diff options
author | ReemMahmoud <rfawzy.ext@orange.com> | 2018-04-12 14:39:39 +0200 |
---|---|---|
committer | Thomas Duval <thomas.duval@orange.com> | 2018-04-18 10:52:41 +0200 |
commit | e93c1de651a76f06ef0a3f247db4be5a40860139 (patch) | |
tree | 06006954880e94947aaa7611b4490ce811d040ba /python_moondb/python_moondb | |
parent | 85209d217c85ada8a55487f5c77fb2990ad0c209 (diff) |
Check data before category
Change-Id: I7e523a08fcfd3f9ea322a399c71637f268cbb38e
Signed-off-by: ReemMahmoud <rfawzy.ext@orange.com>
Diffstat (limited to 'python_moondb/python_moondb')
-rw-r--r-- | python_moondb/python_moondb/__init__.py | 2 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/model.py | 33 | ||||
-rw-r--r-- | python_moondb/python_moondb/api/policy.py | 15 | ||||
-rw-r--r-- | python_moondb/python_moondb/backends/sql.py | 19 |
4 files changed, 65 insertions, 4 deletions
diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py index b266a9d4..287558f7 100644 --- a/python_moondb/python_moondb/__init__.py +++ b/python_moondb/python_moondb/__init__.py @@ -3,5 +3,5 @@ # license which can be found in the file 'LICENSE' in this package distribution # or at 'http://www.apache.org/licenses/LICENSE-2.0'. -__version__ = "1.2.8" +__version__ = "1.2.9" diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py index 57857cd2..f5858662 100644 --- a/python_moondb/python_moondb/api/model.py +++ b/python_moondb/python_moondb/api/model.py @@ -9,7 +9,6 @@ from python_moonutilities import exceptions from python_moonutilities.security_functions import filter_input, enforce from python_moondb.api.managers import Managers - logger = logging.getLogger("moon.db.api.model") @@ -30,6 +29,10 @@ class ModelManager(Managers): if model_id not in self.driver.get_models(model_id=model_id): raise exceptions.ModelUnknown # TODO (asteroide): check that no policy is connected to this model + policies = Managers.PolicyManager.get_policies(user_id=user_id) + for policy in policies: + if policies[policy]['model_id'] == model_id: + raise exceptions.DeleteModelWithPolicy return self.driver.delete_model(model_id=model_id) @enforce(("read", "write"), "models") @@ -65,6 +68,10 @@ class ModelManager(Managers): if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): raise exceptions.MetaRuleUnknown # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule + models = self.get_models(user_id=user_id) + for model_id in models: + if models[model_id]['meta_rules'] == meta_rule_id: + raise exceptions.DeleteMetaRuleWithModel return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id) @enforce("read", "meta_data") @@ -83,6 +90,13 @@ class ModelManager(Managers): # TODO (asteroide): delete all meta_rules linked to that category if category_id not in self.driver.get_subject_categories(category_id=category_id): raise exceptions.SubjectCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: + if subject_category_id == category_id: + raise exceptions.DeleteCategoryWithMetaRule + if self.driver.is_subject_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData return self.driver.delete_subject_category(category_id=category_id) @enforce("read", "meta_data") @@ -101,6 +115,13 @@ class ModelManager(Managers): # TODO (asteroide): delete all meta_rules linked to that category if category_id not in self.driver.get_object_categories(category_id=category_id): raise exceptions.ObjectCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for object_category_id in meta_rules[meta_rule_id]['object_categories']: + if object_category_id == category_id: + raise exceptions.DeleteCategoryWithMetaRule + if self.driver.is_object_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData return self.driver.delete_object_category(category_id=category_id) @enforce("read", "meta_data") @@ -118,6 +139,12 @@ class ModelManager(Managers): # TODO (asteroide): delete all data linked to that category # TODO (asteroide): delete all meta_rules linked to that category if category_id not in self.driver.get_action_categories(category_id=category_id): - raise exceptions.ActionCategoryExisting + raise exceptions.ActionCategoryUnknown + meta_rules = self.get_meta_rules(user_id=user_id) + for meta_rule_id in meta_rules: + for action_category_id in meta_rules[meta_rule_id]['action_categories']: + if action_category_id == category_id: + raise exceptions.DeleteCategoryWithMetaRule + if self.driver.is_action_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData return self.driver.delete_action_category(category_id=category_id) - diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py index 9e7ad96c..69392e6d 100644 --- a/python_moondb/python_moondb/api/policy.py +++ b/python_moondb/python_moondb/api/policy.py @@ -8,6 +8,7 @@ import logging from python_moonutilities.security_functions import enforce from python_moondb.api.managers import Managers from python_moonutilities import exceptions +# from python_moondb.core import PDPManager logger = logging.getLogger("moon.db.api.policy") @@ -46,6 +47,11 @@ class PolicyManager(Managers): # TODO (asteroide): unmap PDP linked to that policy if policy_id not in self.driver.get_policies(policy_id=policy_id): raise exceptions.PolicyUnknown + pdps = self.PDPManager.get_pdp(user_id=user_id) + for pdp in pdps: + for policy_id in pdps[pdp]['security_pipeline']: + if policy_id == policy_id: + raise exceptions.DeletePolicyWithPdp return self.driver.delete_policy(policy_id=policy_id) @enforce(("read", "write"), "policies") @@ -147,6 +153,9 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def delete_subject_data(self, user_id, policy_id, data_id): # TODO (asteroide): check and/or delete assignments linked to that data + subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, subject_id=data_id) + if subject_assignments: + raise exceptions.DeleteData return self.driver.delete_subject_data(policy_id=policy_id, data_id=data_id) @enforce("read", "data") @@ -175,6 +184,9 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def delete_object_data(self, user_id, policy_id, data_id): # TODO (asteroide): check and/or delete assignments linked to that data + object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, object_id=data_id) + if object_assignments: + raise exceptions.DeleteData return self.driver.delete_object_data(policy_id=policy_id, data_id=data_id) @enforce("read", "data") @@ -203,6 +215,9 @@ class PolicyManager(Managers): @enforce(("read", "write"), "data") def delete_action_data(self, user_id, policy_id, data_id): # TODO (asteroide): check and/or delete assignments linked to that data + action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, action_id=data_id) + if action_assignments: + raise exceptions.DeleteData return self.driver.delete_action_data(policy_id=policy_id, data_id=data_id) @enforce("read", "assignments") diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py index a838a854..366ed7de 100644 --- a/python_moondb/python_moondb/backends/sql.py +++ b/python_moondb/python_moondb/backends/sql.py @@ -548,6 +548,16 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_action(self, policy_id, perimeter_id): self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id) + def __is_perimeter_data_exist(self, ClassType ,data_id=None, category_id=None): + logger.info("driver {} {}".format( data_id, category_id)) + with self.get_session_for_read() as session: + query = session.query(ClassType) + query = query.filter_by(category_id=category_id) + ref_list = query.all() + if ref_list: + return True + return False + def __get_perimeter_data(self, ClassType, policy_id, data_id=None, category_id=None): logger.info("driver {} {} {}".format(policy_id, data_id, category_id)) with self.get_session_for_read() as session: @@ -602,6 +612,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): if ref: session.delete(ref) + def is_subject_data_exist(self, data_id=None, category_id=None): + return self.__is_perimeter_data_exist(SubjectData, data_id=data_id, category_id=category_id) + def get_subject_data(self, policy_id, data_id=None, category_id=None): return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id) @@ -614,6 +627,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_subject_data(self, policy_id, data_id): return self.__delete_perimeter_data(SubjectData, policy_id, data_id) + def is_object_data_exist(self, data_id=None, category_id=None): + return self.__is_perimeter_data_exist(ObjectData, data_id=data_id, category_id=category_id) + def get_object_data(self, policy_id, data_id=None, category_id=None): return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id) @@ -626,6 +642,9 @@ class PolicyConnector(BaseConnector, PolicyDriver): def delete_object_data(self, policy_id, data_id): return self.__delete_perimeter_data(ObjectData, policy_id, data_id) + def is_action_data_exist(self, data_id=None,category_id=None): + return self.__is_perimeter_data_exist(ActionData, data_id=data_id, category_id=category_id) + def get_action_data(self, policy_id, data_id=None, category_id=None): return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id) |