api.get_action_scopes_dict(user_id, ie_id, action_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + return self.admin_api.get_action_scopes_dict(user_id, intra_extension_id, action_category_id) @controller.protected() def add_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_category_id = kw.get("action_category_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) action_scope_dict = dict() - action_scope_dict['name'] = kw.get("action_scope_name", None) - action_scope_dict['description'] = kw.get("action_scope_description", None) - return self.admin_api.add_action_scope_dict(user_id, ie_id, action_category_id, action_scope_dict) + action_scope_dict['name'] = kw.get('action_scope_name', None) + action_scope_dict['description'] = kw.get('action_scope_description', None) + return self.admin_api.add_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_dict) @controller.protected() def get_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_category_id = kw.get("action_category_id", None) - action_scope_id = kw.get("action_scope_id", None) - return self.admin_api.get_action_scopes_dict(user_id, ie_id, action_category_id, action_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + return self.admin_api.get_action_scopes_dict(user_id, intra_extension_id, action_category_id, action_scope_id) @controller.protected() def del_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_category_id = kw.get("action_category_id", None) - action_scope_id = kw.get("action_scope_id", None) - self.admin_api.del_action_scope(user_id, ie_id, action_category_id, action_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + self.admin_api.del_action_scope(user_id, intra_extension_id, action_category_id, action_scope_id) @controller.protected() def set_action_scope(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_category_id = kw.get("action_category_id", None) - action_scope_id = kw.get("action_scope_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) action_scope_dict = dict() - action_scope_dict['name'] = kw.get("action_scope_name", None) - action_scope_dict['description'] = kw.get("action_scope_description", None) - return self.admin_api.set_action_scope_dict(user_id, ie_id, action_category_id, action_scope_id, action_scope_dict) + action_scope_dict['name'] = kw.get('action_scope_name', None) + action_scope_dict['description'] = kw.get('action_scope_description', None) + return self.admin_api.set_action_scope_dict(user_id, intra_extension_id, action_category_id, action_scope_id, action_scope_dict) # Assignment functions @controller.protected() def add_subject_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_id = kw.get("subject_id", None) - subject_category_id = kw.get("subject_category_id", None) - subject_scope_id = kw.get("subject_scope_id", None) - return self.admin_api.add_subject_assignment_list(user_id, ie_id, subject_id, subject_category_id, subject_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + return self.admin_api.add_subject_assignment_list(user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id) @controller.protected() def get_subject_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_id = kw.get("subject_id", None) - subject_category_id = kw.get("subject_category_id", None) - return self.admin_api.get_subject_assignment_list(user_id, ie_id, subject_id, subject_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_category_id = kw.get('subject_category_id', None) + return self.admin_api.get_subject_assignment_list(user_id, intra_extension_id, subject_id, subject_category_id) @controller.protected() def del_subject_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - subject_id = kw.get("subject_id", None) - subject_category_id = kw.get("subject_category_id", None) - subject_scope_id = kw.get("subject_scope_id", None) - self.admin_api.del_subject_assignment(user_id, ie_id, subject_id, subject_category_id, subject_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + subject_id = kw.get('subject_id', None) + subject_category_id = kw.get('subject_category_id', None) + subject_scope_id = kw.get('subject_scope_id', None) + self.admin_api.del_subject_assignment(user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id) @controller.protected() def add_object_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_id = kw.get("object_id", None) - object_category_id = kw.get("object_category_id", None) - object_scope_id = kw.get("object_scope_id", None) - return self.admin_api.add_objecty_assignment_list(user_id, ie_id, object_id, object_category_id, object_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + return self.admin_api.add_objecty_assignment_list(user_id, intra_extension_id, object_id, object_category_id, object_scope_id) @controller.protected() def get_object_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_id = kw.get("object_id", None) - object_category_id = kw.get("object_category_id", None) - return self.admin_api.get_object_assignment_list(user_id, ie_id, object_id, object_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_category_id = kw.get('object_category_id', None) + return self.admin_api.get_object_assignment_list(user_id, intra_extension_id, object_id, object_category_id) @controller.protected() def del_object_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - object_id = kw.get("object_id", None) - object_category_id = kw.get("object_category_id", None) - object_scope_id = kw.get("object_scope_id", None) - self.admin_api.del_object_assignment(user_id, ie_id, object_id, object_category_id, object_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + object_id = kw.get('object_id', None) + object_category_id = kw.get('object_category_id', None) + object_scope_id = kw.get('object_scope_id', None) + self.admin_api.del_object_assignment(user_id, intra_extension_id, object_id, object_category_id, object_scope_id) @controller.protected() def add_action_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_id = kw.get("action_id", None) - action_category_id = kw.get("action_category_id", None) - action_scope_id = kw.get("action_scope_id", None) - return self.admin_api.add_action_assignment_list(user_id, ie_id, action_id, action_category_id, action_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + return self.admin_api.add_action_assignment_list(user_id, intra_extension_id, action_id, action_category_id, action_scope_id) @controller.protected() def get_action_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_id = kw.get("action_id", None) - action_category_id = kw.get("action_category_id", None) - return self.admin_api.get_action_assignment_list(user_id, ie_id, action_id, action_category_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_category_id = kw.get('action_category_id', None) + return self.admin_api.get_action_assignment_list(user_id, intra_extension_id, action_id, action_category_id) @controller.protected() def del_action_assignment(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - action_id = kw.get("action_id", None) - action_category_id = kw.get("action_category_id", None) - action_scope_id = kw.get("action_scope_id", None) - self.admin_api.del_action_assignment(user_id, ie_id, action_id, action_category_id, action_scope_id) + intra_extension_id = kw.get('intra_extension_id', None) + action_id = kw.get('action_id', None) + action_category_id = kw.get('action_category_id', None) + action_scope_id = kw.get('action_scope_id', None) + self.admin_api.del_action_assignment(user_id, intra_extension_id, action_id, action_category_id, action_scope_id) # Metarule functions @controller.protected() def set_aggregation_algorithm(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - aggregation_algorithm_id = kw.get("aggregation_algorithm_id", None) - aggregation_algorithm_dict = kw.get("aggregation_algorithm_dict", None) - return self.admin_api.set_aggregation_algorithm_dict(user_id, ie_id, aggregation_algorithm_id, aggregation_algorithm_dict) + intra_extension_id = kw.get('intra_extension_id', None) + aggregation_algorithm_id = kw.get('aggregation_algorithm_id', None) + aggregation_algorithm_dict = kw.get('aggregation_algorithm_dict', None) + return self.admin_api.set_aggregation_algorithm_dict(user_id, intra_extension_id, aggregation_algorithm_id, aggregation_algorithm_dict) @controller.protected() def get_aggregation_algorithm(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - return self.admin_api.get_aggregation_algorithms_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_aggregation_algorithms_dict(user_id, intra_extension_id) @controller.protected() def get_sub_meta_rules(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - return self.admin_api.get_sub_meta_rules_dict(user_id, ie_id) + intra_extension_id = kw.get('intra_extension_id', None) + return self.admin_api.get_sub_meta_rules_dict(user_id, intra_extension_id) @controller.protected() def add_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) + intra_extension_id = kw.get('intra_extension_id', None) sub_meta_rule_dict = dict() sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None) sub_meta_rule_dict['algorithm'] = kw.get('sub_meta_rule_algorithm', None) sub_meta_rule_dict['subject_categories'] = kw.get('sub_meta_rule_subject_categories', None) sub_meta_rule_dict['object_categories'] = kw.get('sub_meta_rule_object_categories', None) sub_meta_rule_dict['action_categories'] = kw.get('sub_meta_rule_action_categories', None) - return self.admin_api.add_sub_meta_rule_dict(user_id, ie_id, sub_meta_rule_dict) + return self.admin_api.add_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_dict) @controller.protected() def get_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) - return self.admin_api.get_sub_meta_rules_dict(user_id, ie_id, sub_meta_rule_id) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + return self.admin_api.get_sub_meta_rules_dict(user_id, intra_extension_id, sub_meta_rule_id) @controller.protected() def del_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id") - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) - self.admin_api.del_sub_meta_rule(user_id, ie_id, sub_meta_rule_id) + intra_extension_id = kw.get('intra_extension_id') + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + self.admin_api.del_sub_meta_rule(user_id, intra_extension_id, sub_meta_rule_id) @controller.protected() def set_sub_meta_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) sub_meta_rule_dict = dict() sub_meta_rule_dict['name'] = kw.get('sub_meta_rule_name', None) sub_meta_rule_dict['algorithm'] = kw.get('sub_meta_rule_algorithm', None) sub_meta_rule_dict['subject_categories'] = kw.get('sub_meta_rule_subject_categories', None) sub_meta_rule_dict['object_categories'] = kw.get('sub_meta_rule_object_categories', None) sub_meta_rule_dict['action_categories'] = kw.get('sub_meta_rule_action_categories', None) - return self.admin_api.set_sub_meta_rule_dict(user_id, ie_id, sub_meta_rule_id, sub_meta_rule_dict) + return self.admin_api.set_sub_meta_rule_dict(user_id, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict) # Rules functions @controller.protected() def get_rules(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) - return self.admin_api.get_rules_dict(user_id, ie_id, sub_meta_rule_id) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + return self.admin_api.get_rules_dict(user_id, intra_extension_id, sub_meta_rule_id) @controller.protected() def add_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) rule_list = list() subject_category_list = kw.get('subject_categories', []) object_category_list = kw.get('object_categories', []) action_category_list = kw.get('action_categories', []) rule_list = subject_category_list + action_category_list + object_category_list - return self.admin_api.add_rule_list(user_id, ie_id, sub_meta_rule_id, rule_list) + return self.admin_api.add_rule_list(user_id, intra_extension_id, sub_meta_rule_id, rule_list) @controller.protected() def get_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) - rule_id = kw.get("rule_id", None) - return self.admin_api.get_rules_dict(user_id, ie_id, sub_meta_rule_id, rule_id) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + rule_id = kw.get('rule_id', None) + return self.admin_api.get_rules_dict(user_id, intra_extension_id, sub_meta_rule_id, rule_id) @controller.protected() def del_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) - rule_id = kw.get("rule_id", None) - self.admin_api.del_rule(user_id, ie_id, sub_meta_rule_id, rule_id) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + rule_id = kw.get('rule_id', None) + self.admin_api.del_rule(user_id, intra_extension_id, sub_meta_rule_id, rule_id) @controller.protected() def set_rule(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - ie_id = kw.get("intra_extension_id", None) - sub_meta_rule_id = kw.get("sub_meta_rule_id", None) - rule_id = kw.get("rule_id", None) + intra_extension_id = kw.get('intra_extension_id', None) + sub_meta_rule_id = kw.get('sub_meta_rule_id', None) + rule_id = kw.get('rule_id', None) rule_list = list() subject_category_list = kw.get('subject_categories', []) object_category_list = kw.get('object_categories', []) action_category_list = kw.get('action_categories', []) rule_list = subject_category_list + action_category_list + object_category_list - return self.admin_api.set_rule_list(user_id, ie_id, sub_meta_rule_id, rule_id, rule_list) + return self.admin_api.set_rule_list(user_id, intra_extension_id, sub_meta_rule_id, rule_id, rule_list) @dependency.requires('authz_api') @@ -765,7 +753,7 @@ class InterExtensions(controller.V3Controller): # def get_inter_extensions(self, context, **kw): # user = self._get_user_from_token(context.get('token_id')) # return { - # "inter_extensions": + # 'inter_extensions': # self.interextension_api.get_inter_extensions() # } @@ -773,7 +761,7 @@ class InterExtensions(controller.V3Controller): # def get_inter_extension(self, context, **kw): # user = self._get_user_from_token(context.get('token_id')) # return { - # "inter_extensions": + # 'inter_extensions': # self.interextension_api.get_inter_extension(uuid=kw['inter_extension_id']) # } @@ -785,9 +773,9 @@ class InterExtensions(controller.V3Controller): # @controller.protected() # def delete_inter_extension(self, context, **kw): # user = self._get_user_from_token(context.get('token_id')) - # if "inter_extension_id" not in kw: + # if 'inter_extension_id' not in kw: # raise exception.Error - # return self.interextension_api.delete_inter_extension(kw["inter_extension_id"]) + # return self.interextension_api.delete_inter_extension(kw['inter_extension_id']) @dependency.requires('moonlog_api', 'authz_api') @@ -804,6 +792,6 @@ class Logs(controller.V3Controller): @controller.protected() def get_logs(self, context, **kw): user_id = self._get_user_id_from_token(context.get('token_id')) - options = kw.get("options", "") + options = kw.get('options', '') return self.moonlog_api.get_logs(user_id, options) diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py index 455975a3..33f80b59 100644 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@ -266,31 +266,39 @@ class ConfigurationManager(manager.Manager): def get_policy_templates_dict(self, user_id): """ Return a dictionary of all policy templates - :return: {template_id: {name: temp_name, description: template_description}, ...} + :return: { + template_id1: {name: template_name, description: template_description}, + template_id2: {name: template_name, description: template_description}, + ... + } """ return self.driver.get_policy_templates_dict() @enforce("read", "templates") def get_policy_template_id_from_name(self, user_id, policy_template_name): - policy_template_dict = self.driver.get_policy_templates_dict() - for policy_template_id in policy_template_dict: - if policy_template_dict[policy_template_id]['name'] == policy_template_name: + policy_templates_dict = self.driver.get_policy_templates_dict() + for policy_template_id in policy_templates_dict: + if policy_templates_dict[policy_template_id]['name'] is policy_template_name: return policy_template_id return None @enforce("read", "aggregation_algorithms") def get_aggregation_algorithms_dict(self, user_id): """ - Return a dictionary of all aggregation algorithm - :return: {aggre_algo_id: {name: aggre_name, description: aggre_algo_description}, ...} + Return a dictionary of all aggregation algorithms + :return: { + aggre_algo_id1: {name: aggre_name, description: aggre_algo_description}, + aggre_algo_id2: {name: aggre_name, description: aggre_algo_description}, + ... + } """ return self.driver.get_aggregation_algorithms_dict() @enforce("read", "aggregation_algorithms") def get_aggregation_algorithm_id_from_name(self, user_id, aggregation_algorithm_name): - aggregation_algorithm_dict = self.driver.get_aggregation_algorithms_dict() - for aggregation_algorithm_id in aggregation_algorithm_dict: - if aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == aggregation_algorithm_name: + aggregation_algorithms_dict = self.driver.get_aggregation_algorithms_dict() + for aggregation_algorithm_id in aggregation_algorithms_dict: + if aggregation_algorithms_dict[aggregation_algorithm_id]['name'] is aggregation_algorithm_name: return aggregation_algorithm_id return None @@ -298,18 +306,23 @@ class ConfigurationManager(manager.Manager): def get_sub_meta_rule_algorithms_dict(self, user_id): """ Return a dictionary of sub_meta_rule algorithm - :return: {sub_meta_rule_id: {name: sub_meta_rule_name, description: sub_meta_rule_description}, } + :return: { + sub_meta_rule_id1: {name: sub_meta_rule_name, description: sub_meta_rule_description}, + sub_meta_rule_id2: {name: sub_meta_rule_name, description: sub_meta_rule_description}, + ... + } """ return self.driver.get_sub_meta_rule_algorithms_dict() @enforce("read", "sub_meta_rule_algorithms") def get_sub_meta_rule_algorithm_id_from_name(self, sub_meta_rule_algorithm_name): - sub_meta_rule_algorithm_dict = self.driver.get_sub_meta_rule_algorithms_dict() - for sub_meta_rule_algorithm_id in sub_meta_rule_algorithm_dict: - if sub_meta_rule_algorithm_dict[sub_meta_rule_algorithm_id]['name'] == sub_meta_rule_algorithm_name: + sub_meta_rule_algorithms_dict = self.driver.get_sub_meta_rule_algorithms_dict() + for sub_meta_rule_algorithm_id in sub_meta_rule_algorithms_dict: + if sub_meta_rule_algorithms_dict[sub_meta_rule_algorithm_id]['name'] is sub_meta_rule_algorithm_name: return sub_meta_rule_algorithm_id return None + @dependency.provider('tenant_api') @dependency.requires('moonlog_api', 'admin_api', 'configuration_api') class TenantManager(manager.Manager): @@ -340,31 +353,40 @@ class TenantManager(manager.Manager): def add_tenant_dict(self, user_id, tenant_dict): tenants_dict = self.driver.get_tenants_dict() for tenant_id in tenants_dict: - if tenants_dict[tenant_id]['name'] == tenant_dict['name']: + if tenants_dict[tenant_id]['name'] is tenant_dict['name']: raise TenantAddedNameExisting() - # Sync users between intra_authz_extension_id and intra_admin_extension_id + # Sync users between intra_authz_extension and intra_admin_extension if tenant_dict['intra_admin_extension_id']: if not tenant_dict['intra_authz_extension_id']: raise TenantNoIntraAuthzExtension() authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id']) admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id']) - admin_subjects__name_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict] - authz_subjects__name_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] for _subject_id in authz_subjects_dict: - if authz_subjects_dict[_subject_id]["name"] not in authz_subjects__name_list: + if _subject_id not in admin_subjects_dict: self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) for _subject_id in admin_subjects_dict: - if admin_subjects_dict[_subject_id]["name"] not in admin_subjects__name_list: + if _subject_id not in authz_subjects_dict: self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) + # TODO (dthom): check whether we can replace the below code by the above one + # authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id']) + # authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict] + # admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id']) + # admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict] + # for _subject_id in authz_subjects_dict: + # if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list: + # self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) + # for _subject_id in admin_subjects_dict: + # if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list: + # self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) + return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict) @filter_input @enforce("read", "tenants") def get_tenant_dict(self, user_id, tenant_id): tenants_dict = self.driver.get_tenants_dict() - print("get_tenant_dict", tenant_id, tenants_dict) if tenant_id not in tenants_dict: raise TenantUnknown() return tenants_dict[tenant_id] @@ -383,24 +405,24 @@ class TenantManager(manager.Manager): if tenant_id not in tenants_dict: raise TenantUnknown() - # Sync users between intra_authz_extension_id and intra_admin_extension_id + # Sync users between intra_authz_extension and intra_admin_extension if tenant_dict['intra_admin_extension_id']: if not tenant_dict['intra_authz_extension_id']: raise TenantNoIntraAuthzExtension - else: - authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id']) - admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id']) - for _subject_id in authz_subjects_dict: - if _subject_id not in admin_subjects_dict: - self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) - for _subject_id in admin_subjects_dict: - if _subject_id not in authz_subjects_dict: - self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) + authz_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id']) + admin_subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id']) + for _subject_id in authz_subjects_dict: + if _subject_id not in admin_subjects_dict: + self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id]) + for _subject_id in admin_subjects_dict: + if _subject_id not in authz_subjects_dict: + self.admin_api.add_subject_dict(ADMIN_ID, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id]) return self.driver.set_tenant_dict(tenant_id, tenant_dict) + # TODO (dthom): move the following 2 functions to perimeter functions @filter_input - def get_subject_from_keystone_id(self, tenant_id, intra_extension_id, keystone_id): + def get_subject_dict_from_keystone_id(self, tenant_id, intra_extension_id, keystone_id): tenants_dict = self.driver.get_tenants_dict() if tenant_id not in tenants_dict: raise TenantUnknown() @@ -411,11 +433,11 @@ class TenantManager(manager.Manager): # and not the subject ID in the requested intra_extension. subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, intra_extension_id) for subject_id in subjects_dict: - if keystone_id == subjects_dict[subject_id]['keystone_id']: + if keystone_id is subjects_dict[subject_id]['keystone_id']: return {subject_id: subjects_dict[subject_id]} @filter_input - def get_subject_from_keystone_name(self, tenant_id, intra_extension_id, keystone_name): + def get_subject_dict_from_keystone_name(self, tenant_id, intra_extension_id, keystone_name): tenants_dict = self.driver.get_tenants_dict() if tenant_id not in tenants_dict: raise TenantUnknown() @@ -426,7 +448,7 @@ class TenantManager(manager.Manager): # keystone_name and not the subject ID in the requested intra_extension. subjects_dict = self.admin_api.get_subjects_dict(ADMIN_ID, intra_extension_id) for subject_id in subjects_dict: - if keystone_name == subjects_dict[subject_id]['keystone_name']: + if keystone_name is subjects_dict[subject_id]['keystone_name']: return {subject_id: subjects_dict[subject_id]} @@ -444,14 +466,13 @@ class IntraExtensionManager(manager.Manager): :param object_id: :param action_id: :return: authz_buffer = { - 'subject_uuid': xxx, - 'object_uuid': yyy, - 'action_uuid': zzz, + 'subject_id': xxx, + 'object_id': yyy, + 'action_id': zzz, 'subject_assignments': { 'subject_category1': [], 'subject_category2': [], ... - 'subject_categoryn': [] }, 'object_assignments': {}, 'action_assignments': {}, @@ -496,14 +517,7 @@ class IntraExtensionManager(manager.Manager): :param object_id: object UUID of the request :param action_id: action UUID of the request :return: True or False or raise an exception - :raises: (in that order) - IntraExtensionNotFound - SubjectUnknown - ObjectUnknown - ActionUnknown - SubjectCategoryAssignmentUnknown - ObjectCategoryAssignmentUnknown - ActionCategoryAssignmentUnknown + :raises: """ authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id) decision_buffer = dict() @@ -523,11 +537,11 @@ class IntraExtensionManager(manager.Manager): meta_rule_dict[sub_meta_rule_id], self.driver.get_rules_dict(intra_extension_id, sub_meta_rule_id).values()) - aggregation = self.driver.get_aggregation_algorithm_dict(intra_extension_id) + aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict(intra_extension_id) # We suppose here that we have only one aggregation algorithm for one intra_extension - # TODO: need more work on this part of the model - aggregation_id = aggregation.keys()[0] - if aggregation[aggregation_id]['name'] == 'all_true': + # TODO: need more work on this part of the model HR: what to do? + aggregation_algorithm_id = aggregation_algorithm_dict.keys()[0] + if aggregation_algorithm_dict[aggregation_algorithm_id]['name'] == 'all_true': decision = all_true(decision_buffer) if not decision: raise AuthzException("{} {}-{}-{}".format(intra_extension_id, subject_id, action_id, object_id)) @@ -541,6 +555,7 @@ class IntraExtensionManager(manager.Manager): intra_extension_id1: { name: xxx, model: yyy, + genre, authz, description: zzz} }, intra_extension_id2: {...}, @@ -808,25 +823,32 @@ class IntraExtensionManager(manager.Manager): ie_dict["description"] = filter_input(intra_extension_dict["description"]) ref = self.driver.set_intra_extension_dict(ie_dict['id'], ie_dict) self.moonlog_api.debug("Creation of IE: {}".format(ref)) - # read the profile given by "policymodel" and populate default variables - policy_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"]) - self.__load_metadata_file(ie_dict, policy_dir) - self.__load_perimeter_file(ie_dict, policy_dir) - self.__load_scope_file(ie_dict, policy_dir) - self.__load_assignment_file(ie_dict, policy_dir) - self.__load_metarule_file(ie_dict, policy_dir) - self.__load_rule_file(ie_dict, policy_dir) + # read the template given by "model" and populate default variables + template_dir = os.path.join(CONF.moon.policy_directory, ie_dict["model"]) + self.__load_metadata_file(ie_dict, template_dir) + self.__load_perimeter_file(ie_dict, template_dir) + self.__load_scope_file(ie_dict, template_dir) + self.__load_assignment_file(ie_dict, template_dir) + self.__load_metarule_file(ie_dict, template_dir) + self.__load_rule_file(ie_dict, template_dir) return ref @enforce("read", "intra_extensions") def get_intra_extension_dict(self, user_id, intra_extension_id): """ :param user_id: - :return: {intra_extension_id: intra_extension_name, ...} + :return: { + intra_extension_id: { + name: xxx, + model: yyy, + genre: authz, + description: xxx} + } """ - if intra_extension_id not in self.driver.get_intra_extensions_dict(): + intra_extensions_dict = self.driver.get_intra_extensions_dict() + if intra_extension_id not in intra_extensions_dict: raise IntraExtensionUnknown() - return self.driver.get_intra_extensions_dict()[intra_extension_id] + return intra_extensions_dict[intra_extension_id] @enforce(("read", "write"), "intra_extensions") def del_intra_extension(self, user_id, intra_extension_id): @@ -1518,10 +1540,7 @@ class IntraExtensionManager(manager.Manager): :param user_id: :param intra_extension_id: :return: { - aggregation_algorithm_id: { - name: xxx, - description: yyy - } + aggregation_algorithm_id: {name: xxx, description: yyy} } """ aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict(intra_extension_id) @@ -1667,31 +1686,32 @@ class IntraExtensionAuthzManager(IntraExtensionManager): """Check authorization for a particular action. :return: True or False or raise an exception """ - print("AUTHZ", tenant_name, subject_name, object_name, action_name, genre) if genre == "authz": genre = "intra_authz_extension_id" elif genre == "admin": genre = "intra_admin_extension_id" + tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID) tenant_id = None for _tenant_id in tenants_dict: - if tenants_dict[_tenant_id]["name"] == tenant_name: + if tenants_dict[_tenant_id]["name"] is tenant_name: tenant_id = _tenant_id break - - intra_extension_id = self.tenant_api.get_tenant_dict(ADMIN_ID, tenant_id)[genre] + if not tenant_id: + raise TenantUnknown + intra_extension_id = tenants_dict[tenant_id][genre] if not intra_extension_id: raise TenantNoIntraExtension() subjects_dict = self.driver.get_subjects_dict(intra_extension_id) subject_id = None for _subject_id in subjects_dict: - if subjects_dict[_subject_id]['keystone_name'] == subject_name: + if subjects_dict[_subject_id]['keystone_name'] is subject_name: subject_id = subjects_dict[_subject_id]['keystone_id'] - # subject_id = _subject_id break if not subject_id: raise SubjectUnknown() + objects_dict = self.driver.get_objects_dict(intra_extension_id) object_id = None for _object_id in objects_dict: @@ -1700,6 +1720,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager): break if not object_id: raise ObjectUnknown() + actions_dict = self.driver.get_actions_dict(intra_extension_id) action_id = None for _action_id in actions_dict: |