aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/contrib')
-rw-r--r--keystone-moon/keystone/contrib/moon/backends/sql.py90
-rw-r--r--keystone-moon/keystone/contrib/moon/controllers.py186
-rw-r--r--keystone-moon/keystone/contrib/moon/core.py2035
-rw-r--r--keystone-moon/keystone/contrib/moon/exception.py134
-rw-r--r--keystone-moon/keystone/contrib/moon/routers.py130
5 files changed, 1289 insertions, 1286 deletions
diff --git a/keystone-moon/keystone/contrib/moon/backends/sql.py b/keystone-moon/keystone/contrib/moon/backends/sql.py
index 35884a93..39b52ce6 100644
--- a/keystone-moon/keystone/contrib/moon/backends/sql.py
+++ b/keystone-moon/keystone/contrib/moon/backends/sql.py
@@ -310,7 +310,7 @@ __all_objects__ = (
class IntraExtensionConnector(IntraExtensionDriver):
- def get_intra_extension_list(self):
+ def get_intra_extension_dict(self):
with sql.transaction() as session:
query = session.query(IntraExtension.id)
intraextensions = query.all()
@@ -334,7 +334,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise exception.NotFound
return ref.to_dict()
- def delete_intra_extension(self, intra_extension_id):
+ def del_intra_extension(self, intra_extension_id):
with sql.transaction() as session:
ref = session.query(IntraExtension).get(intra_extension_id)
# Must delete all references to that IntraExtension
@@ -374,6 +374,8 @@ class IntraExtensionConnector(IntraExtensionDriver):
def set_description(self, uuid, args):
raise exception.NotImplemented() # pragma: no cover
+ # Perimeter
+
def get_subject_dict(self, extension_uuid):
with sql.transaction() as session:
query = session.query(Subject)
@@ -426,7 +428,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def remove_subject(self, extension_uuid, subject_uuid):
+ def del_subject(self, extension_uuid, subject_uuid):
with sql.transaction() as session:
query = session.query(Subject)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -504,7 +506,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def remove_object(self, extension_uuid, object_uuid):
+ def del_object(self, extension_uuid, object_uuid):
with sql.transaction() as session:
query = session.query(Object)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -582,7 +584,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def remove_action(self, extension_uuid, action_uuid):
+ def del_action(self, extension_uuid, action_uuid):
with sql.transaction() as session:
query = session.query(Action)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -640,7 +642,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def add_subject_category_dict(self, extension_uuid, subject_category_uuid, subject_category_name):
+ def add_subject_category(self, extension_uuid, subject_category_uuid, subject_category_name):
with sql.transaction() as session:
query = session.query(SubjectCategory)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -662,7 +664,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def remove_subject_category(self, extension_uuid, subject_category_uuid):
+ def del_subject_category(self, extension_uuid, subject_category_uuid):
with sql.transaction() as session:
query = session.query(SubjectCategory)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -721,7 +723,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def add_object_category_dict(self, extension_uuid, object_category_uuid, object_category_name):
+ def add_object_category(self, extension_uuid, object_category_uuid, object_category_name):
with sql.transaction() as session:
query = session.query(ObjectCategory)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -743,7 +745,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def remove_object_category(self, extension_uuid, object_category_uuid):
+ def del_object_category(self, extension_uuid, object_category_uuid):
with sql.transaction() as session:
query = session.query(ObjectCategory)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -802,7 +804,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def add_action_category_dict(self, extension_uuid, action_category_uuid, action_category_name):
+ def add_action_category(self, extension_uuid, action_category_uuid, action_category_name):
with sql.transaction() as session:
query = session.query(ActionCategory)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -824,7 +826,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def remove_action_category(self, extension_uuid, action_category_uuid):
+ def del_action_category(self, extension_uuid, action_category_uuid):
with sql.transaction() as session:
query = session.query(ActionCategory)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -865,7 +867,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise SubjectScopeUnknown()
return result
- def set_subject_category_scope_dict(self, extension_uuid, subject_category, scope):
+ def set_subject_scope_dict(self, extension_uuid, subject_category, scope):
with sql.transaction() as session:
query = session.query(SubjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -887,7 +889,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
session.add(new_ref)
return new_ref.to_dict()
- def add_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid, scope_name):
+ def add_subject_scope(self, extension_uuid, subject_category, scope_uuid, scope_name):
with sql.transaction() as session:
query = session.query(SubjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -899,9 +901,9 @@ class IntraExtensionConnector(IntraExtensionDriver):
if subject_category not in scope.keys():
scope[subject_category] = dict()
scope[subject_category][scope_uuid] = scope_name
- return self.set_subject_category_scope_dict(extension_uuid, subject_category, scope[subject_category])
+ return self.set_subject_scope_dict(extension_uuid, subject_category, scope[subject_category])
- def remove_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid):
+ def del_subject_scope(self, extension_uuid, subject_category, scope_uuid):
with sql.transaction() as session:
query = session.query(SubjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -930,7 +932,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
# Getter and Setter for object_category_scope
- def get_object_category_scope_dict(self, extension_uuid, object_category):
+ def get_object_scope_dict(self, extension_uuid, object_category):
with sql.transaction() as session:
query = session.query(ObjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -942,7 +944,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise ObjectScopeUnknown()
return result
- def set_object_category_scope_dict(self, extension_uuid, object_category, scope):
+ def set_object_scope_dict(self, extension_uuid, object_category, scope):
with sql.transaction() as session:
query = session.query(ObjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -964,7 +966,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
session.add(new_ref)
return new_ref.to_dict()
- def add_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid, scope_name):
+ def add_object_scope(self, extension_uuid, object_category, scope_uuid, scope_name):
with sql.transaction() as session:
query = session.query(ObjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -976,9 +978,9 @@ class IntraExtensionConnector(IntraExtensionDriver):
if object_category not in scope:
scope[object_category] = dict()
scope[object_category][scope_uuid] = scope_name
- return self.set_object_category_scope_dict(extension_uuid, object_category, scope[object_category])
+ return self.set_object_scope_dict(extension_uuid, object_category, scope[object_category])
- def remove_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid):
+ def del_object_scope(self, extension_uuid, object_category, scope_uuid):
with sql.transaction() as session:
query = session.query(ObjectCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1007,7 +1009,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
# Getter and Setter for action_category_scope
- def get_action_category_scope_dict(self, extension_uuid, action_category):
+ def get_action_scope_dict(self, extension_uuid, action_category):
with sql.transaction() as session:
query = session.query(ActionCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1019,7 +1021,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
raise ActionScopeUnknown()
return result
- def set_action_category_scope_dict(self, extension_uuid, action_category, scope):
+ def set_action_scope_dict(self, extension_uuid, action_category, scope):
with sql.transaction() as session:
query = session.query(ActionCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1041,7 +1043,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
session.add(new_ref)
return new_ref.to_dict()
- def add_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid, scope_name):
+ def add_action_scope(self, extension_uuid, action_category, scope_uuid, scope_name):
with sql.transaction() as session:
query = session.query(ActionCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1053,9 +1055,9 @@ class IntraExtensionConnector(IntraExtensionDriver):
if action_category not in scope:
scope[action_category] = dict()
scope[action_category][scope_uuid] = scope_name
- return self.set_action_category_scope_dict(extension_uuid, action_category, scope[action_category])
+ return self.set_action_scope_dict(extension_uuid, action_category, scope[action_category])
- def remove_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid):
+ def del_action_scope(self, extension_uuid, action_category, scope_uuid):
with sql.transaction() as session:
query = session.query(ActionCategoryScope)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1084,7 +1086,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
# Getter and Setter for subject_category_assignment
- def get_subject_category_assignment_dict(self, extension_uuid, subject_uuid):
+ def get_subject_assignment_dict(self, extension_uuid, subject_uuid):
""" From a subject_uuid, return a dictionary of (category: scope for that subject)
:param extension_uuid: intra extension UUID
@@ -1107,7 +1109,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
_ref["subject_category_assignments"][subject_uuid] = dict()
return _ref
- def set_subject_category_assignment_dict(self, extension_uuid, subject_uuid=None, assignment_dict={}):
+ def set_subject_assignment_dict(self, extension_uuid, subject_uuid=None, assignment_dict={}):
with sql.transaction() as session:
query = session.query(SubjectCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1138,7 +1140,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def add_subject_category_assignment_dict(self, extension_uuid, subject_uuid, category_uuid, scope_uuid):
+ def add_subject_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid):
with sql.transaction() as session:
query = session.query(SubjectCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1152,12 +1154,12 @@ class IntraExtensionConnector(IntraExtensionDriver):
assignments[subject_uuid][category_uuid] = list()
if scope_uuid not in assignments[subject_uuid][category_uuid]:
assignments[subject_uuid][category_uuid].append(scope_uuid)
- return self.set_subject_category_assignment_dict(
+ return self.set_subject_assignment_dict(
extension_uuid,
subject_uuid,
assignments[subject_uuid])
- def remove_subject_category_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid):
+ def del_subject_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid):
with sql.transaction() as session:
query = session.query(SubjectCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1173,19 +1175,19 @@ class IntraExtensionConnector(IntraExtensionDriver):
if not old_ref["subject_category_assignments"][subject_uuid]:
old_ref["subject_category_assignments"].pop(subject_uuid)
try:
- self.set_subject_category_assignment_dict(
+ self.set_subject_assignment_dict(
extension_uuid,
subject_uuid,
old_ref["subject_category_assignments"][subject_uuid])
except KeyError:
- self.set_subject_category_assignment_dict(
+ self.set_subject_assignment_dict(
extension_uuid,
subject_uuid,
{})
# Getter and Setter for object_category_assignment
- def get_object_category_assignment_dict(self, extension_uuid, object_uuid):
+ def get_object_assignment_dict(self, extension_uuid, object_uuid):
""" From a object_uuid, return a dictionary of (category: scope for that object)
:param extension_uuid: intra extension UUID
@@ -1208,7 +1210,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
_ref["object_category_assignments"][object_uuid] = dict()
return _ref
- def set_object_category_assignment_dict(self, extension_uuid, object_uuid=None, assignment_dict={}):
+ def set_object_assignment_dict(self, extension_uuid, object_uuid=None, assignment_dict={}):
with sql.transaction() as session:
query = session.query(ObjectCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1235,7 +1237,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def add_object_category_assignment_dict(self, extension_uuid, object_uuid, category_uuid, scope_uuid):
+ def add_object_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid):
with sql.transaction() as session:
query = session.query(ObjectCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1249,12 +1251,12 @@ class IntraExtensionConnector(IntraExtensionDriver):
assignments[object_uuid][category_uuid] = list()
if scope_uuid not in assignments[object_uuid][category_uuid]:
assignments[object_uuid][category_uuid].append(scope_uuid)
- return self.set_object_category_assignment_dict(
+ return self.set_object_assignment_dict(
extension_uuid,
object_uuid,
assignments[object_uuid])
- def remove_object_category_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid):
+ def del_object_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid):
with sql.transaction() as session:
query = session.query(ObjectCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1269,14 +1271,14 @@ class IntraExtensionConnector(IntraExtensionDriver):
old_ref["object_category_assignments"][object_uuid].pop(category_uuid)
if not old_ref["object_category_assignments"][object_uuid]:
old_ref["object_category_assignments"].pop(object_uuid)
- self.set_object_category_assignment_dict(
+ self.set_object_assignment_dict(
extension_uuid,
object_uuid,
old_ref["object_category_assignments"][object_uuid])
# Getter and Setter for action_category_assignment
- def get_action_category_assignment_dict(self, extension_uuid, action_uuid):
+ def get_action_assignment_dict(self, extension_uuid, action_uuid):
""" From a action_uuid, return a dictionary of (category: scope for that action)
:param extension_uuid: intra extension UUID
@@ -1299,7 +1301,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
_ref["action_category_assignments"][action_uuid] = dict()
return _ref
- def set_action_category_assignment_dict(self, extension_uuid, action_uuid=None, assignment_dict={}):
+ def set_action_assignment_dict(self, extension_uuid, action_uuid=None, assignment_dict={}):
with sql.transaction() as session:
query = session.query(ActionCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1326,7 +1328,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
setattr(ref, attr, getattr(new_ref, attr))
return ref.to_dict()
- def add_action_category_assignment_dict(self, extension_uuid, action_uuid, category_uuid, scope_uuid):
+ def add_action_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid):
with sql.transaction() as session:
query = session.query(ActionCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1340,12 +1342,12 @@ class IntraExtensionConnector(IntraExtensionDriver):
assignments[action_uuid][category_uuid] = list()
if scope_uuid not in assignments[action_uuid][category_uuid]:
assignments[action_uuid][category_uuid].append(scope_uuid)
- return self.set_action_category_assignment_dict(
+ return self.set_action_assignment_dict(
extension_uuid,
action_uuid,
assignments[action_uuid])
- def remove_action_category_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid):
+ def del_action_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid):
with sql.transaction() as session:
query = session.query(ActionCategoryAssignment)
query = query.filter_by(intra_extension_uuid=extension_uuid)
@@ -1360,7 +1362,7 @@ class IntraExtensionConnector(IntraExtensionDriver):
old_ref["action_category_assignments"][action_uuid].pop(category_uuid)
if not old_ref["action_category_assignments"][action_uuid]:
old_ref["action_category_assignments"].pop(action_uuid)
- self.set_action_category_assignment_dict(
+ self.set_action_assignment_dict(
extension_uuid,
action_uuid,
old_ref["action_category_assignments"][action_uuid])
diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index a514fcd4..592aa699 100644
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -246,7 +246,7 @@ class IntraExtensions(controller.V3Controller):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get('intra_extension_id', None)
action_category_name = kw["action_category_name"]
- return self.admin_api.add_action_category_dict(user_id, ie_id, action_category_name)
+ return self.admin_api.add_action_category(user_id, ie_id, action_category_name)
@controller.protected()
def get_action_category(self, context, **kw):
@@ -274,7 +274,7 @@ class IntraExtensions(controller.V3Controller):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get('intra_extension_id', None)
subject_name = kw["subject_name"]
- return self.admin_api.add_subject_dict(user_id, ie_id, subject_name)
+ return self.admin_api.add_subject(user_id, ie_id, subject_name)
@controller.protected()
def get_subject(self, context, **kw):
@@ -301,7 +301,7 @@ class IntraExtensions(controller.V3Controller):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
object_name = kw["object_name"]
- return self.admin_api.add_object_dict(user_id, ie_id, object_name)
+ return self.admin_api.add_object(user_id, ie_id, object_name)
@controller.protected()
def get_object(self, context, **kw):
@@ -328,7 +328,7 @@ class IntraExtensions(controller.V3Controller):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_name = kw["action_name"]
- return self.admin_api.add_action_dict(user_id, ie_id, action_name)
+ return self.admin_api.add_action(user_id, ie_id, action_name)
@controller.protected()
def get_action(self, context, **kw):
@@ -346,121 +346,121 @@ class IntraExtensions(controller.V3Controller):
# Scope functions
@controller.protected()
- def get_subject_category_scopes(self, context, **kw):
+ def get_subject_scopes(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
- return self.admin_api.get_subject_category_scope_dict(user_id, ie_id, subject_category_id)
+ return self.admin_api.get_subject_scope_dict(user_id, ie_id, subject_category_id)
@controller.protected()
- def add_subject_category_scope(self, context, **kw):
+ def add_subject_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
- subject_category_scope_name = kw["subject_category_scope_name"]
- return self.admin_api.add_subject_category_scope_dict(
+ subject_scope_name = kw["subject_scope_name"]
+ return self.admin_api.add_subject_scope(
user_id,
ie_id,
subject_category_id,
- subject_category_scope_name)
+ subject_scope_name)
@controller.protected()
- def get_subject_category_scope(self, context, **kw):
+ def get_subject_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
- subject_category_scope_id = kw["subject_category_scope_id"]
- return self.admin_api.get_subject_category_scope_dict(user_id, ie_id, subject_category_id)[subject_category_scope_id]
+ subject_scope_id = kw["subject_scope_id"]
+ return self.admin_api.get_subject_scope(user_id, ie_id, subject_category_id, subject_scope_id)
@controller.protected()
- def del_subject_category_scope(self, context, **kw):
+ def del_subject_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
subject_category_id = kw["subject_category_id"]
- subject_category_scope_id = kw["subject_category_scope_id"]
- return self.admin_api.del_subject_category_scope(
+ subject_scope_id = kw["subject_scope_id"]
+ return self.admin_api.del_subject_scope(
user_id,
ie_id,
subject_category_id,
- subject_category_scope_id)
+ subject_scope_id)
@controller.protected()
- def get_object_category_scopes(self, context, **kw):
+ def get_object_scopes(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
- return self.admin_api.get_object_category_scope_dict(user_id, ie_id, object_category_id)
+ return self.admin_api.get_object_scope_dict(user_id, ie_id, object_category_id)
@controller.protected()
- def add_object_category_scope(self, context, **kw):
+ def add_object_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
- object_category_scope_name = kw["object_category_scope_name"]
- return self.admin_api.add_object_category_scope_dict(
+ object_scope_name = kw["object_scope_name"]
+ return self.admin_api.add_object_scope(
user_id,
ie_id,
object_category_id,
- object_category_scope_name)
+ object_scope_name)
@controller.protected()
- def get_object_category_scope(self, context, **kw):
+ def get_object_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
- object_category_scope_id = kw["object_category_scope_id"]
- return self.admin_api.get_object_category_scope_dict(user_id, ie_id, object_category_id)[object_category_scope_id]
+ object_scope_id = kw["object_scope_id"]
+ return self.admin_api.get_object_category_scope(user_id, ie_id, object_category_id, object_scope_id)
@controller.protected()
- def del_object_category_scope(self, context, **kw):
+ def del_object_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
object_category_id = kw["object_category_id"]
- object_category_scope_id = kw["object_category_scope_id"]
- return self.admin_api.del_object_category_scope(
+ object_scope_id = kw["object_scope_id"]
+ return self.admin_api.del_object_scope(
user_id,
ie_id,
object_category_id,
- object_category_scope_id)
+ object_scope_id)
@controller.protected()
- def get_action_category_scopes(self, context, **kw):
+ def get_action_scopes(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
- return self.admin_api.get_action_category_scope_dict(user_id, ie_id, action_category_id)
+ return self.admin_api.get_action_scope_dict(user_id, ie_id, action_category_id)
@controller.protected()
- def add_action_category_scope(self, context, **kw):
+ def add_action_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
- action_category_scope_name = kw["action_category_scope_name"]
- return self.admin_api.add_action_category_scope_dict(
+ action_scope_name = kw["action_scope_name"]
+ return self.admin_api.add_action_scope(
user_id,
ie_id,
action_category_id,
- action_category_scope_name)
+ action_scope_name)
@controller.protected()
- def get_action_category_scope(self, context, **kw):
+ def get_action_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
- action_category_scope_id = kw["action_category_scope_id"]
- return self.admin_api.get_action_category_scope_dict(user_id, ie_id, action_category_id)[action_category_scope_id]
+ action_scope_id = kw["action_scope_id"]
+ return self.admin_api.get_action_scope_dict(user_id, ie_id, action_category_id)[action_scope_id]
@controller.protected()
- def del_action_category_scope(self, context, **kw):
+ def del_action_scope(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_category_id = kw["action_category_id"]
- action_category_scope_id = kw["action_category_scope_id"]
- return self.admin_api.del_action_category_scope(
+ action_scope_id = kw["action_scope_id"]
+ return self.admin_api.del_action_scope(
user_id,
ie_id,
action_category_id,
- action_category_scope_id)
+ action_scope_id)
# Assignment functions
@controller.protected()
@@ -468,7 +468,7 @@ class IntraExtensions(controller.V3Controller):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
- return self.admin_api.get_subject_category_assignment_dict(user_id, ie_id, subject_id)
+ return self.admin_api.get_subject_assignment_dict(user_id, ie_id, subject_id)
@controller.protected()
def add_subject_assignment(self, context, **kw):
@@ -476,13 +476,13 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
subject_category_id = kw["subject_category_id"]
- subject_category_scope_id = kw["subject_category_scope_id"]
- return self.admin_api.add_subject_category_assignment(
+ subject_scope_id = kw["subject_scope_id"]
+ return self.admin_api.add_subject_assignment(
user_id,
ie_id,
subject_id,
subject_category_id,
- subject_category_scope_id)
+ subject_scope_id)
@controller.protected()
def get_subject_assignment(self, context, **kw):
@@ -490,7 +490,7 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
subject_category_id = kw["subject_category_id"]
- return self.admin_api.get_subject_category_assignment_dict(user_id, ie_id, subject_id)[subject_category_id]
+ return self.admin_api.get_subject_assignment_dict(user_id, ie_id, subject_id)[subject_category_id]
@controller.protected()
def del_subject_assignment(self, context, **kw):
@@ -498,20 +498,20 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
subject_id = kw["subject_id"]
subject_category_id = kw["subject_category_id"]
- subject_category_scope_id = kw["subject_category_scope_id"]
- return self.admin_api.del_subject_category_assignment(
+ subject_scope_id = kw["subject_scope_id"]
+ return self.admin_api.del_subject_assignment(
user_id,
ie_id,
subject_id,
subject_category_id,
- subject_category_scope_id)
+ subject_scope_id)
@controller.protected()
def get_object_assignments(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
- return self.admin_api.get_object_category_assignment_dict(user_id, ie_id, object_id)
+ return self.admin_api.get_object_assignment_dict(user_id, ie_id, object_id)
@controller.protected()
def add_object_assignment(self, context, **kw):
@@ -519,13 +519,13 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
object_category_id = kw["object_category_id"]
- object_category_scope_id = kw["object_category_scope_id"]
- return self.admin_api.add_object_category_assignment(
+ object_scope_id = kw["object_scope_id"]
+ return self.admin_api.add_objecty_assignment(
user_id,
ie_id,
object_id,
object_category_id,
- object_category_scope_id)
+ object_scope_id)
@controller.protected()
def get_object_assignment(self, context, **kw):
@@ -533,7 +533,7 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
object_category_id = kw["object_category_id"]
- return self.admin_api.get_object_category_assignment_dict(user_id, ie_id, object_id)[object_category_id]
+ return self.admin_api.get_object_assignment_dict(user_id, ie_id, object_id, object_category_id)
@controller.protected()
def del_object_assignment(self, context, **kw):
@@ -541,34 +541,34 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
object_id = kw["object_id"]
object_category_id = kw["object_category_id"]
- object_category_scope_id = kw["object_category_scope_id"]
- return self.admin_api.del_object_category_assignment(
+ object_scope_id = kw["object_scope_id"]
+ return self.admin_api.del_object_assignment(
user_id,
ie_id,
object_id,
object_category_id,
- object_category_scope_id)
+ object_scope_id)
@controller.protected()
def get_action_assignments(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
- return self.admin_api.get_action_category_assignment_dict(user_id, ie_id, action_id)
+ return self.admin_api.get_action_assignment_dict(user_id, ie_id, action_id)
@controller.protected()
def add_action_assignment(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
- action_category_id = kw["action_category"]
- action_category_scope_id = kw["action_category_scope"]
- return self.admin_api.add_action_category_assignment(
+ action_category_id = kw["action_category_id"]
+ action_scope_id = kw["action_scope_id"]
+ return self.admin_api.add_action_assignment(
user_id,
ie_id,
action_id,
action_category_id,
- action_category_scope_id)
+ action_scope_id)
@controller.protected()
def get_action_assignment(self, context, **kw):
@@ -576,7 +576,7 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
action_category_id = kw["action_category_id"]
- return self.admin_api.del_object_category_assignment_dict(user_id, ie_id, action_id)[action_category_id]
+ return self.admin_api.get_action_assignment_dict(user_id, ie_id, action_id, action_category_id)
@controller.protected()
def del_action_assignment(self, context, **kw):
@@ -584,13 +584,13 @@ class IntraExtensions(controller.V3Controller):
ie_id = kw.get("intra_extension_id", None)
action_id = kw["action_id"]
action_category_id = kw["action_category_id"]
- action_category_scope_id = kw["action_category_scope_id"]
- return self.admin_api.del_object_category_assignment(
+ action_scope_id = kw["action_scope_id"]
+ return self.admin_api.del_action_assignment(
user_id,
ie_id,
action_id,
action_category_id,
- action_category_scope_id)
+ action_scope_id)
# Metarule functions
@controller.protected()
@@ -629,32 +629,35 @@ class IntraExtensions(controller.V3Controller):
def add_sub_meta_rule(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
- sub_meta_rule_dict = dict()
- sub_meta_rule_dict['subject_categories'] = kw["subject_categories"]
- sub_meta_rule_dict['object_categories'] = kw["object_categories"]
- sub_meta_rule_dict['action_categories'] = kw["action_categories"]
- sub_meta_rule_dict['aggregation_algorithm_id'] = kw["aggregation_algorithm_id"]
+ sub_meta_rule_name = kw["sub_meta_rule_name"]
+ subject_category_list = kw["subject_categories"]
+ object_category_list = kw["object_categories"]
+ action_category_list = kw["action_categories"]
+ sub_meta_rule_algorithm = kw["sub_meta_rule_algorithm"]
+
return self.admin_api.add_sub_meta_rule_dict(
user_id,
ie_id,
- sub_meta_rule_dict)
+ sub_meta_rule_name,
+ subject_category_list,
+ object_category_list,
+ action_category_list,
+ sub_meta_rule_algorithm
+ )
@controller.protected()
def get_sub_meta_rule(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
sub_meta_rule_id = kw["sub_meta_rule_id"]
- return self.admin_api.get_sub_meta_rule_dict(user_id, ie_id)[sub_meta_rule_id]
+ return self.admin_api.get_sub_meta_rule(user_id, ie_id, sub_meta_rule_id)
@controller.protected()
def del_sub_meta_rule(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
- ie_id = kw.pop("intra_extension_id")
+ ie_id = kw.get("intra_extension_id")
sub_meta_rule_id = kw["sub_meta_rule_id"]
- return self.admin_api.del_sub_meta_rule(
- user_id,
- ie_id,
- sub_meta_rule_id)
+ return self.admin_api.del_sub_meta_rule(user_id, ie_id, sub_meta_rule_id)
# Rules functions
@controller.protected()
@@ -668,28 +671,21 @@ class IntraExtensions(controller.V3Controller):
def add_rule(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
- sub_meta_rule_id = kw["sub_meta_rule_id"]
-
+ sub_meta_rule_id = kw.get("sub_meta_rule_id")
rule_list = list()
- subject_categories_dict = kw['subject_categories']
- for _subject_category in subject_categories_dict:
- rule_list.append(subject_categories_dict[_subject_category])
- action_categories_dict = kw['action_categories']
- for _action_category in action_categories_dict:
- rule_list.append(action_categories_dict[_action_category])
- object_categories_dict = kw['object_categories']
- for _object_category in object_categories_dict:
- rule_list.append(object_categories_dict[_object_category])
-
+ subject_category_list = kw.get('subject_categories')
+ object_category_list = kw.get('object_categories')
+ action_category_list = kw.get('action_categories')
+ rule_list = subject_category_list + object_category_list + action_category_list
return self.admin_api.add_rule_list(user_id, ie_id, sub_meta_rule_id, rule_list)
@controller.protected()
def get_rule(self, context, **kw):
user_id = self._get_user_id_from_token(context["token_id"])
ie_id = kw.get("intra_extension_id", None)
- sub_meta_rule_id = kw["sub_meta_rule_id"]
- rule_id = kw["rule_id"]
- return self.admin_api.get_rule_dict(user_id, ie_id, sub_meta_rule_id)[rule_id]
+ sub_meta_rule_id = kw.get("sub_meta_rule_id")
+ rule_id = kw.get("rule_id")
+ return self.admin_api.get_rule(user_id, ie_id, sub_meta_rule_id, rule_id)
@controller.protected()
def del_rule(self, context, **kw):
diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index d5d2e100..205f7a7b 100644
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -24,6 +24,8 @@ from keystone.contrib.moon.algorithms import *
CONF = config.CONF
LOG = log.getLogger(__name__)
+DEFAULT_USER = uuid4().hex() # default user_id for internal invocation
+
_OPTS = [
cfg.StrOpt('configuration_driver',
@@ -254,7 +256,7 @@ class TenantManager(manager.Manager):
return tenant_id
return None
- def get_tenant_intra_extension_id(self, tenant_id, genre="authz"):
+ def get_tenant_intra_extension_id(self, user_id, tenant_id, genre="authz"):
"""
Return the UUID of the scoped extension for a particular tenant.
:param tenant_id: UUID of the tenant
@@ -262,6 +264,7 @@ class TenantManager(manager.Manager):
:return (str): the UUID of the scoped extension
"""
# 1 tenant only with 1 authz extension and 1 admin extension
+ # TODO: check user right with user_id in SuperExtension
tenant_dict = self.__get_tenant_dict()
if tenant_id not in tenant_dict:
raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id)))
@@ -298,11 +301,10 @@ class TenantManager(manager.Manager):
authz_extension_uuid)))
-@dependency.requires('identity_api', 'tenant_api', 'authz_api', 'admin_api', 'moonlog_api')
+@dependency.requires('identity_api', 'tenant_api', 'configuration_api', 'authz_api', 'admin_api', 'moonlog_api')
class IntraExtensionManager(manager.Manager):
__genre__ = None
- __default_user = uuid4().hex() # default user_id for internal invocation
def __init__(self):
driver = CONF.moon.intraextension_driver
@@ -329,46 +331,47 @@ class IntraExtensionManager(manager.Manager):
}
"""
+ # TODO(dthom) move exception raise to driver
if not self.driver.get_intra_extension(intra_extension_id):
raise IntraExtensionNotFound()
- _authz_buffer = dict()
- _authz_buffer['subject_id'] = subject_id
- _authz_buffer['object_id'] = object_id
- _authz_buffer['action_id'] = action_id
+ authz_buffer = dict()
+ authz_buffer['subject_id'] = subject_id
+ authz_buffer['object_id'] = object_id
+ authz_buffer['action_id'] = action_id
- _meta_data_dict = {}
- _meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_id)["subject_categories"]
- _meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_id)["object_categories"]
- _meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_id)["action_categories"]
+ meta_data_dict = {}
+ meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_id)["subject_categories"]
+ meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_id)["object_categories"]
+ meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_id)["action_categories"]
- _subject_assignment_dict = dict()
- for category in _meta_data_dict["subject_categories"]:
- _subject_assignment_dict[category] = self.driver.get_subject_category_assignment_dict(
+ subject_assignment_dict = dict()
+ for category in meta_data_dict["subject_categories"]:
+ subject_assignment_dict[category] = self.driver.get_subject_assignment_dict(
intra_extension_id, category)["subject_category_assignments"]
- _object_assignment_dict = dict()
- for category in _meta_data_dict["object_categories"]:
- _object_assignment_dict[category] = self.driver.get_object_category_assignment_dict(
+ object_assignment_dict = dict()
+ for category in meta_data_dict["object_categories"]:
+ object_assignment_dict[category] = self.driver.get_object_assignment_dict(
intra_extension_id, category)["object_category_assignments"]
- _action_assignment_dict = dict()
- for category in _meta_data_dict["action_categories"]:
- _action_assignment_dict[category] = self.driver.get_action_category_assignment_dict(
+ action_assignment_dict = dict()
+ for category in meta_data_dict["action_categories"]:
+ action_assignment_dict[category] = self.driver.get_action_assignment_dict(
intra_extension_id, category)["action_category_assignments"]
- _authz_buffer['subject_attributes'] = dict()
- _authz_buffer['object_attributes'] = dict()
- _authz_buffer['action_attributes'] = dict()
+ authz_buffer['subject_attributes'] = dict()
+ authz_buffer['object_attributes'] = dict()
+ authz_buffer['action_attributes'] = dict()
- for _subject_category in _meta_data_dict['subject_categories']:
- _authz_buffer['subject_attributes'][_subject_category] = _subject_assignment_dict[_subject_category]
- for _object_category in _meta_data_dict['object_categories']:
- _authz_buffer['object_attributes'][_object_category] = _object_assignment_dict[_object_category]
- for _action_category in _meta_data_dict['action_categories']:
- _authz_buffer['action_attributes'][_action_category] = _action_assignment_dict[_action_category]
+ for _subject_category in meta_data_dict['subject_categories']:
+ authz_buffer['subject_attributes'][_subject_category] = subject_assignment_dict[_subject_category]
+ for _object_category in meta_data_dict['object_categories']:
+ authz_buffer['object_attributes'][_object_category] = object_assignment_dict[_object_category]
+ for _action_category in meta_data_dict['action_categories']:
+ authz_buffer['action_attributes'][_action_category] = action_assignment_dict[_action_category]
- return _authz_buffer
+ return authz_buffer
def authz(self, intra_extension_id, subject_id, object_id, action_id):
"""Check authorization for a particular action.
@@ -388,71 +391,40 @@ class IntraExtensionManager(manager.Manager):
ActionCategoryAssignmentUnknown
"""
- _authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id)
- _decision_buffer = dict()
+ authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id)
+ decision_buffer = dict()
- _meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_id)
- _rule_dict = self.driver.get_rule_dict(intra_extension_id)
+ meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_id)
+ rule_dict = self.driver.get_rule_dict(intra_extension_id)
- for _rule in _meta_rule_dict['sub_meta_rules']:
- if _meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'inclusion':
- _decision_buffer[_rule] = algo_inclusion(
- _authz_buffer,
- _meta_rule_dict['sub_meta_rules'][_rule],
- _rule_dict['rules'][_rule])
- elif _meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'comparison':
- _decision_buffer[_rule] = algo_comparison(
- _authz_buffer,
- _meta_rule_dict['sub_meta_rules'][_rule],
- _rule_dict['rules'][_rule])
+ for _rule in meta_rule_dict['sub_meta_rules']:
+ if meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'inclusion':
+ decision_buffer[_rule] = inclusion(
+ authz_buffer,
+ meta_rule_dict['sub_meta_rules'][_rule],
+ rule_dict['rules'][_rule])
+ elif meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'comparison':
+ decision_buffer[_rule] = comparison(
+ authz_buffer,
+ meta_rule_dict['sub_meta_rules'][_rule],
+ rule_dict['rules'][_rule])
- if _meta_rule_dict['aggregation'] == 'all_true':
- return aggr_all_true(_decision_buffer)
+ if meta_rule_dict['aggregation'] == 'all_true':
+ return all_true(decision_buffer)
return False
- def get_intra_extension_list(self):
+ def get_intra_extension_dict(self, user_id):
# TODO: check will be done through super_extension later
- return self.driver.get_intra_extension_list()
-
- def get_intra_extension_id_for_tenant(self, tenant_id):
- for intra_extension_id in self.driver.get_intra_extension_list():
- if self.driver.get_intra_extension(intra_extension_id)["tenant"] == tenant_id:
- return intra_extension_id
- LOG.error("IntraExtension not found for tenant {}".format(tenant_id))
- raise exception.NotFound
-
- def get_intra_extension(self, uuid):
- return self.driver.get_intra_extension(uuid)
-
- def set_perimeter_values(self, ie, policy_dir):
-
- perimeter_path = os.path.join(policy_dir, 'perimeter.json')
- f = open(perimeter_path)
- json_perimeter = json.load(f)
-
- subject_dict = dict()
- # We suppose that all subjects can be mapped to a true user in Keystone
- for _subject in json_perimeter['subjects']:
- user = self.identity_api.get_user_by_name(_subject, "default")
- subject_dict[user["id"]] = user
- self.driver.set_subject_dict(ie["id"], subject_dict)
- ie["subjects"] = subject_dict
+ return self.driver.get_intra_extension_dict()
- # Copy all values for objects and subjects
- object_dict = dict()
- for _object in json_perimeter['objects']:
- object_dict[uuid4().hex] = {"name": _object}
- self.driver.set_object_dict(ie["id"], object_dict)
- ie["objects"] = object_dict
+ def get_intra_extension(self, user_id, intra_extension_id):
+ # TODO: check will be done through super_extension later
+ return self.driver.get_intra_extension(intra_extension_id)
- action_dict = dict()
- for _action in json_perimeter['actions']:
- action_dict[uuid4().hex] = {"name": _action}
- self.driver.set_action_dict(ie["id"], action_dict)
- ie["ations"] = action_dict
+ # load policy from policy directory
- def set_metadata_values(self, ie, policy_dir):
+ def __load_metadata_file(self, intra_extension, policy_dir):
metadata_path = os.path.join(policy_dir, 'metadata.json')
f = open(metadata_path)
@@ -461,133 +433,160 @@ class IntraExtensionManager(manager.Manager):
subject_categories_dict = dict()
for _cat in json_perimeter['subject_categories']:
subject_categories_dict[uuid4().hex] = {"name": _cat}
- self.driver.set_subject_category_dict(ie["id"], subject_categories_dict)
+ self.driver.set_subject_category_dict(intra_extension["id"], subject_categories_dict)
# Initialize scope categories
for _cat in subject_categories_dict.keys():
- self.driver.set_subject_category_scope_dict(ie["id"], _cat, {})
- ie['subject_categories'] = subject_categories_dict
+ self.driver.set_subject_scope_dict(intra_extension["id"], _cat, {})
+ intra_extension['subject_categories'] = subject_categories_dict
object_categories_dict = dict()
for _cat in json_perimeter['object_categories']:
object_categories_dict[uuid4().hex] = {"name": _cat}
- self.driver.set_object_category_dict(ie["id"], object_categories_dict)
+ self.driver.set_object_category_dict(intra_extension["id"], object_categories_dict)
# Initialize scope categories
for _cat in object_categories_dict.keys():
- self.driver.set_object_category_scope_dict(ie["id"], _cat, {})
- ie['object_categories'] = object_categories_dict
+ self.driver.set_object_scope_dict(intra_extension["id"], _cat, {})
+ intra_extension['object_categories'] = object_categories_dict
action_categories_dict = dict()
for _cat in json_perimeter['action_categories']:
action_categories_dict[uuid4().hex] = {"name": _cat}
- self.driver.set_action_category_dict(ie["id"], action_categories_dict)
+ self.driver.set_action_category_dict(intra_extension["id"], action_categories_dict)
# Initialize scope categories
for _cat in action_categories_dict.keys():
- self.driver.set_action_category_scope_dict(ie["id"], _cat, {})
- ie['action_categories'] = action_categories_dict
+ self.driver.set_action_scope_dict(intra_extension["id"], _cat, {})
+ intra_extension['action_categories'] = action_categories_dict
+
+ def __load_perimeter_file(self, intra_extension, policy_dir):
- def set_scope_values(self, ie, policy_dir):
+ perimeter_path = os.path.join(policy_dir, 'perimeter.json')
+ f = open(perimeter_path)
+ json_perimeter = json.load(f)
+
+ subject_dict = dict()
+ # We suppose that all subjects can be mapped to a true user in Keystone
+ for _subject in json_perimeter['subjects']:
+ user = self.identity_api.get_user_by_name(_subject, "default")
+ subject_dict[user["id"]] = user
+ self.driver.set_subject_dict(intra_extension["id"], subject_dict)
+ intra_extension["subjects"] = subject_dict
+
+ # Copy all values for objects and subjects
+ object_dict = dict()
+ for _object in json_perimeter['objects']:
+ object_dict[uuid4().hex] = {"name": _object}
+ self.driver.set_object_dict(intra_extension["id"], object_dict)
+ intra_extension["objects"] = object_dict
+
+ action_dict = dict()
+ for _action in json_perimeter['actions']:
+ action_dict[uuid4().hex] = {"name": _action}
+ self.driver.set_action_dict(intra_extension["id"], action_dict)
+ intra_extension["ations"] = action_dict
+
+ def __load_scope_file(self, intra_extension, policy_dir):
metadata_path = os.path.join(policy_dir, 'scope.json')
f = open(metadata_path)
json_perimeter = json.load(f)
- ie['subject_category_scope'] = dict()
+ intra_extension['subject_category_scope'] = dict()
for category, scope in json_perimeter["subject_category_scope"].iteritems():
- category = self.driver.get_uuid_from_name(ie["id"], category, self.driver.SUBJECT_CATEGORY)
+ category = self.driver.get_uuid_from_name(intra_extension["id"], category, self.driver.SUBJECT_CATEGORY)
_scope_dict = dict()
for _scope in scope:
_scope_dict[uuid4().hex] = {"name": _scope}
- self.driver.set_subject_category_scope_dict(ie["id"], category, _scope_dict)
- ie['subject_category_scope'][category] = _scope_dict
+ self.driver.set_subject_scope_dict(intra_extension["id"], category, _scope_dict)
+ intra_extension['subject_category_scope'][category] = _scope_dict
- ie['object_category_scope'] = dict()
+ intra_extension['object_category_scope'] = dict()
for category, scope in json_perimeter["object_category_scope"].iteritems():
- category = self.driver.get_uuid_from_name(ie["id"], category, self.driver.OBJECT_CATEGORY)
+ category = self.driver.get_uuid_from_name(intra_extension["id"], category, self.driver.OBJECT_CATEGORY)
_scope_dict = dict()
for _scope in scope:
_scope_dict[uuid4().hex] = {"name": _scope}
- self.driver.set_object_category_scope_dict(ie["id"], category, _scope_dict)
- ie['object_category_scope'][category] = _scope_dict
+ self.driver.set_object_scope_dict(intra_extension["id"], category, _scope_dict)
+ intra_extension['object_category_scope'][category] = _scope_dict
- ie['action_category_scope'] = dict()
+ intra_extension['action_category_scope'] = dict()
for category, scope in json_perimeter["action_category_scope"].iteritems():
- category = self.driver.get_uuid_from_name(ie["id"], category, self.driver.ACTION_CATEGORY)
+ category = self.driver.get_uuid_from_name(intra_extension["id"], category, self.driver.ACTION_CATEGORY)
_scope_dict = dict()
for _scope in scope:
_scope_dict[uuid4().hex] = {"name": _scope}
- self.driver.set_action_category_scope_dict(ie["id"], category, _scope_dict)
- ie['action_category_scope'][category] = _scope_dict
+ self.driver.set_action_scope_dict(intra_extension["id"], category, _scope_dict)
+ intra_extension['action_category_scope'][category] = _scope_dict
- def set_assignments_values(self, ie, policy_dir):
+ def __load_assignment_file(self, intra_extension, policy_dir):
f = open(os.path.join(policy_dir, 'assignment.json'))
json_assignments = json.load(f)
subject_assignments = dict()
for category_name, value in json_assignments['subject_assignments'].iteritems():
- category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.SUBJECT_CATEGORY)
+ category = self.driver.get_uuid_from_name(intra_extension["id"], category_name, self.driver.SUBJECT_CATEGORY)
for user_name in value:
- user_id = self.driver.get_uuid_from_name(ie["id"], user_name, self.driver.SUBJECT)
+ user_id = self.driver.get_uuid_from_name(intra_extension["id"], user_name, self.driver.SUBJECT)
if user_id not in subject_assignments:
subject_assignments[user_id] = dict()
if category not in subject_assignments[user_id]:
subject_assignments[user_id][category] = \
- map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name),
+ map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.SUBJECT_SCOPE, category_name),
value[user_name])
else:
subject_assignments[user_id][category].extend(
- map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name),
+ map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.SUBJECT_SCOPE, category_name),
value[user_name])
)
# Note (dthom): subject_category_assignment must be initialized because when there is no data in json
# we will not go through the for loop
- self.driver.set_subject_category_assignment_dict(ie["id"])
+ self.driver.set_subject_assignment_dict(intra_extension["id"])
for subject in subject_assignments:
- self.driver.set_subject_category_assignment_dict(ie["id"], subject, subject_assignments[subject])
+ self.driver.set_subject_assignment_dict(intra_extension["id"], subject, subject_assignments[subject])
object_assignments = dict()
for category_name, value in json_assignments["object_assignments"].iteritems():
- category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.OBJECT_CATEGORY)
+ category = self.driver.get_uuid_from_name(intra_extension["id"], category_name, self.driver.OBJECT_CATEGORY)
for object_name in value:
if object_name not in object_assignments:
object_assignments[object_name] = dict()
if category not in object_assignments[object_name]:
object_assignments[object_name][category] = \
- map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.OBJECT_SCOPE, category_name),
+ map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.OBJECT_SCOPE, category_name),
value[object_name])
else:
object_assignments[object_name][category].extend(
- map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.OBJECT_SCOPE, category_name),
+ map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.OBJECT_SCOPE, category_name),
value[object_name])
)
# Note (dthom): object_category_assignment must be initialized because when there is no data in json
# we will not go through the for loop
- self.driver.set_object_category_assignment_dict(ie["id"])
+ self.driver.set_object_assignment_dict(intra_extension["id"])
for object in object_assignments:
- self.driver.set_object_category_assignment_dict(ie["id"], object, object_assignments[object])
+ self.driver.set_object_assignment_dict(intra_extension["id"], object, object_assignments[object])
action_assignments = dict()
for category_name, value in json_assignments["action_assignments"].iteritems():
- category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.ACTION_CATEGORY)
+ category = self.driver.get_uuid_from_name(intra_extension["id"], category_name, self.driver.ACTION_CATEGORY)
for action_name in value:
if action_name not in action_assignments:
action_assignments[action_name] = dict()
if category not in action_assignments[action_name]:
action_assignments[action_name][category] = \
- map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.ACTION_SCOPE, category_name),
+ map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.ACTION_SCOPE, category_name),
value[action_name])
else:
action_assignments[action_name][category].extend(
- map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.ACTION_SCOPE, category_name),
+ map(lambda x: self.driver.get_uuid_from_name(intra_extension["id"], x, self.driver.ACTION_SCOPE, category_name),
value[action_name])
)
# Note (dthom): action_category_assignment must be initialized because when there is no data in json
# we will not go through the for loop
- self.driver.set_action_category_assignment_dict(ie["id"])
+ self.driver.set_action_assignment_dict(intra_extension["id"])
for action in action_assignments:
- self.driver.set_action_category_assignment_dict(ie["id"], action, action_assignments[action])
+ self.driver.set_action_assignment_dict(intra_extension["id"], action, action_assignments[action])
- def set_metarule_values(self, ie, policy_dir):
+ def __load_metarule_file(self, intra_extension, policy_dir):
metadata_path = os.path.join(policy_dir, 'metarule.json')
f = open(metadata_path)
@@ -605,23 +604,23 @@ class IntraExtensionManager(manager.Manager):
for item in ("subject_categories", "object_categories", "action_categories"):
metarule[relation][item] = list()
for element in json_metarule["sub_meta_rules"][relation][item]:
- metarule[relation][item].append(self.driver.get_uuid_from_name(ie["id"], element, categories[item]))
+ metarule[relation][item].append(self.driver.get_uuid_from_name(intra_extension["id"], element, categories[item]))
metarule[relation]["algorithm"] = json_metarule["sub_meta_rules"][relation]["algorithm"]
submetarules = {
"aggregation": json_metarule["aggregation"],
"sub_meta_rules": metarule
}
- self.driver.set_meta_rule_dict(ie["id"], submetarules)
+ self.driver.set_meta_rule_dict(intra_extension["id"], submetarules)
- def set_subrules_values(self, ie, policy_dir):
+ def __load_rule_file(self, intra_extension, policy_dir):
- metadata_path = os.path.join(policy_dir, 'rules.json')
+ metadata_path = os.path.join(policy_dir, 'rule.json')
f = open(metadata_path)
json_rules = json.load(f)
- ie["sub_rules"] = {"rules": copy.deepcopy(json_rules)}
+ intra_extension["rule"] = {"rule": copy.deepcopy(json_rules)}
# Translate value from JSON file to UUID for Database
rules = dict()
- sub_meta_rules = self.driver.get_meta_rule_dict(ie["id"])
+ sub_meta_rules = self.driver.get_meta_rule_dict(intra_extension["id"])
for relation in json_rules:
# print(relation)
# print(self.get_sub_meta_rule_relations("admin", ie["id"]))
@@ -631,23 +630,23 @@ class IntraExtensionManager(manager.Manager):
for rule in json_rules[relation]:
subrule = list()
_rule = list(rule)
- for category_uuid in sub_meta_rules["sub_meta_rules"][relation]["subject_categories"]:
+ for category_uuid in sub_meta_rules["rule"][relation]["subject_categories"]:
scope_name = _rule.pop(0)
- scope_uuid = self.driver.get_uuid_from_name(ie["id"],
+ scope_uuid = self.driver.get_uuid_from_name(intra_extension["id"],
scope_name,
self.driver.SUBJECT_SCOPE,
category_uuid=category_uuid)
subrule.append(scope_uuid)
- for category_uuid in sub_meta_rules["sub_meta_rules"][relation]["action_categories"]:
+ for category_uuid in sub_meta_rules["rule"][relation]["action_categories"]:
scope_name = _rule.pop(0)
- scope_uuid = self.driver.get_uuid_from_name(ie["id"],
+ scope_uuid = self.driver.get_uuid_from_name(intra_extension["id"],
scope_name,
self.driver.ACTION_SCOPE,
category_uuid=category_uuid)
subrule.append(scope_uuid)
- for category_uuid in sub_meta_rules["sub_meta_rules"][relation]["object_categories"]:
+ for category_uuid in sub_meta_rules["rule"][relation]["object_categories"]:
scope_name = _rule.pop(0)
- scope_uuid = self.driver.get_uuid_from_name(ie["id"],
+ scope_uuid = self.driver.get_uuid_from_name(intra_extension["id"],
scope_name,
self.driver.OBJECT_SCOPE,
category_uuid=category_uuid)
@@ -674,9 +673,10 @@ class IntraExtensionManager(manager.Manager):
# if value doesn't exist add a default value
subrule.append(True)
rules[relation].append(subrule)
- self.driver.set_rule_dict(ie["id"], rules)
+ self.driver.set_rule_dict(intra_extension["id"], rules)
- def load_intra_extension(self, intra_extension):
+ def load_intra_extension(self, user_id, intra_extension):
+ # TODO: check will be done through super_extension later
ie = dict()
# TODO: clean some values
ie['id'] = uuid4().hex
@@ -687,565 +687,641 @@ class IntraExtensionManager(manager.Manager):
self.moonlog_api.debug("Creation of IE: {}".format(ref))
# read the profile given by "policymodel" and populate default variables
policy_dir = os.path.join(CONF.moon.policy_directory, ie["model"])
- self.set_perimeter_values(ie, policy_dir)
- self.set_metadata_values(ie, policy_dir)
- self.set_scope_values(ie, policy_dir)
- self.set_assignments_values(ie, policy_dir)
- self.set_metarule_values(ie, policy_dir)
- self.set_subrules_values(ie, policy_dir)
+ self.__load_perimeter_file(ie, policy_dir)
+ self.__load_metadata_file(ie, policy_dir)
+ self.__load_scope_file(ie, policy_dir)
+ self.__load_assignment_file(ie, policy_dir)
+ self.__load_metarule_file(ie, policy_dir)
+ self.__load_rule_file(ie, policy_dir)
return ref
- def delete_intra_extension(self, intra_extension_id):
- ref = self.driver.delete_intra_extension(intra_extension_id)
+ def del_intra_extension(self, user_id, intra_extension_id):
+ # TODO: check will be done through super_extension later
+ ref = self.driver.del_intra_extension(intra_extension_id)
return ref
- # Perimeter functions
+ # Metadata functions
@filter_args
- @enforce("read", "subjects")
- def get_subject_dict(self, user_id, intra_extension_uuid):
- return self.driver.get_subject_dict(intra_extension_uuid)
+ @enforce("read", "subject_categories")
+ def get_subject_category_dict(self, user_id, intra_extension_id):
+ return self.driver.get_subject_category_dict(intra_extension_id)
@filter_args
- @enforce(("read", "write"), "subjects")
- def set_subject_dict(self, user_id, intra_extension_uuid, subject_list):
- subject_dict = {}
- for _user in subject_list:
- # Next line will raise an error if user is not present in Keystone database
- user = self.identity_api.get_user_by_name(_user["name"], "default")
- subject_dict[user["id"]] = dict()
- for key in user.keys():
- subject_dict[user["id"]][key] = user[key]
- return self.driver.set_subject_dict(intra_extension_uuid, subject_dict)
+ @enforce("read", "subject_categories")
+ @enforce(("read", "write"), "subject_category_scope")
+ def set_subject_category_dict(self, user_id, intra_extension_id, subject_category_list):
+ subject_category = {uuid4().hex: item for item in subject_category_list}
+ subject_category_dict = self.driver.set_subject_category_dict(intra_extension_id, subject_category)
+ # if we add a new category, we must add it to the subject_category_scope
+ for _cat in subject_category.keys():
+ try:
+ _ = self.driver.get_subject_scope_dict(intra_extension_id, _cat)
+ except SubjectScopeUnknown:
+ self.driver.set_subject_scope_dict(intra_extension_id, _cat, {})
+ return subject_category_dict
@filter_args
- @enforce(("read", "write"), "subjects")
- def add_subject_dict(self, user_id, intra_extension_uuid, subject_name):
- # Next line will raise an error if user is not present in Keystone database
- user = self.identity_api.get_user_by_name(subject_name, "default")
- subjects = self.driver.add_subject(intra_extension_uuid, user["id"], user)
- return subjects
+ @enforce(("read", "write"), "subject_categories")
+ @enforce(("read", "write"), "subject_category_scope")
+ def add_subject_category(self, user_id, intra_extension_id, subject_category_name):
+ # TODO (asteroide): we must check input here.
+ # TODO: add category to scope
+ subject_category_id = uuid4().hex
+ return self.driver.add_subject_category(intra_extension_id, subject_category_id, subject_category_name)
@filter_args
- @enforce("read", "subjects")
- @enforce("write", "subjects")
- def del_subject(self, user_id, intra_extension_uuid, subject_uuid):
- self.driver.remove_subject(intra_extension_uuid, subject_uuid)
+ @enforce(("read", "write"), "subject_categories")
+ @enforce(("read", "write"), "subject_category_scope")
+ def del_subject_category(self, user_id, intra_extension_id, subject_category_id):
+ # TODO: del category from scope
+ return self.driver.del_subject_category(intra_extension_id, subject_category_id)
@filter_args
- @enforce("read", "objects")
- def get_object_dict(self, user_id, intra_extension_uuid):
- return self.driver.get_object_dict(intra_extension_uuid)
+ @enforce("read", "object_categories")
+ def get_object_category_dict(self, user_id, intra_extension_id):
+ return self.driver.get_object_category_dict(intra_extension_id)
@filter_args
- @enforce(("read", "write"), "objects")
- def set_object_dict(self, user_id, intra_extension_uuid, object_list):
+ @enforce("read", "object_categories")
+ @enforce(("read", "write"), "object_category_scope")
+ def set_object_category_dict(self, user_id, intra_extension_id, object_category_list):
# TODO (asteroide): we must check input here.
- object_dict = {uuid4().hex: item for item in object_list}
- return self.driver.set_object_dict(intra_extension_uuid, object_dict)
+ object_category = {uuid4().hex: item for item in object_category_list}
+ object_category_dict = self.driver.set_object_category_dict(intra_extension_id, object_category)
+ # if we add a new category, we must add it to the object_category_scope
+ for _cat in object_category.keys():
+ try:
+ _ = self.driver.get_object_scope_dict(intra_extension_id, _cat)
+ except ObjectScopeUnknown:
+ self.driver.set_object_scope_dict(intra_extension_id, _cat, {})
+ return object_category_dict
@filter_args
- @enforce(("read", "write"), "objects")
- def add_object_dict(self, user_id, intra_extension_uuid, object_dict):
+ @enforce(("read", "write"), "object_categories")
+ @enforce(("read", "write"), "object_category_scope")
+ def add_object_category(self, user_id, intra_extension_id, object_category_name):
# TODO (asteroide): we must check input here.
- object_uuid = uuid4().hex
- return self.driver.add_object(intra_extension_uuid, object_uuid, object_dict)
+ # TODO: add category to scope
+ object_category_id = uuid4().hex
+ return self.driver.add_object_category(intra_extension_id, object_category_id, object_category_name)
@filter_args
- @enforce("read", "objects")
- @enforce("write", "objects")
- def del_object(self, user_id, intra_extension_uuid, object_uuid):
- self.driver.remove_object(intra_extension_uuid, object_uuid)
+ @enforce(("read", "write"), "object_categories")
+ @enforce(("read", "write"), "object_category_scope")
+ def del_object_category(self, user_id, intra_extension_id, object_id):
+ # TODO: add category to scope
+ return self.driver.del_object_category(intra_extension_id, object_id)
@filter_args
- @enforce("read", "actions")
- def get_action_dict(self, user_id, intra_extension_uuid):
- return self.driver.get_action_dict(intra_extension_uuid)
+ @enforce("read", "action_categories")
+ def get_action_category_dict(self, user_id, intra_extension_id):
+ return self.driver.get_action_category_dict(intra_extension_id)
@filter_args
- @enforce(("read", "write"), "actions")
- def set_action_dict(self, user_id, intra_extension_uuid, action_list):
+ @enforce(("read", "write"), "action_categories")
+ @enforce(("read", "write"), "action_category_scope")
+ def set_action_category_dict(self, user_id, intra_extension_id, action_category_list):
# TODO (asteroide): we must check input here.
- action_dict = {uuid4().hex: item for item in action_list}
- return self.driver.set_action_dict(intra_extension_uuid, action_dict)
+ action_category = {uuid4().hex: item for item in action_category_list}
+ action_category_dict = self.driver.set_action_category_dict(intra_extension_id, action_category)
+ # if we add a new category, we must add it to the action_category_scope
+ for _cat in action_category.keys():
+ try:
+ _ = self.driver.get_action_scope_dict(intra_extension_id, _cat)
+ except ActionScopeUnknown:
+ self.driver.set_action_scope_dict(intra_extension_id, _cat, {})
+ return action_category_dict
@filter_args
- @enforce(("read", "write"), "actions")
- def add_action_dict(self, user_id, intra_extension_uuid, action_dict):
+ @enforce(("read", "write"), "action_categories")
+ @enforce(("read", "write"), "action_category_scope")
+ def add_action_category(self, user_id, intra_extension_id, action_category_name):
# TODO (asteroide): we must check input here.
- action_uuid = uuid4().hex
- return self.driver.add_action(intra_extension_uuid, action_uuid, action_dict)
+ # TODO: add category in scope
+ action_category_id = uuid4().hex
+ return self.driver.add_action_category(intra_extension_id, action_category_id, action_category_name)
@filter_args
- @enforce("read", "actions")
- @enforce("write", "actions")
- def del_action(self, user_id, intra_extension_uuid, action_uuid):
- self.driver.remove_action(intra_extension_uuid, action_uuid)
+ @enforce(("read", "write"), "action_categories")
+ @enforce(("read", "write"), "action_category_scope")
+ def del_action_category(self, user_id, intra_extension_id, action_id):
+ return self.driver.del_action_category(intra_extension_id, action_id)
- # Metadata functions
+ # Perimeter functions
@filter_args
- @enforce("read", "subject_categories")
- def get_subject_category_dict(self, user_id, intra_extension_uuid):
- return self.driver.get_subject_category_dict(intra_extension_uuid)
+ @enforce("read", "subjects")
+ def get_subject_dict(self, user_id, intra_extension_id):
+ return self.driver.get_subject_dict(intra_extension_id)
@filter_args
- @enforce("read", "subject_categories")
- @enforce("read", "subject_category_scope")
- @enforce("write", "subject_category_scope")
- def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_list):
- subject_category = {uuid4().hex: item for item in subject_category_list}
- subject_category_dict = self.driver.set_subject_category_dict(intra_extension_uuid, subject_category)
- # if we add a new category, we must add it to the subject_category_scope
- for _cat in subject_category.keys():
- try:
- _ = self.driver.get_subject_category_scope_dict(intra_extension_uuid, _cat)
- except SubjectScopeUnknown:
- self.driver.set_subject_category_scope_dict(intra_extension_uuid, _cat, {})
- return subject_category_dict
+ @enforce(("read", "write"), "subjects")
+ def set_subject_dict(self, user_id, intra_extension_id, subject_list):
+ # TODO: propose to remove this
+ subject_dict = {}
+ for _user in subject_list:
+ # Next line will raise an error if user is not present in Keystone database
+ user = self.identity_api.get_user_by_name(_user["name"], "default")
+ subject_dict[user["id"]] = dict()
+ for key in user.keys():
+ subject_dict[user["id"]][key] = user[key]
+ return self.driver.set_subject_dict(intra_extension_id, subject_dict)
@filter_args
- @enforce("read", "subject_categories")
- @enforce("write", "subject_categories")
- def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_dict):
- # TODO (asteroide): we must check input here.
- subject_category_uuid = uuid4().hex
- subject_categories = self.driver.add_subject_category_dict(
- intra_extension_uuid, subject_category_uuid, subject_category_dict)
- return subject_categories
+ @enforce(("read", "write"), "subjects")
+ def add_subject(self, user_id, intra_extension_id, subject_name):
+ # Next line will raise an error if user is not present in Keystone database
+ subject_dict = self.identity_api.get_user_by_name(subject_name, "default")
+ subjects = self.driver.add_subject(intra_extension_id, subject_dict["id"], subject_name)
+ return subjects
@filter_args
- @enforce("write", "subject_categories")
- def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid):
- return self.driver.remove_subject_category(intra_extension_uuid, subject_uuid)
+ @enforce(("read", "write"), "subjects")
+ def del_subject(self, user_id, intra_extension_id, subject_id):
+ self.driver.del_subject(intra_extension_id, subject_id)
@filter_args
- @enforce("read", "object_categories")
- def get_object_category_dict(self, user_id, intra_extension_uuid):
- return self.driver.get_object_category_dict(intra_extension_uuid)
+ @enforce("read", "objects")
+ def get_object_dict(self, user_id, intra_extension_id):
+ return self.driver.get_object_dict(intra_extension_id)
@filter_args
- @enforce("read", "object_categories")
- @enforce("read", "object_category_scope")
- @enforce("write", "object_category_scope")
- def set_object_category_dict(self, user_id, intra_extension_uuid, object_category_list):
+ @enforce(("read", "write"), "objects")
+ def set_object_dict(self, user_id, intra_extension_id, object_list):
+ # TODO: propose to remove this
# TODO (asteroide): we must check input here.
- object_category = {uuid4().hex: item for item in object_category_list}
- object_category_dict = self.driver.set_object_category_dict(intra_extension_uuid, object_category)
- # if we add a new category, we must add it to the object_category_scope
- for _cat in object_category.keys():
- try:
- _ = self.driver.get_object_category_scope_dict(intra_extension_uuid, _cat)
- except ObjectScopeUnknown:
- self.driver.set_object_category_scope_dict(intra_extension_uuid, _cat, {})
- return object_category_dict
+ object_dict = {uuid4().hex: item for item in object_list}
+ return self.driver.set_object_dict(intra_extension_id, object_dict)
@filter_args
- @enforce("read", "object_categories")
- @enforce("write", "object_categories")
- def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_dict):
+ @enforce(("read", "write"), "objects")
+ def add_object(self, user_id, intra_extension_id, object_name):
# TODO (asteroide): we must check input here.
- object_category_uuid = uuid4().hex
- object_categories = self.driver.add_object_category_dict(
- intra_extension_uuid, object_category_uuid, object_category_dict)
- return object_categories
+ object_id = uuid4().hex
+ return self.driver.add_object(intra_extension_id, object_id, object_name)
@filter_args
- @enforce("write", "object_categories")
- def del_object_category(self, user_id, intra_extension_uuid, object_uuid):
- return self.driver.remove_object_category(intra_extension_uuid, object_uuid)
+ @enforce(("read", "write"), "objects")
+ def del_object(self, user_id, intra_extension_id, object_id):
+ self.driver.del_object(intra_extension_id, object_id)
@filter_args
- @enforce("read", "action_categories")
- def get_action_category_dict(self, user_id, intra_extension_uuid):
- return self.driver.get_action_category_dict(intra_extension_uuid)
+ @enforce("read", "actions")
+ def get_action_dict(self, user_id, intra_extension_id):
+ # TODO: check will be done through super_extension later
+ return self.driver.get_action_dict(intra_extension_id)
@filter_args
- @enforce("read", "action_categories")
- @enforce("read", "action_category_scope")
- @enforce("write", "action_category_scope")
- def set_action_category_dict(self, user_id, intra_extension_uuid, action_category_list):
+ @enforce(("read", "write"), "actions")
+ def set_action_dict(self, user_id, intra_extension_id, action_list):
+ # TODO: propose to remove this
# TODO (asteroide): we must check input here.
- action_category = {uuid4().hex: item for item in action_category_list}
- action_category_dict = self.driver.set_action_category_dict(intra_extension_uuid, action_category)
- # if we add a new category, we must add it to the action_category_scope
- for _cat in action_category.keys():
- try:
- _ = self.driver.get_action_category_scope_dict(intra_extension_uuid, _cat)
- except ActionScopeUnknown:
- self.driver.set_action_category_scope_dict(intra_extension_uuid, _cat, {})
- return action_category_dict
+ action_dict = {uuid4().hex: item for item in action_list}
+ return self.driver.set_action_dict(intra_extension_id, action_dict)
@filter_args
- @enforce("read", "action_categories")
- @enforce("write", "action_categories")
- def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_dict):
+ @enforce(("read", "write"), "actions")
+ def add_action(self, user_id, intra_extension_id, action_name):
# TODO (asteroide): we must check input here.
- action_category_uuid = uuid4().hex
- action_categories = self.driver.add_action_category_dict(
- intra_extension_uuid, action_category_uuid, action_category_dict)
- return action_categories
+ action_id = uuid4().hex
+ return self.driver.add_action(intra_extension_id, action_id, action_name)
@filter_args
- @enforce("write", "action_categories")
- def del_action_category(self, user_id, intra_extension_uuid, action_uuid):
- return self.driver.remove_action_category(intra_extension_uuid, action_uuid)
+ @enforce(("read", "write"), "actions")
+ def del_action(self, user_id, intra_extension_id, action_id):
+ self.driver.del_action(intra_extension_id, action_id)
# Scope functions
+
@filter_args
- @enforce("read", "subject_category_scope")
- @enforce("read", "subject_category")
- def get_subject_category_scope_dict(self, user_id, intra_extension_uuid, category):
- if category not in self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"]:
+ @enforce("read", "subject_scopes")
+ @enforce("read", "subject_categories")
+ def get_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id):
+ if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]:
raise SubjectCategoryUnknown()
- return self.driver.get_subject_category_scope_dict(intra_extension_uuid, category)
+ return self.driver.get_subject_scope_dict(intra_extension_id, subject_category_id)
@filter_args
- @enforce("read", "subject_category_scope")
- @enforce("read", "subject_category")
- def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list):
+ @enforce(("read", "write"), "subject_scopes")
+ @enforce("read", "subject_categorys")
+ def set_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_name_list):
# TODO (asteroide): we must check input here.
- scope_dict = {uuid4().hex: item for item in scope_list}
- return self.driver.set_subject_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict)
+ if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]:
+ raise SubjectCategoryUnknown()
+ subject_scope_dict = {uuid4().hex: item for item in subject_scope_name_list}
+ return self.driver.set_subject_scope_dict(intra_extension_id, subject_category_id, subject_scope_dict)
@filter_args
- @enforce(("read", "write"), "subject_category_scope")
- @enforce("read", "subject_category")
- def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict):
+ @enforce(("read", "write"), "subject_scopes")
+ @enforce("read", "subject_categories")
+ def add_subject_scope(self, user_id, intra_extension_id, subject_category_id, subject_scope_name):
# TODO (asteroide): we must check input here.
- scope_uuid = uuid4().hex
- return self.driver.add_subject_category_scope_dict(
- intra_extension_uuid,
- category_uuid,
- scope_uuid,
- scope_dict)
+ if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]:
+ raise SubjectCategoryUnknown()
+ subject_scope_id = uuid4().hex
+ return self.driver.add_subject_scope(
+ intra_extension_id,
+ subject_category_id,
+ subject_scope_id,
+ subject_scope_name)
@filter_args
- @enforce("write", "subject_category_scope")
- @enforce("read", "subject_category")
- def del_subject_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid):
- self.driver.remove_subject_category_scope_dict(
- intra_extension_uuid,
- category_uuid,
- scope_uuid)
+ @enforce(("read", "write"), "subject_scopes")
+ @enforce("read", "subject_categories")
+ def del_subject_scope(self, user_id, intra_extension_id, subject_category_id, subject_scope_id):
+ if subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]:
+ raise SubjectCategoryUnknown()
+ self.driver.del_subject_scope(intra_extension_id, subject_category_id, subject_scope_id)
@filter_args
- @enforce("read", "object_category_scope")
- @enforce("read", "object_category")
- def get_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid):
- return self.driver.get_object_category_scope_dict(intra_extension_uuid, category_uuid)
+ @enforce("read", "object_category_scopes")
+ @enforce("read", "object_categorys")
+ def get_object_scope_dict(self, user_id, intra_extension_id, object_category_id):
+ return self.driver.get_object_scope_dict(intra_extension_id, object_category_id)
@filter_args
- @enforce("read", "object_category_scope")
- @enforce("read", "object_category")
- def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list):
+ @enforce(("read", "write"), "object_scopes")
+ @enforce("read", "object_categories")
+ def set_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_name_list):
# TODO (asteroide): we must check input here.
- scope_dict = {uuid4().hex: item for item in scope_list}
- return self.driver.set_object_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict)
+ if object_category_id not in self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]:
+ raise ObjectCategoryUnknown()
+ object_scope_dict = {uuid4().hex: item for item in object_scope_name_list}
+ return self.driver.set_object_scope_dict(intra_extension_id, object_category_id, object_scope_dict)
@filter_args
- @enforce(("read", "write"), "object_category_scope")
- @enforce("read", "object_category")
- def add_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict):
+ @enforce(("read", "write"), "object_scopes")
+ @enforce("read", "object_categories")
+ def add_object_scope(self, user_id, intra_extension_id, object_category_id, object_scope_name):
# TODO (asteroide): we must check input here.
- scope_uuid = uuid4().hex
- return self.driver.add_subject_category_scope_dict(
- intra_extension_uuid,
- category_uuid,
- scope_uuid,
- scope_dict)
+ if object_category_id not in self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]:
+ raise ObjectCategoryUnknown()
+ object_scope_id = uuid4().hex
+ return self.driver.add_subject_scope(
+ intra_extension_id,
+ object_category_id,
+ object_scope_id,
+ object_scope_name)
@filter_args
- @enforce("write", "object_category_scope")
- @enforce("read", "object_category")
- def del_object_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid):
- self.driver.remove_object_category_scope_dict(
- intra_extension_uuid,
- category_uuid,
- scope_uuid)
+ @enforce(("read", "write"), "object_scopes")
+ @enforce("read", "object_categories")
+ def del_object_scope(self, user_id, intra_extension_id, object_category_id, object_scope_id):
+ if object_category_id not in self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]:
+ raise ObjectCategoryUnknown()
+ self.driver.del_object_scope(
+ intra_extension_id,
+ object_category_id,
+ object_scope_id)
@filter_args
- @enforce("read", "action_category_scope")
- @enforce("read", "action_category")
- def get_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid):
- return self.driver.get_action_category_scope_dict(intra_extension_uuid, category_uuid)
+ @enforce("read", "action_category_scopes")
+ @enforce("read", "action_categories")
+ def get_action_scope_dict(self, user_id, intra_extension_id, action_category_id):
+ if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]:
+ raise ActionCategoryUnknown()
+ return self.driver.get_action_scope_dict(intra_extension_id, action_category_id)
@filter_args
- @enforce(("read", "write"), "action_category_scope")
- @enforce("read", "action_category")
- def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list):
+ @enforce(("read", "write"), "action_scopes")
+ @enforce("read", "action_categories")
+ def set_action_scope_dict(self, user_id, intra_extension_id, action_category_id, action_scope_name_list):
# TODO (asteroide): we must check input here.
- scope_dict = {uuid4().hex: item for item in scope_list}
- return self.driver.set_action_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict)
+ if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]:
+ raise ActionCategoryUnknown()
+ action_scope_dict = {uuid4().hex: item for item in action_scope_name_list}
+ return self.driver.set_action_scope_dict(intra_extension_id, action_category_id, action_scope_dict)
@filter_args
- @enforce(("read", "write"), "action_category_scope")
- @enforce("read", "action_category")
- def add_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict):
+ @enforce(("read", "write"), "action_scopes")
+ @enforce("read", "action_categories")
+ def add_action_scope(self, user_id, intra_extension_id, action_category_id, action_scope_name):
# TODO (asteroide): we must check input here.
- scope_uuid = uuid4().hex
- return self.driver.add_action_category_scope_dict(
- intra_extension_uuid,
- category_uuid,
- scope_uuid,
- scope_dict)
+ if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]:
+ raise ActionCategoryUnknown()
+ action_scope_id = uuid4().hex
+ return self.driver.add_action_scope(
+ intra_extension_id,
+ action_category_id,
+ action_scope_id,
+ action_scope_name)
@filter_args
- @enforce("write", "action_category_scope")
- @enforce("read", "action_category")
- def del_action_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid):
- self.driver.remove_action_category_scope_dict(
- intra_extension_uuid,
- category_uuid,
- scope_uuid)
+ @enforce(("read", "write"), "action_scopes")
+ @enforce("read", "action_categories")
+ def del_action_scope(self, user_id, intra_extension_id, action_category_id, action_scope_id):
+ if action_category_id not in self.get_action_category_dict(user_id, intra_extension_id)["action_categories"]:
+ raise ActionCategoryUnknown()
+ self.driver.del_action_scope(intra_extension_id, action_category_id, action_scope_id)
# Assignment functions
@filter_args
- @enforce("read", "subject_category_assignment")
+ @enforce("read", "subject_assignments")
@enforce("read", "subjects")
- def get_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid):
- return self.driver.get_subject_category_assignment_dict(intra_extension_uuid, subject_uuid)
+ def get_subject_assignment_dict(self, user_id, intra_extension_id, subject_id):
+ if subject_id not in self.get_subject_dict(user_id, intra_extension_id):
+ raise SubjectUnknown()
+ return self.driver.get_subject_assignment_dict(intra_extension_id, subject_id)
@filter_args
- @enforce("read", "subject_category_assignment")
- @enforce("write", "subject_category_assignment")
+ @enforce(("read", "write"), "subject_assignments")
@enforce("read", "subjects")
- def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict):
- # TODO (asteroide): we must check input here.
- return self.driver.set_subject_category_assignment_dict(intra_extension_uuid, subject_uuid, assignment_dict)
+ def set_subject_assignment_dict(self, user_id, intra_extension_id, subject_id, subject_assignment_dict):
+ if subject_id not in self.get_subject_dict(user_id, intra_extension_id):
+ raise SubjectUnknown()
+ return self.driver.set_subject_assignment_dict(intra_extension_id, subject_id, subject_assignment_dict)
@filter_args
- @enforce("read", "subject_category_assignment")
- @enforce("write", "subject_category_assignment")
+ @enforce(("read", "write"), "subject_assignments")
@enforce("read", "subjects")
- @enforce("read", "subject_category")
- @enforce("read", "subject_scope")
- def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
- self.driver.remove_subject_category_assignment(intra_extension_uuid, subject_uuid, category_uuid, scope_uuid)
+ @enforce("read", "subject_categories")
+ def add_subject_assignment(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+ if subject_id not in self.get_subject_dict(user_id, intra_extension_id):
+ raise SubjectUnknown()
+ elif subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id):
+ raise SubjectCategoryUnknown()
+ elif subject_scope_id not in self.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id):
+ raise SubjectAssignmentOutOfScope()
+ # TODO: raise SubjectAssignmentExisting() for the below func
+ return self.driver.add_subject_assignment(intra_extension_id, subject_id, subject_category_id, subject_scope_id)
@filter_args
- @enforce("write", "subject_category_assignment")
+ @enforce(("read", "write"), "subject_assignments")
@enforce("read", "subjects")
- @enforce("read", "subject_category")
- def add_subject_category_assignment_dict(self,
- user_id,
- intra_extension_uuid,
- subject_uuid,
- category_uuid,
- scope_uuid):
- return self.driver.add_subject_category_assignment_dict(
- intra_extension_uuid, subject_uuid, category_uuid, scope_uuid)
+ @enforce("read", "subject_categories")
+ @enforce("read", "subject_scopes")
+ def del_subject_assignment(self, user_id, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+ if subject_id not in self.get_subject_dict(user_id, intra_extension_id):
+ raise SubjectUnknown()
+ elif subject_category_id not in self.get_subject_category_dict(user_id, intra_extension_id):
+ raise SubjectCategoryUnknown()
+ elif subject_scope_id not in self.get_subject_scope_dict(user_id, intra_extension_id, subject_category_id):
+ raise SubjectAssignmentOutOfScope
+ # TODO: raise SubjectAssignmentUnknown() for the below func
+ return self.driver.del_subject_category_assignment(intra_extension_id, subject_id, subject_category_id, subject_scope_id)
@filter_args
- @enforce("read", "object_category_assignment")
+ @enforce("read", "object_assignments")
@enforce("read", "objects")
- def get_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid):
- return self.driver.get_object_category_assignment_dict(intra_extension_uuid, object_uuid)
+ def get_object_assignment_dict(self, user_id, intra_extension_id, object_id):
+ if object_id not in self.get_object_dict(user_id, intra_extension_id):
+ raise ObjectUnknown()
+ return self.driver.get_object_assignment_dict(intra_extension_id, object_id)
@filter_args
- @enforce("read", "object_category_assignment")
- @enforce("write", "object_category_assignment")
+ @enforce(("read", "write"), "object_assignments")
@enforce("read", "objects")
- def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict):
- # TODO (asteroide): we must check input here.
- return self.driver.set_object_category_assignment_dict(intra_extension_uuid, object_uuid, assignment_dict)
+ def set_object_category_assignment_dict(self, user_id, intra_extension_id, object_id, object_assignment_dict):
+ if object_id not in self.get_object_dict(user_id, intra_extension_id):
+ raise ObjectUnknown()
+ return self.driver.set_object_assignment_dict(intra_extension_id, object_id, object_assignment_dict)
@filter_args
- @enforce("read", "object_category_assignment")
- @enforce("write", "object_category_assignment")
+ @enforce(("read", "write"), "object_assignments")
@enforce("read", "objects")
@enforce("read", "object_category")
- def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
- self.driver.remove_object_category_assignment(intra_extension_uuid, object_uuid, category_uuid, scope_uuid)
+ def add_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
+ if object_id not in self.get_object_dict(user_id, intra_extension_id):
+ raise ObjectUnknown()
+ elif object_category_id not in self.get_object_category_dict(user_id, intra_extension_id):
+ raise ObjectCategoryUnknown()
+ elif object_scope_id not in self.get_object_scope_dict(user_id, intra_extension_id, object_category_id):
+ raise ObjectAssignmentOutOfScope()
+ # TODO: raise ObjectAssignmentExisting() for the below func
+ return self.driver.add_object_assignment(intra_extension_id, object_id, object_category_id, object_scope_id)
@filter_args
- @enforce("write", "object_category_assignment")
+ @enforce(("read", "write"), "object_assignments")
@enforce("read", "objects")
- @enforce("read", "object_category")
- def add_object_category_assignment_dict(self,
- user_id,
- intra_extension_uuid,
- object_uuid,
- category_uuid,
- scope_uuid):
- return self.driver.add_object_category_assignment_dict(
- intra_extension_uuid, object_uuid, category_uuid, scope_uuid)
+ @enforce("read", "object_categories")
+ def del_object_assignment(self, user_id, intra_extension_id, object_id, object_category_id, object_scope_id):
+ if object_id not in self.get_object_dict(user_id, intra_extension_id):
+ raise ObjectUnknown()
+ elif object_category_id not in self.get_object_category_dict(user_id, intra_extension_id):
+ raise ObjectCategoryUnknown()
+ elif object_scope_id not in self.get_object_scope_dict(user_id, intra_extension_id, object_category_id):
+ raise ObjectAssignmentOutOfScope()
+ # TODO: raise SubjectAssignmentUnknown() for the below func
+ return self.driver.del_object_assignment(intra_extension_id, object_id, object_category_id, object_scope_id)
@filter_args
- @enforce("read", "action_category_assignment")
+ @enforce("read", "action_assignments")
@enforce("read", "actions")
- def get_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid):
- return self.driver.get_action_category_assignment_dict(intra_extension_uuid, action_uuid)
+ def get_action_assignment_dict(self, user_id, intra_extension_id, action_id):
+ if action_id not in self.get_action_dict(user_id, intra_extension_id):
+ raise ActionUnknown()
+ return self.driver.get_action_assignment_dict(intra_extension_id, action_id)
@filter_args
- @enforce("read", "action_category_assignment")
- @enforce("write", "action_category_assignment")
+ @enforce(("read", "write"), "action_assignments")
@enforce("read", "actions")
- def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict):
- # TODO (asteroide): we must check input here.
- return self.driver.set_action_category_assignment_dict(intra_extension_uuid, action_uuid, assignment_dict)
+ def set_action_assignment_dict(self, user_id, intra_extension_id, action_id, action_assignment_dict):
+ if action_id not in self.get_action_dict(user_id, intra_extension_id):
+ raise ActionUnknown()
+ return self.driver.set_action_assignment_dict(intra_extension_id, action_id, action_assignment_dict)
@filter_args
- @enforce("read", "action_category_assignment")
- @enforce("write", "action_category_assignment")
+ @enforce(("read", "write"), "action_assignments")
@enforce("read", "actions")
- @enforce("read", "action_category")
- def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
- self.driver.remove_action_category_assignment(intra_extension_uuid, action_uuid, category_uuid, scope_uuid)
+ @enforce("read", "action_categories")
+ def add_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
+ if action_id not in self.get_action_dict(user_id, intra_extension_id):
+ raise ActionUnknown()
+ elif action_category_id not in self.get_action_category_dict(user_id, intra_extension_id):
+ raise ActionCategoryUnknown()
+ elif action_scope_id not in self.get_action_scope_dict(user_id, intra_extension_id, action_category_id):
+ raise ActionAssignmentOutOfScope()
+ # TODO: raise ActionAssignmentExisting() for the below func
+ return self.driver.add_action_assignment(intra_extension_id, action_id, action_category_id, action_scope_id)
@filter_args
- @enforce("write", "action_category_assignment")
+ @enforce(("read", "write"), "action_assignments")
@enforce("read", "actions")
- @enforce("read", "action_category")
- def add_action_category_assignment_dict(self,
- user_id,
- intra_extension_uuid,
- action_uuid,
- category_uuid,
- scope_uuid):
- return self.driver.add_action_category_assignment_dict(
- intra_extension_uuid,
- action_uuid,
- category_uuid,
- scope_uuid
- )
+ @enforce("read", "action_categories")
+ def del_action_assignment(self, user_id, intra_extension_id, action_id, action_category_id, action_scope_id):
+ if action_id not in self.get_action_dict(user_id, intra_extension_id):
+ raise ActionUnknown()
+ elif action_category_id not in self.get_action_category_dict(user_id, intra_extension_id):
+ raise ActionCategoryUnknown()
+ elif action_scope_id not in self.get_action_scope_dict(user_id, intra_extension_id, action_category_id):
+ raise ActionAssignmentUnknown()
+ # TODO: raise ActionAssignmentUnknown() for the below func
+ return self.driver.del_action_assignment(intra_extension_id, action_id, action_category_id, action_scope_id)
# Metarule functions
+
@filter_args
- @enforce("read", "aggregation_algorithms")
- def get_aggregation_algorithm(self, user_id, intra_extension_uuid):
- return self.driver.get_meta_rule_dict(intra_extension_uuid)
+ @enforce("write", "aggregation_algorithm")
+ def add_aggregation_algorithm(self, user_id, intra_extension_id, aggregation_algorithm_id):
+ if aggregation_algorithm_id is not self.dirver.get_aggregation_algorithm(intra_extension_id):
+ raise AggregationAlgorithmNotExisting()
+ elif aggregation_algorithm_id not in self.configuration_api.get_aggregation_algorithms:
+ raise AggregationAlgorithmOutOfScope()
+ return self.driver.add_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id)
@filter_args
- @enforce("read", "aggregation_algorithms")
- @enforce("write", "aggregation_algorithms")
- def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm):
- if aggregation_algorithm not in self.get_aggregation_algorithms(
- user_id, intra_extension_uuid)["aggregation_algorithms"]:
- raise IntraExtensionError("Unknown aggregation_algorithm: {}".format(aggregation_algorithm))
- meta_rule = self.driver.get_meta_rule_dict(intra_extension_uuid)
- meta_rule["aggregation"] = aggregation_algorithm
- return self.driver.set_meta_rule_dict(intra_extension_uuid, meta_rule)
+ @enforce("read", "aggregation_algorithm")
+ def get_aggregation_algorithm(self, user_id, intra_extension_id):
+ return self.driver.get_aggregation_algorithm(intra_extension_id)
+
+ @filter_args
+ @enforce("write", "aggregation_algorithm")
+ def del_aggregation_algorithm(self, user_id, intra_extension_id, aggregation_algorithm_id):
+ if aggregation_algorithm_id is not self.dirver.get_aggregation_algorithm(intra_extension_id):
+ raise AggregationAlgorithmNotExisting()
+ return self.driver.del_aggregation_algorithm(intra_extension_id, aggregation_algorithm_id)
@filter_args
- @enforce("read", "sub_meta_rule")
- def get_sub_meta_rule(self, user_id, intra_extension_uuid):
- return self.driver.get_meta_rule_dict(intra_extension_uuid)
+ @enforce("read", "sub_meta_rules")
+ def get_sub_meta_rule_dict(self, user_id, intra_extension_id):
+ return self.driver.get_meta_rule_dict(intra_extension_id)
@filter_args
- @enforce("read", "sub_meta_rule")
- @enforce("write", "sub_meta_rule")
- def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules):
- # TODO: check which algorithms are really usable
+ @enforce(("read", "write"), "sub_meta_rules")
+ def add_sub_meta_rule_dict(self, user_id,
+ intra_extension_id,
+ sub_meta_rule_name,
+ subject_category_list,
+ object_category_list,
+ action_category_list,
+ sub_meta_rule_algorithm):
+ for sub_meta_rule_id in sub_meta_rule_dict:
+ if sub_meta_rule_id not in self.get_sub_meta_rule_dict(user_id, intra_extension_id):
+ raise SubMetaRuleOutOfScope()
+ # for cat in ("subject_categories", "object_categories", "action_categories"):
+ # if cat not in sub_meta_rule_dict[sub_meta_rule_id]:
+ # raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat))
+ # if type(sub_meta_rule_dict[sub_meta_rule_id][cat]) is not list:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat))
+ # subject_categories = self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]
+ # for data in list(sub_meta_rule_dict[sub_meta_rule_id]["subject_categories"]):
+ # if data not in subject_categories:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format(
+ # data, subject_categories))
+ # object_categories = self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]
+ # for data in sub_meta_rule_dict[sub_meta_rule_id]["object_categories"]:
+ # if data not in object_categories:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format(
+ # data, object_categories))
+ # action_categories = self.get_action_category_dict(user_id, intra_extension_id)["actions_categories"]
+ # for data in sub_meta_rule_dict[sub_meta_rule_id]["action_categories"]:
+ # if data not in action_categories:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format(
+ # data, action_categories))
+
+ return self.driver.set_meta_rule_dict(intra_extension_id,sub_meta_rule_dict)
+
+ @filter_args
+ @enforce(("read", "write"), "sub_meta_rules")
+ def set_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_dict):
# TODO (dthom): When sub_meta_rule is set, all rules must be dropped
- # because the previous rules cannot be mapped to the new sub_meta_rule.
- for relation in sub_meta_rules.keys():
- if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]:
- raise IntraExtensionError("set_sub_meta_rule unknown MetaRule relation {}".format(relation))
- for cat in ("subject_categories", "object_categories", "action_categories"):
- if cat not in sub_meta_rules[relation]:
- raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat))
- if type(sub_meta_rules[relation][cat]) is not list:
- raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat))
- subject_categories = self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"]
- for data in list(sub_meta_rules[relation]["subject_categories"]):
- if data not in subject_categories:
- raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format(
- data, subject_categories))
- object_categories = self.get_object_category_dict(user_id, intra_extension_uuid)["object_categories"]
- for data in sub_meta_rules[relation]["object_categories"]:
- if data not in object_categories:
- raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format(
- data, object_categories))
- action_categories = self.get_action_category_dict(user_id, intra_extension_uuid)["actions_categories"]
- for data in sub_meta_rules[relation]["action_categories"]:
- if data not in action_categories:
- raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format(
- data, action_categories))
- aggregation = self.driver.get_meta_rule_dict(intra_extension_uuid)["aggregation"]
- return self.driver.set_meta_rule_dict(
- intra_extension_uuid,
- {
- "aggregation": aggregation,
- "sub_meta_rules": sub_meta_rules
- })
-
- # Sub-rules functions
+ for sub_meta_rule_id in sub_meta_rule_dict:
+ if sub_meta_rule_id not in self.get_sub_meta_rule_dict(user_id, intra_extension_id):
+ raise SubMetaRuleOutOfScope()
+ # for cat in ("subject_categories", "object_categories", "action_categories"):
+ # if cat not in sub_meta_rule_dict[sub_meta_rule_id]:
+ # raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat))
+ # if type(sub_meta_rule_dict[sub_meta_rule_id][cat]) is not list:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat))
+ # subject_categories = self.get_subject_category_dict(user_id, intra_extension_id)["subject_categories"]
+ # for data in list(sub_meta_rule_dict[sub_meta_rule_id]["subject_categories"]):
+ # if data not in subject_categories:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format(
+ # data, subject_categories))
+ # object_categories = self.get_object_category_dict(user_id, intra_extension_id)["object_categories"]
+ # for data in sub_meta_rule_dict[sub_meta_rule_id]["object_categories"]:
+ # if data not in object_categories:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format(
+ # data, object_categories))
+ # action_categories = self.get_action_category_dict(user_id, intra_extension_id)["actions_categories"]
+ # for data in sub_meta_rule_dict[sub_meta_rule_id]["action_categories"]:
+ # if data not in action_categories:
+ # raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format(
+ # data, action_categories))
+ return self.driver.set_meta_rule_dict(intra_extension_id,sub_meta_rule_dict)
+
+ # Rule functions
@filter_args
- @enforce("read", "sub_rules")
- def get_rules(self, user_id, intra_extension_uuid):
- return self.driver.get_rules(intra_extension_uuid)
+ @enforce("read", "rule")
+ def get_rule_dict(self, user_id, intra_extension_id):
+ return self.driver.get_rule_dict(intra_extension_id)
@filter_args
- @enforce("read", "sub_rules")
- @enforce("write", "sub_rules")
- def set_rule(self, user_id, intra_extension_uuid, relation, sub_rule):
- for item in sub_rule:
- if type(item) not in (str, unicode, bool):
- raise IntraExtensionError("Bad input data (sub_rule).")
- ref_rules = self.driver.get_rules(intra_extension_uuid)
- _sub_rule = list(sub_rule)
- if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]:
- raise IntraExtensionError("Bad input data (rules).")
- # filter strings in sub_rule
- sub_rule = [filter_input(x) for x in sub_rule]
- # check if length of sub_rule is correct from metadata_sub_rule
- metadata_sub_rule = self.get_sub_meta_rule(user_id, intra_extension_uuid)
- metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]) + \
- len(metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]) + \
- len(metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]) + 1
- if metadata_sub_rule_length != len(sub_rule):
- raise IntraExtensionError("Bad number of argument in sub_rule {}/{}".format(sub_rule,
- metadata_sub_rule_length))
- # check if each item in sub_rule match a corresponding scope value
- for category in metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]:
- item = _sub_rule.pop(0)
- if item not in self.get_subject_category_scope_dict(
- user_id,
- intra_extension_uuid, category)["subject_category_scope"][category].keys():
- raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item))
- for category in metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]:
- action_categories = self.get_action_category_scope_dict(
- user_id,
- intra_extension_uuid, category)["action_category_scope"][category]
- item = _sub_rule.pop(0)
- if item not in action_categories.keys():
- self.moonlog_api.warning("set_sub_rule bad action value in sub_rule {}/{}".format(category, item))
- raise IntraExtensionError("Bad input data.")
- for category in metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]:
- item = _sub_rule.pop(0)
- if item not in self.get_object_category_scope_dict(
- user_id,
- intra_extension_uuid, category)["object_category_scope"][category].keys():
- raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item))
- # check if relation is already there
- if relation not in ref_rules["rules"]:
- ref_rules["rules"][relation] = list()
+ @enforce(("read", "write"), "rule")
+ def set_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_dict):
+ # for item in rule_dict:
+ # if type(item) not in (str, unicode, bool):
+ # raise IntraExtensionError("Bad input data (sub_rule).")
+ # ref_rules = self.driver.get_rule_dict(intra_extension_id)
+ # _sub_rule = list(rule_dict)
+ # if sub_meta_rule_id not in self.get_sub_meta_rule_relations(user_id, intra_extension_id)["sub_meta_rule_relations"]:
+ # raise IntraExtensionError("Bad input data (rules).")
+ # # filter strings in sub_rule
+ # rule_dict = [filter_input(x) for x in rule_dict]
+ # # check if length of sub_rule is correct from metadata_sub_rule
+ # metadata_sub_rule = self.get_sub_meta_rule_dict(user_id, intra_extension_id)
+ # metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["subject_categories"]) + \
+ # len(metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["action_categories"]) + \
+ # len(metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["object_categories"]) + 1
+ # if metadata_sub_rule_length != len(rule_dict):
+ # raise IntraExtensionError("Bad number of argument in sub_rule {}/{}".format(rule_dict,
+ # metadata_sub_rule_length))
+ # # check if each item in sub_rule match a corresponding scope value
+ # for category in metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["subject_categories"]:
+ # item = _sub_rule.pop(0)
+ # if item not in self.get_subject_scope_dict(
+ # user_id,
+ # intra_extension_id, category)["subject_category_scope"][category].keys():
+ # raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item))
+ # for category in metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["action_categories"]:
+ # action_categories = self.get_action_scope_dict(
+ # user_id,
+ # intra_extension_id, category)["action_category_scope"][category]
+ # item = _sub_rule.pop(0)
+ # if item not in action_categories.keys():
+ # self.moonlog_api.warning("set_sub_rule bad action value in sub_rule {}/{}".format(category, item))
+ # raise IntraExtensionError("Bad input data.")
+ # for category in metadata_sub_rule['sub_meta_rules'][sub_meta_rule_id]["object_categories"]:
+ # item = _sub_rule.pop(0)
+ # if item not in self.get_object_scope_dict(
+ # user_id,
+ # intra_extension_id, category)["object_category_scope"][category].keys():
+ # raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item))
+ # # check if relation is already there
+ # if sub_meta_rule_id not in ref_rules["rules"]:
+ # ref_rules["rules"][sub_meta_rule_id] = list()
# add sub_rule
- ref_rules["rules"][relation].append(sub_rule)
- return self.driver.set_rules(intra_extension_uuid, ref_rules["rules"])
+ ref_rules["rules"][sub_meta_rule_id].append(rule_dict)
+ return self.driver.set_rules(intra_extension_id, ref_rules["rules"])
+
+ @filter_args
+ @enforce(("read", "write"), "rule")
+ def add_rule(self, user_id, intra_extension_id, sub_meta_rule_id, rule_list):
+ # TODO: self.driver.set_rules ???
+ return self.driver.add_rule(intra_extension_id, sub_meta_rule_id, rule_list)
@filter_args
- @enforce("read", "sub_rules")
- @enforce("write", "sub_rules")
- def del_rule(self, user_id, intra_extension_uuid, relation_name, sub_rule):
- ref_rules = self.driver.get_rules(intra_extension_uuid)
- sub_rule = sub_rule.split("+")
- for index, _item in enumerate(sub_rule):
+ @enforce(("read", "write"), "rule")
+ def del_rule(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id):
+ ref_rules = self.driver.get_rule_dict(intra_extension_id)
+ rule_id = rule_id.split("+")
+ for index, _item in enumerate(rule_id):
if "True" in _item:
- sub_rule[index] = True
+ rule_id[index] = True
if "False" in _item:
- sub_rule[index] = False
+ rule_id[index] = False
if relation_name in ref_rules["rules"]:
- if sub_rule in ref_rules["rules"][relation_name]:
- ref_rules["rules"][relation_name].remove(sub_rule)
+ if rule_id in ref_rules["rules"][relation_name]:
+ ref_rules["rules"][relation_name].remove(rule_id)
else:
raise RuleUnknown()
else:
raise IntraExtensionError("Unknown relation name for rules: {}".format(relation_name))
- self.driver.set_rules(intra_extension_uuid, ref_rules["rules"])
-
+ self.driver.set_rules(intra_extension_id, ref_rules["rules"])
+ ref_rules["rules"][sub_meta_rule_id].append(rule_dict)
+ return self.driver.set_rules(intra_extension_id, ref_rules["rules"])
@dependency.provider('authz_api')
@dependency.requires('identity_api', 'tenant_api', 'moonlog_api')
@@ -1254,22 +1330,23 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
__genre__ = "authz"
def authz(self, tenant_name, subject_name, object_name, action_name):
+ # TODO (dthom) add moon log
"""Check authorization for a particular action.
:return: True or False or raise an exception
"""
- tenant_id = self.tenant_api.get_tenant_id_from_name(self.__default_user, tenant_name)
- intra_extension_id = self.tenant_api.get_extension_id(tenant_id, self.__genre__)
- subject_dict = self.get_subject_dict(self.__default_user, intra_extension_id)
+ tenant_id = self.tenant_api.get_tenant_id_from_name(DEFAULT_USER, tenant_name)
+ intra_extension_id = self.tenant_api.get_tenant_intra_extension_id(DEFAULT_USER, tenant_id, self.__genre__)
+ subject_dict = self.get_subject_dict(DEFAULT_USER, intra_extension_id)
subject_id = None
for _subject_id in subject_dict:
if subject_dict[_subject_id] is subject_name:
subject_id = _subject_id
- object_dict = self.get_object_dict(self.__default_user, intra_extension_id)
+ object_dict = self.get_object_dict(DEFAULT_USER, intra_extension_id)
object_id = None
for _object_id in object_dict:
if object_dict[_object_id] is object_name:
object_id = _object_id
- action_dict = self.get_action_dict(self.__default_user, intra_extension_id)
+ action_dict = self.get_action_dict(DEFAULT_USER, intra_extension_id)
action_id = None
for _action_id in action_dict:
if action_dict[_action_id] is action_name:
@@ -1277,13 +1354,13 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id)
- def delete_intra_extension(self, intra_extension_id):
+ def del_intra_extension(self, intra_extension_id):
raise AdminException()
def set_subject_dict(self, user_id, intra_extension_uuid, subject_dict):
raise SubjectAddNotAuthorized()
- def add_subject_dict(self, user_id, intra_extension_uuid, subject_name):
+ def add_subject(self, user_id, intra_extension_uuid, subject_name):
raise SubjectAddNotAuthorized()
def del_subject(self, user_id, intra_extension_uuid, subject_name):
@@ -1292,7 +1369,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_object_dict(self, user_id, intra_extension_uuid, object_dict):
raise ObjectAddNotAuthorized()
- def add_object_dict(self, user_id, intra_extension_uuid, object_name):
+ def add_object(self, user_id, intra_extension_uuid, object_name):
raise ObjectAddNotAuthorized()
def del_object(self, user_id, intra_extension_uuid, object_uuid):
@@ -1301,7 +1378,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_action_dict(self, user_id, intra_extension_uuid, action_dict):
raise ActionAddNotAuthorized()
- def add_action_dict(self, user_id, intra_extension_uuid, action_dict):
+ def add_action(self, user_id, intra_extension_uuid, action_dict):
raise ActionAddNotAuthorized()
def del_action(self, user_id, intra_extension_uuid, action_uuid):
@@ -1310,7 +1387,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category):
raise SubjectCategoryAddNotAuthorized()
- def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_name):
+ def add_subject_category(self, user_id, intra_extension_uuid, subject_category_name):
raise SubjectCategoryAddNotAuthorized()
def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid):
@@ -1319,7 +1396,7 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_object_category_dict(self, user_id, intra_extension_uuid, object_category):
raise ObjectCategoryAddNotAuthorized()
- def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_name):
+ def add_object_category(self, user_id, intra_extension_uuid, object_category_name):
raise ObjectCategoryAddNotAuthorized()
def del_object_category(self, user_id, intra_extension_uuid, object_uuid):
@@ -1328,70 +1405,70 @@ class IntraExtensionAuthzManager(IntraExtensionManager):
def set_action_category_dict(self, user_id, intra_extension_uuid, action_category):
raise ActionCategoryAddNotAuthorized()
- def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_name):
+ def add_action_category(self, user_id, intra_extension_uuid, action_category_name):
raise ActionCategoryAddNotAuthorized()
def del_action_category(self, user_id, intra_extension_uuid, action_uuid):
raise ActionCategoryDelNotAuthorized()
- def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category, scope):
+ def set_subject_scope_dict(self, user_id, intra_extension_uuid, category, scope):
raise SubjectCategoryScopeAddNotAuthorized()
- def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, subject_category, scope_name):
+ def add_subject_scope(self, user_id, intra_extension_uuid, subject_category, scope_name):
raise SubjectCategoryScopeAddNotAuthorized()
- def del_subject_category_scope(self, user_id, intra_extension_uuid, subject_category, subject_category_scope):
+ def del_subject_scope(self, user_id, intra_extension_uuid, subject_category, subject_category_scope):
raise SubjectCategoryScopeDelNotAuthorized()
- def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category, scope):
+ def set_object_scope_dict(self, user_id, intra_extension_uuid, category, scope):
raise ObjectCategoryScopeAddNotAuthorized()
- def add_object_category_scope_dict(self, user_id, intra_extension_uuid, object_category, scope_name):
+ def add_object_scope(self, user_id, intra_extension_uuid, object_category, scope_name):
raise ObjectCategoryScopeAddNotAuthorized()
- def del_object_category_scope(self, user_id, intra_extension_uuid, object_category, object_category_scope):
+ def del_object_scope(self, user_id, intra_extension_uuid, object_category, object_category_scope):
raise ObjectCategoryScopeDelNotAuthorized()
- def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category, scope):
+ def set_action_scope_dict(self, user_id, intra_extension_uuid, category, scope):
raise ActionCategoryScopeAddNotAuthorized()
- def add_action_category_scope_dict(self, user_id, intra_extension_uuid, action_category, scope_name):
+ def add_action_scope(self, user_id, intra_extension_uuid, action_category, scope_name):
raise ActionCategoryScopeAddNotAuthorized()
- def del_action_category_scope(self, user_id, intra_extension_uuid, action_category, action_category_scope):
+ def del_action_scope(self, user_id, intra_extension_uuid, action_category, action_category_scope):
raise ActionCategoryScopeDelNotAuthorized()
- def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict):
+ def set_subject_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict):
raise SubjectCategoryAssignmentAddNotAuthorized()
- def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
+ def del_subject_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
raise SubjectCategoryAssignmentAddNotAuthorized()
- def add_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
+ def add_subject_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
raise SubjectCategoryAssignmentDelNotAuthorized()
def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict):
raise ObjectCategoryAssignmentAddNotAuthorized()
- def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
+ def del_object_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
raise ObjectCategoryAssignmentAddNotAuthorized()
- def add_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
+ def add_object_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
raise ObjectCategoryAssignmentDelNotAuthorized()
- def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict):
+ def set_action_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict):
raise ActionCategoryAssignmentAddNotAuthorized()
- def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
+ def del_action_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
raise ActionCategoryAssignmentAddNotAuthorized()
- def add_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
+ def add_action_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
raise ActionCategoryAssignmentDelNotAuthorized()
def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm):
raise MetaRuleAddNotAuthorized()
- def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules):
+ def set_sub_meta_rule_dict(self, user_id, intra_extension_uuid, sub_meta_rules):
raise MetaRuleAddNotAuthorized()
def set_sub_rule(self, user_id, intra_extension_uuid, relation, sub_rule):
@@ -1527,33 +1604,6 @@ class TenantDriver(object):
raise exception.NotImplemented() # pragma: no cover
-class AuthzDriver(object):
-
- def get_subject_category_list(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_object_category_list(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_action_category_list(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_subject_category_value_dict(self, extension_uuid, subject_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_object_category_value_dict(self, extension_uuid, object_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_action_category_value_dict(self, extension_uuid, action_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_meta_rule(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_rules(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
-
class IntraExtensionDriver(object):
SUBJECT = 'subject'
@@ -1625,7 +1675,7 @@ class IntraExtensionDriver(object):
elif data_name == self.OBJECT_SCOPE:
if not category_uuid:
category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.OBJECT_CATEGORY)
- data_values = self.get_object_category_scope_dict(intra_extension_uuid,
+ data_values = self.get_object_scope_dict(intra_extension_uuid,
category_uuid)["object_category_scope"]
if (name and name not in extract_name(data_values)) or \
(uuid and uuid not in data_values.keys()):
@@ -1633,7 +1683,7 @@ class IntraExtensionDriver(object):
elif data_name == self.ACTION_SCOPE:
if not category_uuid:
category_uuid = self.get_uuid_from_name(intra_extension_uuid, category_name, self.ACTION_CATEGORY)
- data_values = self.get_action_category_scope_dict(intra_extension_uuid,
+ data_values = self.get_action_scope_dict(intra_extension_uuid,
category_uuid)["action_category_scope"]
if (name and name not in extract_name(data_values)) or \
(uuid and uuid not in data_values.keys()):
@@ -1641,7 +1691,7 @@ class IntraExtensionDriver(object):
if category_uuid:
return data_values[category_uuid]
return data_values
- # zzzzzzzzzzzzzzzzzz
+
def get_uuid_from_name(self, intra_extension_uuid, name, data_name, category_name=None, category_uuid=None):
data_values = self.__get_data_from_type(
intra_extension_uuid=intra_extension_uuid,
@@ -1664,26 +1714,26 @@ class IntraExtensionDriver(object):
# Getter and Setter for intra_extension
- def get_intra_extension_list(self):
- """Get a list of IntraExtension UUIDs
- :return: a list of IntraExtension UUIDs ["uuid1", "uuid2"]
+ def get_intra_extension_dict(self):
+ """Get a list of IntraExtension
+ :return: {"intra_extension_id": "intra_extension_name", }
"""
raise exception.NotImplemented() # pragma: no cover
- def get_intra_extension_dict(self, intra_extension_id):
+ def get_intra_extension(self, intra_extension_id):
"""Get a description of an IntraExtension
:param intra_extension_id: the IntraExtension UUID
:return: {intra_extension_id: intra_extension_name, ...}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_intra_extension(self, extension_uuid, extension_dict):
+ def set_intra_extension(self, intra_extension_id, intra_extension_dict):
"""Set a new IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param extension_dict: a dictionary withe the description of the IntraExtension (see below)
- :type extension_dict: dict
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param intra_extension_dict: a dictionary withe the description of the IntraExtension (see below)
+ :type intra_extension_dict: dict
:return: the IntraExtension dictionary, example:
{
"id": "uuid1",
@@ -1694,619 +1744,603 @@ class IntraExtensionDriver(object):
"""
raise exception.NotImplemented() # pragma: no cover
- def delete_intra_extension(self, extension_uuid):
+ def del_intra_extension(self, intra_extension_id):
"""Delete an IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter ad Setter for subjects
+ # Metadata functions
- def get_subject_dict(self, extension_uuid):
- """Get the list of subject for that IntraExtension
+ def get_subject_category_dict(self, intra_extension_id):
+ """Get a list of all subject categories
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_subject_dict(self, extension_uuid, subject_dict):
- """Set the list of subject for that IntraExtension
+ def set_subject_category_dict(self, intra_extension_id, subject_category_dict):
+ """Set the list of all subject categories
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_dict: dict of subject: {"uuid1": "name1", "uuid2": "name2"}
- :type subject_dict: dict
- :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_dict: dict of subject categories {"uuid1": "name1", "uuid2": "name2"}
+ :type subject_category_dict: dict
+ :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_subject(self, extension_uuid, subject_uuid, subject_name):
- """Add a subject
+ def add_subject_category(self, intra_extension_id, subject_category_id, subject_category_name):
+ """Add a subject category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_uuid: Subject UUID
- :type subject_uuid: string
- :param subject_name: Subject name
- :type subject_name: string
- :return: the added subject {"uuid1": "name1"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_id: the UUID of the subject category
+ :type subject_category_id: string
+ :param subject_category_name: the name of the subject category
+ :type subject_category_name: string
+ :return: a dictionnary with the subject catgory added {"uuid1": "name1"}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_subject(self, extension_uuid, subject_uuid):
- """Remove a subject
+ def del_subject_category(self, intra_extension_id, subject_category_id):
+ """Remove one subject category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_uuid: Subject UUID
- :type subject_uuid: string
- :return: None
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_id: the UUID of subject category to remove
+ :type subject_category_id: string
+ :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter ad Setter for objects
-
- def get_object_dict(self, extension_uuid):
- """Get the list of object for that IntraExtension
+ def get_object_category_dict(self, intra_extension_id):
+ """Get a list of all object categories
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_object_dict(self, extension_uuid, object_dict):
- """Set the list of object for that IntraExtension
+ def set_object_category_dict(self, intra_extension_id, object_category_dict):
+ """Set the list of all object categories
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_dict: dict of object: {"uuid1": "name1", "uuid2": "name2"}
- :type object_dict: dict
- :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_dict: dict of object categories {"uuid1": "name1", "uuid2": "name2"}
+ :type object_category_dict: dict
+ :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_object(self, extension_uuid, object_uuid, object_name):
- """Ad an object
+ def add_object_category(self, intra_extension_id, object_category_id, object_category_name):
+ """Add a object category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_uuid: Object UUID
- :type object_uuid: string
- :param object_name: Object name
- :type object_name: string
- :return: the added object {"uuid1": "name1"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_id: the UUID of the object category
+ :type object_category_id: string
+ :param object_category_name: the name of the object category
+ :type object_category_name: string
+ :return: a dictionnary with the object catgory added {"uuid1": "name1"}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_object(self, extension_uuid, object_uuid):
- """Remove an object
+ def del_object_category(self, intra_extension_id, object_category_id):
+ """Remove one object category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_uuid: Object UUID
- :type object_uuid: string
- :return: None
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_id: the UUID of object category to remove
+ :type object_category_id: string
+ :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter ad Setter for actions
-
- def get_action_dict(self, extension_uuid):
- """ Get the list of action for that IntraExtension
+ def get_action_category_dict(self, intra_extension_id):
+ """Get a list of all action categories
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_action_dict(self, extension_uuid, action_dict):
- """ Set the list of action for that IntraExtension
+ def set_action_category_dict(self, intra_extension_id, action_category_dict):
+ """Set the list of all action categories
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_dict: dict of actions: {"uuid1": "name1", "uuid2": "name2"}
- :type action_dict: dict
- :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_dict: dict of action categories {"uuid1": "name1", "uuid2": "name2"}
+ :type action_category_dict: dict
+ :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_action(self, extension_uuid, action_uuid, action_name):
- """Ad an action
+ def add_action_category(self, intra_extension_id, action_category_id, action_category_name):
+ """Add a action category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_uuid: Action UUID
- :type action_uuid: string
- :param action_name: Action name
- :type action_name: string
- :return: the added action {"uuid1": "name1"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_id: the UUID of the action category
+ :type action_category_id: string
+ :param action_category_name: the name of the action category
+ :type action_category_name: string
+ :return: a dictionnary with the action catgory added {"uuid1": "name1"}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_action(self, extension_uuid, action_uuid):
- """Remove an action
+ def del_action_category(self, intra_extension_id, action_category_id):
+ """Remove one action category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_uuid: Action UUID
- :type action_uuid: string
- :return: None
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_id: the UUID of action category to remove
+ :type action_category_id: string
+ :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter ad Setter for subject_category
+ # Perimeter functions
- def get_subject_category_dict(self, extension_uuid):
- """Get a list of all subject categories
+ def get_subject_dict(self, intra_extension_id):
+ """Get the list of subject for that IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_subject_category_dict(self, extension_uuid, subject_categories):
- """Set the list of all subject categories
+ def set_subject_dict(self, intra_extension_id, subject_dict):
+ """Set the list of subject for that IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_categories: dict of subject categories {"uuid1": "name1", "uuid2": "name2"}
- :type subject_categories: dict
- :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_dict: dict of subject: {"uuid1": "name1", "uuid2": "name2"}
+ :type subject_dict: dict
+ :return: a dictionary containing all subjects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_subject_category_dict(self, extension_uuid, subject_category_uuid, subject_category_name):
- """Add a subject category
+ def add_subject(self, intra_extension_id, subject_id, subject_name):
+ """Add a subject
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_category_uuid: the UUID of the subject category
- :type subject_category_uuid: string
- :param subject_category_name: the name of the subject category
- :type subject_category_name: string
- :return: a dictionnary with the subject catgory added {"uuid1": "name1"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_id: Subject UUID
+ :type subject_id: string
+ :param subject_name: Subject name
+ :type subject_name: string
+ :return: the added subject {"uuid1": "name1"}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_subject_category(self, extension_uuid, subject_category_uuid):
- """Remove one subject category
+ def del_subject(self, intra_extension_id, subject_id):
+ """Remove a subject
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_category_uuid: the UUID of subject category to remove
- :type subject_category_uuid: string
- :return: a dictionary containing all subject categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_id: Subject UUID
+ :type subject_id: string
+ :return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter ad Setter for object_category
-
- def get_object_category_dict(self, extension_uuid):
- """Get a list of all object categories
+ def get_object_dict(self, intra_extension_id):
+ """Get the list of object for that IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_object_category_dict(self, extension_uuid, object_categories):
- """Set the list of all object categories
+ def set_object_dict(self, intra_extension_id, object_dict):
+ """Set the list of object for that IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_categories: dict of object categories {"uuid1": "name1", "uuid2": "name2"}
- :type object_categories: dict
- :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_dict: dict of object: {"uuid1": "name1", "uuid2": "name2"}
+ :type object_dict: dict
+ :return: a dictionary containing all objects for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_object_category_dict(self, extension_uuid, object_category_uuid, object_category_name):
- """Add a object category
+ def add_object(self, intra_extension_id, object_id, object_name):
+ """Ad an object
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_category_uuid: the UUID of the object category
- :type object_category_uuid: string
- :param object_category_name: the name of the object category
- :type object_category_name: string
- :return: a dictionnary with the object catgory added {"uuid1": "name1"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_id: Object UUID
+ :type object_id: string
+ :param object_name: Object name
+ :type object_name: string
+ :return: the added object {"uuid1": "name1"}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_object_category(self, extension_uuid, object_category_uuid):
- """Remove one object category
+ def del_object(self, intra_extension_id, object_id):
+ """Remove an object
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_category_uuid: the UUID of object category to remove
- :type object_category_uuid: string
- :return: a dictionary containing all object categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_id: Object UUID
+ :type object_id: string
+ :return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter ad Setter for action_category
-
- def get_action_category_dict(self, extension_uuid):
- """Get a list of all action categories
+ def get_action_dict(self, intra_extension_id):
+ """ Get the list of action for that IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_action_category_dict(self, extension_uuid, action_categories):
- """Set the list of all action categories
+ def set_action_dict(self, intra_extension_id, action_dict):
+ """ Set the list of action for that IntraExtension
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_categories: dict of action categories {"uuid1": "name1", "uuid2": "name2"}
- :type action_categories: dict
- :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_dict: dict of actions: {"uuid1": "name1", "uuid2": "name2"}
+ :type action_dict: dict
+ :return: a dictionary containing all actions for that IntraExtension, eg. {"uuid1": "name1", "uuid2": "name2"}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_action_category_dict(self, extension_uuid, action_category_uuid, action_category_name):
- """Add a action category
+ def add_action(self, intra_extension_id, action_id, action_name):
+ """Ad an action
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_category_uuid: the UUID of the action category
- :type action_category_uuid: string
- :param action_category_name: the name of the action category
- :type action_category_name: string
- :return: a dictionnary with the action catgory added {"uuid1": "name1"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_id: Action UUID
+ :type action_id: string
+ :param action_name: Action name
+ :type action_name: string
+ :return: the added action {"uuid1": "name1"}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_action_category(self, extension_uuid, action_category_uuid):
- """Remove one action category
+ def del_action(self, intra_extension_id, action_id):
+ """Remove an action
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_category_uuid: the UUID of action category to remove
- :type action_category_uuid: string
- :return: a dictionary containing all action categories {"uuid1": "name1", "uuid2": "name2"}
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_id: Action UUID
+ :type action_id: string
+ :return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for subject_category_value_scope
+ # Scope functions
- def get_subject_category_scope_dict(self, extension_uuid, category):
+ def get_subject_scope_dict(self, intra_extension_id, subject_category_id):
"""Get a list of all subject category scope
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param category: the category UUID where the scope values are
- :type category: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_id: the category UUID where the scope values are
+ :type subject_category_id: string
:return: a dictionary containing all subject category scope {"category1": {"scope_uuid1": "scope_name1}}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_subject_category_scope_dict(self, extension_uuid, subject_category, scope):
+ def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_dict):
"""Set the list of all scope for that subject category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_category: the UUID of the subject category where this scope will be set
- :type subject_category: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_id: the UUID of the subject category where this scope will be set
+ :type subject_category_id: string
:return: a dictionary containing all scope {"scope_uuid1": "scope_name1, "scope_uuid2": "scope_name2}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid, scope_name):
+ def add_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_name):
"""Add a subject category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_category: the subject category UUID where the scope will be added
- :type subject_category: string
- :param scope_uuid: the UUID of the subject category
- :type scope_uuid: string
- :param scope_name: the name of the subject category
- :type scope_name: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_id: the subject category UUID where the scope will be added
+ :type subject_category_id: string
+ :param subject_scope_id: the UUID of the subject category
+ :type subject_scope_id: string
+ :param subject_scope_name: the name of the subject category
+ :type subject_scope_name: string
:return: a dictionary containing the subject category scope added {"category1": {"scope_uuid1": "scope_name1}}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_subject_category_scope_dict(self, extension_uuid, subject_category, scope_uuid):
+ def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id):
"""Remove one scope belonging to a subject category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_category: the UUID of subject categorywhere we can find the scope to remove
- :type subject_category: string
- :param scope_uuid: the UUID of the scope to remove
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_category_id: the UUID of subject categorywhere we can find the scope to remove
+ :type subject_category_id: string
+ :param subject_scope_id: the UUID of the scope to remove
+ :type subject_scope_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for object_category_scope
-
- def get_object_category_scope_dict(self, extension_uuid, category):
+ def get_object_scope_dict(self, intra_extension_id, object_category_id):
"""Get a list of all object category scope
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param category: the category UUID where the scope values are
- :type category: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_id: the category UUID where the scope values are
+ :type object_category_id: string
:return: a dictionary containing all object category scope {"category1": {"scope_uuid1": "scope_name1}}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_object_category_scope_dict(self, extension_uuid, object_category, scope):
+ def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_dict):
"""Set the list of all scope for that object category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_category: the UUID of the object category where this scope will be set
- :type object_category: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_id: the UUID of the object category where this scope will be set
+ :type object_category_id: string
:return: a dictionary containing all scope {"scope_uuid1": "scope_name1, "scope_uuid2": "scope_name2}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid, scope_name):
+ def add_object_scope(self, intra_extension_id, object_category_id, object_scope_id, object_scope_name):
"""Add a object category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_category: the object category UUID where the scope will be added
- :type object_category: string
- :param scope_uuid: the UUID of the object category
- :type scope_uuid: string
- :param scope_name: the name of the object category
- :type scope_name: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_id: the object category UUID where the scope will be added
+ :type object_category_id: string
+ :param object_scope_id: the UUID of the object category
+ :type object_scope_id: string
+ :param object_scope_name: the name of the object category
+ :type object_scope_name: string
:return: a dictionary containing the object category scope added {"category1": {"scope_uuid1": "scope_name1}}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_object_category_scope_dict(self, extension_uuid, object_category, scope_uuid):
+ def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id):
"""Remove one scope belonging to a object category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_category: the UUID of object categorywhere we can find the scope to remove
- :type object_category: string
- :param scope_uuid: the UUID of the scope to remove
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_category_id: the UUID of object categorywhere we can find the scope to remove
+ :type object_category_id: string
+ :param object_scope_id: the UUID of the scope to remove
+ :type object_scope_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for action_category_scope
-
- def get_action_category_scope_dict(self, extension_uuid, category):
+ def get_action_scope_dict(self, intra_extension_id, action_category_id):
"""Get a list of all action category scope
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param category: the category UUID where the scope values are
- :type category: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_id: the category UUID where the scope values are
+ :type action_category_id: string
:return: a dictionary containing all action category scope {"category1": {"scope_uuid1": "scope_name1}}
"""
raise exception.NotImplemented() # pragma: no cover
- def set_action_category_scope_dict(self, extension_uuid, action_category, scope):
+ def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id):
"""Set the list of all scope for that action category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_category: the UUID of the action category where this scope will be set
- :type action_category: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_id: the UUID of the action category where this scope will be set
+ :type action_category_id: string
:return: a dictionary containing all scope {"scope_uuid1": "scope_name1, "scope_uuid2": "scope_name2}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid, scope_name):
+ def add_action_scope(self, intra_extension_id, action_category_id, action_scope_id, action_scope_name):
"""Add a action category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_category: the action category UUID where the scope will be added
- :type action_category: string
- :param scope_uuid: the UUID of the action category
- :type scope_uuid: string
- :param scope_name: the name of the action category
- :type scope_name: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_id: the action category UUID where the scope will be added
+ :type action_category_id: string
+ :param action_scope_id: the UUID of the action category
+ :type action_scope_id: string
+ :param action_scope_name: the name of the action category
+ :type action_scope_name: string
:return: a dictionary containing the action category scope added {"category1": {"scope_uuid1": "scope_name1}}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_action_category_scope_dict(self, extension_uuid, action_category, scope_uuid):
+ def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id):
"""Remove one scope belonging to a action category
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_category: the UUID of action categorywhere we can find the scope to remove
- :type action_category: string
- :param scope_uuid: the UUID of the scope to remove
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_category_id: the UUID of action categorywhere we can find the scope to remove
+ :type action_category_id: string
+ :param action_scope_id: the UUID of the scope to remove
+ :type action_scope_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for subject_category_assignment
+ # Assignment functions
- def get_subject_category_assignment_dict(self, extension_uuid, subject_uuid):
+ def get_subject_assignment_dict(self, intra_extension_id, subject_id):
"""Get the assignment for a given subject_uuid
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_uuid: subject UUID
- :type subject_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_id: subject UUID
+ :type subject_id: string
:return: a dictionary of assignment for the given subject {"cat1": ["scope_uuid1", "scope_uuid2"]}
:raises: IntraExtensionNotFound, SubjectUnknown, SubjectCategoryAssignmentUnknown, SubjectCategoryAssignmentOutOfScope
"""
raise exception.NotImplemented() # pragma: no cover
- def set_subject_category_assignment_dict(self, extension_uuid, subject_uuid, assignment_dict):
+ def set_subject_assignment_dict(self, intra_extension_id, subject_id, subject_assignment_dict):
"""Set the assignment for a given subject_uuid
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_uuid: subject UUID
- :type subject_uuid: string
- :param assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]}
- :type assignment_dict: dict
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_id: subject UUID
+ :type subject_id: string
+ :param subject_assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]}
+ :type subject_assignment_dict: dict
:return: a dictionary of assignment for the given subject {"cat1": ["scope_uuid1", "scope_uuid2"]}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_subject_category_assignment_dict(self, extension_uuid, subject_uuid, category_uuid, scope_uuid):
+ def add_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
"""Add a scope to a category and to a subject
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_uuid: the subject UUID
- :type subject_uuid: string
- :param category_uuid: the category UUID
- :type category_uuid: string
- :param scope_uuid: the scope UUID
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_id: the subject UUID
+ :type subject_id: string
+ :param subject_category_id: the category UUID
+ :type subject_category_id: string
+ :param subject_scope_id: the scope UUID
+ :type subject_scope_id: string
:return: a dictionary of assignment for the given subject {"cat1": ["scope_uuid1", "scope_uuid2"]}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_subject_category_assignment(self, extension_uuid, subject_uuid, category_uuid, scope_uuid):
+ def del_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
"""Remove a scope from a category and from a subject
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param subject_uuid: the subject UUID
- :type subject_uuid: string
- :param category_uuid: the category UUID
- :type category_uuid: string
- :param scope_uuid: the scope UUID
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param subject_id: the subject UUID
+ :type subject_id: string
+ :param subject_category_id: the category UUID
+ :type subject_category_id: string
+ :param subject_scope_id: the scope UUID
+ :type subject_scope_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for object_category_assignment
-
- def get_object_category_assignment_dict(self, extension_uuid, object_uuid):
+ def get_object_assignment_dict(self, intra_extension_id, object_id):
"""Get the assignment for a given object_uuid
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_uuid: object UUID
- :type object_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_id: object UUID
+ :type object_id: string
:return: a dictionary of assignment for the given object {"cat1": ["scope_uuid1", "scope_uuid2"]}
:raises: IntraExtensionNotFound, ObjectUnknown, ObjectCategoryAssignmentUnknown, ObjectCategoryAssignmentOutOfScope
"""
raise exception.NotImplemented() # pragma: no cover
- def set_object_category_assignment_dict(self, extension_uuid, object_uuid, assignment_dict):
+ def set_object_assignment_dict(self, intra_extension_id, object_id, object_assignment_dict):
"""Set the assignment for a given object_uuid
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_uuid: object UUID
- :type object_uuid: string
- :param assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]}
- :type assignment_dict: dict
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_id: object UUID
+ :type object_id: string
+ :param object_assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]}
+ :type object_assignment_dict: dict
:return: a dictionary of assignment for the given object {"cat1": ["scope_uuid1", "scope_uuid2"]}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_object_category_assignment_dict(self, extension_uuid, object_uuid, category_uuid, scope_uuid):
+ def add_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id):
"""Add a scope to a category and to a object
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_uuid: the object UUID
- :type object_uuid: string
- :param category_uuid: the category UUID
- :type category_uuid: string
- :param scope_uuid: the scope UUID
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_id: the object UUID
+ :type object_id: string
+ :param object_category_id: the category UUID
+ :type object_category_id: string
+ :param object_scope_id: the scope UUID
+ :type object_scope_id: string
:return: a dictionary of assignment for the given object {"cat1": ["scope_uuid1", "scope_uuid2"]}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_object_category_assignment(self, extension_uuid, object_uuid, category_uuid, scope_uuid):
+ def del_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id):
"""Remove a scope from a category and from a object
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param object_uuid: the object UUID
- :type object_uuid: string
- :param category_uuid: the category UUID
- :type category_uuid: string
- :param scope_uuid: the scope UUID
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param object_id: the object UUID
+ :type object_id: string
+ :param object_category_id: the category UUID
+ :type object_category_id: string
+ :param object_scope_id: the scope UUID
+ :type object_scope_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for action_category_assignment
-
- def get_action_category_assignment_dict(self, extension_uuid, action_uuid):
+ def get_action_assignment_dict(self, intra_extension_id, action_id):
"""Get the assignment for a given action_uuid
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_uuid: action UUID
- :type action_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_id: action UUID
+ :type action_id: string
:return: a dictionary of assignment for the given action {"cat1": ["scope_uuid1", "scope_uuid2"]}
:raises: IntraExtensionNotFound, ActionUnknown, ActionCategoryAssignmentUnknown, ActionCategoryAssignmentOutOfScope
"""
raise exception.NotImplemented() # pragma: no cover
- def set_action_category_assignment_dict(self, extension_uuid, action_uuid, assignment_dict):
+ def set_action_assignment_dict(self, intra_extension_id, action_id, action_assignment_dict):
"""Set the assignment for a given action_uuid
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_uuid: action UUID
- :type action_uuid: string
- :param assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]}
- :type assignment_dict: dict
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_id: action UUID
+ :type action_id: string
+ :param action_assignment_dict: the assignment dictionary {"cat1": ["scope_uuid1", "scope_uuid2"]}
+ :type action_assignment_dict: dict
:return: a dictionary of assignment for the given action {"cat1": ["scope_uuid1", "scope_uuid2"]}
"""
raise exception.NotImplemented() # pragma: no cover
- def add_action_category_assignment_dict(self, extension_uuid, action_uuid, category_uuid, scope_uuid):
+ def add_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id):
"""Add a scope to a category and to a action
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_uuid: the action UUID
- :type action_uuid: string
- :param category_uuid: the category UUID
- :type category_uuid: string
- :param scope_uuid: the scope UUID
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_id: the action UUID
+ :type action_id: string
+ :param action_category_id: the category UUID
+ :type action_category_id: string
+ :param action_scope_id: the scope UUID
+ :type action_scope_id: string
:return: a dictionary of assignment for the given action {"cat1": ["scope_uuid1", "scope_uuid2"]}
"""
raise exception.NotImplemented() # pragma: no cover
- def remove_action_category_assignment(self, extension_uuid, action_uuid, category_uuid, scope_uuid):
+ def del_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id):
"""Remove a scope from a category and from a action
- :param extension_uuid: IntraExtension UUID
- :type extension_uuid: string
- :param action_uuid: the action UUID
- :type action_uuid: string
- :param category_uuid: the category UUID
- :type category_uuid: string
- :param scope_uuid: the scope UUID
- :type scope_uuid: string
+ :param intra_extension_id: IntraExtension UUID
+ :type intra_extension_id: string
+ :param action_id: the action UUID
+ :type action_id: string
+ :param action_category_id: the category UUID
+ :type action_category_id: string
+ :param action_scope_id: the scope UUID
+ :type action_scope_id: string
:return: None
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for meta_rule
+ # Meta_rule functions
def get_meta_rule_dict(self, extension_uuid):
"""Get the Meta rule
@@ -2353,7 +2387,7 @@ class IntraExtensionDriver(object):
"""
raise exception.NotImplemented() # pragma: no cover
- # Getter and Setter for rules
+ # Rule functions
def get_rule_dict(self, extension_uuid):
"""Get all rules
@@ -2394,61 +2428,6 @@ class IntraExtensionDriver(object):
raise exception.NotImplemented() # pragma: no cover
-class UpdateDriver(object):
-
- def get_intra_extensions(self):
- raise exception.NotImplemented() # pragma: no cover
-
- def get_intra_extension(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def create_intra_extensions(self, extension_uuid, intra_extension):
- raise exception.NotImplemented() # pragma: no cover
-
- def delete_intra_extensions(self, extension_uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- # Getter and setter for tenant
-
- def get_tenant(self, uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def set_tenant(self, uuid, tenant_id):
- raise exception.NotImplemented() # pragma: no cover
-
- # Getter and setter for name
-
- def get_name(self, uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def set_name(self, uuid, name):
- raise exception.NotImplemented() # pragma: no cover
-
- # Getter and setter for model
-
- def get_model(self, uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def set_model(self, uuid, model):
- raise exception.NotImplemented() # pragma: no cover
-
- # Getter and setter for genre
-
- def get_genre(self, uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def set_genre(self, uuid, genre):
- raise exception.NotImplemented() # pragma: no cover
-
- # Getter and setter for description
-
- def get_description(self, uuid):
- raise exception.NotImplemented() # pragma: no cover
-
- def set_description(self, uuid, args):
- raise exception.NotImplemented() # pragma: no cover
-
-
class LogDriver(object):
def authz(self, message):
diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py
index 21cf666d..3108b7c2 100644
--- a/keystone-moon/keystone/contrib/moon/exception.py
+++ b/keystone-moon/keystone/contrib/moon/exception.py
@@ -126,6 +126,11 @@ class AuthzAssignment(AuthzException):
title = 'Assignment Exception'
+class AuthzMetaRule(AuthzException):
+ code = 400
+ title = 'Aggregation Algorithm Exception'
+
+
class AuthzRule(AuthzException):
code = 400
title = 'Rule Exception'
@@ -194,45 +199,66 @@ class ActionScopeUnknown(AuthzScope):
logger = "ERROR"
-class SubjectCategoryAssignmentOutOfScope(AuthzScope):
- message_format = _("The given subject category scope value is out of scope.")
+class SubjectAssignmentOutOfScope(AuthzScope):
+ message_format = _("The given subject scope value is out of scope.")
code = 400
- title = 'Subject Category Assignment Out Of Scope'
+ title = 'Subject Assignment Out Of Scope'
logger = "WARNING"
-class ActionCategoryAssignmentOutOfScope(AuthzScope):
- message_format = _("The given action category scope value is out of scope.")
+class ActionAssignmentOutOfScope(AuthzScope):
+ message_format = _("The given action scope value is out of scope.")
code = 400
- title = 'Action Category Assignment Out Of Scope'
+ title = 'Action Assignment Out Of Scope'
logger = "WARNING"
-class ObjectCategoryAssignmentOutOfScope(AuthzScope):
- message_format = _("The given object category scope value is out of scope.")
+class ObjectAssignmentOutOfScope(AuthzScope):
+ message_format = _("The given object scope value is out of scope.")
code = 400
- title = 'Object Category Assignment Out Of Scope'
+ title = 'Object Assignment Out Of Scope'
logger = "WARNING"
-class SubjectCategoryAssignmentUnknown(AuthzAssignment):
- message_format = _("The given subject category assignment value is unknown.")
+class SubjectAssignmentUnknown(AuthzAssignment):
+ message_format = _("The given subject assignment value is unknown.")
+ code = 400
+ title = 'Subject Assignment Unknown'
+ logger = "ERROR"
+
+
+class ObjectAssignmentUnknown(AuthzAssignment):
+ message_format = _("The given object assignment value is unknown.")
+ code = 400
+ title = 'Object Assignment Unknown'
+ logger = "ERROR"
+
+
+class ActionAssignmentUnknown(AuthzAssignment):
+ message_format = _("The given action assignment value is unknown.")
+ code = 400
+ title = 'Action Assignment Unknown'
+ logger = "ERROR"
+
+
+class AggregationAlgorithmNotExisting(AuthzMetadata):
+ message_format = _("The given aggregation algorithm is not exsiting.")
code = 400
- title = 'Subject Category Assignment Unknown'
+ title = 'Aggregation Algorithm Not Existing'
logger = "ERROR"
-class ObjectCategoryAssignmentUnknown(AuthzAssignment):
- message_format = _("The given object category assignment value is unknown.")
+class AggregationAlgorithmOutOfScope(AuthzMetadata):
+ message_format = _("The given aggregation algorithm is out of scope.")
code = 400
- title = 'Object Category Assignment Unknown'
+ title = 'Aggregation Algorithm Out Of Scope'
logger = "ERROR"
-class ActionCategoryAssignmentUnknown(AuthzAssignment):
- message_format = _("The given action category assignment value is unknown.")
+class SubMetaRuleOutOfScope(AuthzMetadata):
+ message_format = _("The given sub meta rule is out of scope.")
code = 400
- title = 'Action Category Assignment Unknown'
+ title = 'Sub Meta Rule Out Of Scope'
logger = "ERROR"
@@ -326,40 +352,40 @@ class ActionDelNotAuthorized(AdminPerimeter):
title = 'Action Del Not Authorized'
-class SubjectCategoryScopeReadNotAuthorized(AuthzException):
- title = 'Subject Category Scope Read Not Authorized'
+class SubjectScopeReadNotAuthorized(AuthzException):
+ title = 'Subject Scope Read Not Authorized'
-class SubjectCategoryScopeAddNotAuthorized(AuthzException):
- title = 'Subject Category Scope Add Not Authorized'
+class SubjectScopeAddNotAuthorized(AuthzException):
+ title = 'Subject Scope Add Not Authorized'
-class SubjectCategoryScopeDelNotAuthorized(AuthzException):
- title = 'Subject Category Scope Del Not Authorized'
+class SubjectScopeDelNotAuthorized(AuthzException):
+ title = 'Subject Scope Del Not Authorized'
-class ObjectCategoryScopeReadNotAuthorized(AuthzException):
- title = 'Object Category Scope Read Not Authorized'
+class ObjectScopeReadNotAuthorized(AuthzException):
+ title = 'Object Scope Read Not Authorized'
-class ObjectCategoryScopeAddNotAuthorized(AuthzException):
- title = 'Object Category Scope Add Not Authorized'
+class ObjectScopeAddNotAuthorized(AuthzException):
+ title = 'Object Scope Add Not Authorized'
-class ObjectCategoryScopeDelNotAuthorized(AuthzException):
- title = 'Object Category Scope Del Not Authorized'
+class ObjectScopeDelNotAuthorized(AuthzException):
+ title = 'Object Scope Del Not Authorized'
-class ActionCategoryScopeReadNotAuthorized(AuthzException):
- title = 'Action Category Scope Read Not Authorized'
+class ActionScopeReadNotAuthorized(AuthzException):
+ title = 'Action Scope Read Not Authorized'
-class ActionCategoryScopeAddNotAuthorized(AuthzException):
- title = 'Action Category Scope Add Not Authorized'
+class ActionScopeAddNotAuthorized(AuthzException):
+ title = 'Action Scope Add Not Authorized'
-class ActionCategoryScopeDelNotAuthorized(AuthzException):
- title = 'Action Category Scope Del Not Authorized'
+class ActionScopeDelNotAuthorized(AuthzException):
+ title = 'Action Scope Del Not Authorized'
class SubjectCategoryReadNotAuthorized(AdminMetadata):
@@ -399,40 +425,40 @@ class ActionCategoryDelNotAuthorized(AdminMetadata):
title = 'Action Category Del Not Authorized'
-class SubjectCategoryAssignmentReadNotAuthorized(AdminAssignment):
- title = 'Subject Category Assignment Read Not Authorized'
+class SubjectAssignmentReadNotAuthorized(AdminAssignment):
+ title = 'Subject Assignment Read Not Authorized'
-class SubjectCategoryAssignmentAddNotAuthorized(AdminAssignment):
- title = 'Subject Category Assignment Add Not Authorized'
+class SubjectAssignmentAddNotAuthorized(AdminAssignment):
+ title = 'Subject Assignment Add Not Authorized'
-class SubjectCategoryAssignmentDelNotAuthorized(AdminAssignment):
- title = 'Subject Category Assignment Del Not Authorized'
+class SubjectAssignmentDelNotAuthorized(AdminAssignment):
+ title = 'Subject Assignment Del Not Authorized'
-class ObjectCategoryAssignmentReadNotAuthorized(AdminAssignment):
- title = 'Object Category Assignment Read Not Authorized'
+class ObjectAssignmentReadNotAuthorized(AdminAssignment):
+ title = 'Object Assignment Read Not Authorized'
-class ObjectCategoryAssignmentAddNotAuthorized(AdminAssignment):
- title = 'Object Category Assignment Add Not Authorized'
+class ObjectAssignmentAddNotAuthorized(AdminAssignment):
+ title = 'Object Assignment Add Not Authorized'
-class ObjectCategoryAssignmentDelNotAuthorized(AdminAssignment):
- title = 'Object Category Assignment Del Not Authorized'
+class ObjectAssignmentDelNotAuthorized(AdminAssignment):
+ title = 'Object Assignment Del Not Authorized'
-class ActionCategoryAssignmentReadNotAuthorized(AdminAssignment):
- title = 'Action Category Assignment Read Not Authorized'
+class ActionAssignmentReadNotAuthorized(AdminAssignment):
+ title = 'Action Assignment Read Not Authorized'
-class ActionCategoryAssignmentAddNotAuthorized(AdminAssignment):
- title = 'Action Category Assignment Add Not Authorized'
+class ActionAssignmentAddNotAuthorized(AdminAssignment):
+ title = 'Action Assignment Add Not Authorized'
-class ActionCategoryAssignmentDelNotAuthorized(AdminAssignment):
- title = 'Action Category Assignment Del Not Authorized'
+class ActionAssignmentDelNotAuthorized(AdminAssignment):
+ title = 'Action Assignment Del Not Authorized'
class RuleReadNotAuthorized(AdminRule):
diff --git a/keystone-moon/keystone/contrib/moon/routers.py b/keystone-moon/keystone/contrib/moon/routers.py
index 28409136..0aa71ff8 100644
--- a/keystone-moon/keystone/contrib/moon/routers.py
+++ b/keystone-moon/keystone/contrib/moon/routers.py
@@ -32,19 +32,6 @@ class Routers(wsgi.RoutersBase):
logs_controller = controllers.Logs()
inter_ext_controller = controllers.InterExtensions()
- # Authz route
- self._add_resource(
- mapper, authz_controller,
- path=self.PATH_PREFIX+'/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}',
- get_action='get_authz',
- rel=self._get_rel('authz'),
- path_vars={
- 'tenant_id': self._get_path('tenants'),
- 'subject_id': self._get_path('subjects'),
- 'object_id': self._get_path('objects'),
- 'action_id': self._get_path('actions'),
- })
-
# Configuration route
self._add_resource(
mapper, configuration_controller,
@@ -65,7 +52,38 @@ class Routers(wsgi.RoutersBase):
rel=self._get_rel('sub_meta_rule_algorithms'),
path_vars={})
- # IntraExtensions route
+ # Tenants route
+ self._add_resource(
+ mapper, tenants_controller,
+ path=self.PATH_PREFIX+'/tenants',
+ get_action='get_tenants',
+ post_action='add_tenant',
+ rel=self._get_rel('tenants'),
+ path_vars={})
+ self._add_resource(
+ mapper, tenants_controller,
+ path=self.PATH_PREFIX+'/tenant/{tenant_uuid}',
+ get_action='get_tenant',
+ delete_action='del_tenant',
+ rel=self._get_rel('tenants'),
+ path_vars={
+ 'tenant_uuid': self._get_path('tenants'),
+ })
+
+ # Authz route
+ self._add_resource(
+ mapper, authz_controller,
+ path=self.PATH_PREFIX+'/authz/{tenant_id}/{subject_id}/{object_id}/{action_id}',
+ get_action='get_authz',
+ rel=self._get_rel('authz'),
+ path_vars={
+ 'tenant_id': self._get_path('tenants'),
+ 'subject_id': self._get_path('subjects'),
+ 'object_id': self._get_path('objects'),
+ 'action_id': self._get_path('actions'),
+ })
+
+ # IntraExtensions/Admin route
self._add_resource(
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions',
@@ -198,55 +216,55 @@ class Routers(wsgi.RoutersBase):
# Scope route
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_category_scopes/{subject_category_id}',
- get_action='get_subject_category_scopes',
- post_action='add_subject_category_scope',
- rel=self._get_rel('subject_category_scope'),
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}',
+ get_action='get_subject_scopes',
+ post_action='add_subject_scope',
+ rel=self._get_rel('subject_scope'),
path_vars={
'intra_extension_id': self._get_path('intra_extensions'),
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_category_scopes/{subject_category_id}/{subject_category_scope_id}',
- get_action='get_subject_category_scope',
- delete_action='del_subject_category_scope',
- rel=self._get_rel('subject_category_scope'),
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/subject_scopes/{subject_category_id}/{subject_scope_id}',
+ get_action='get_subject_scope',
+ delete_action='del_subject_scope',
+ rel=self._get_rel('subject_scope'),
path_vars={
'intra_extension_id': self._get_path('intra_extensions'),
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_category_scopes/{object_category_id}',
- get_action='get_object_category_scopes',
- post_action='add_object_category_scope',
- rel=self._get_rel('object_category_scope'),
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}',
+ get_action='get_object_scopes',
+ post_action='add_object_scope',
+ rel=self._get_rel('object_scope'),
path_vars={
'intra_extension_id': self._get_path('intra_extensions'),
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_category_scopes/{object_category_id}/{object_category_scope_id}',
- get_action='get_object_category_scope',
- delete_action='del_object_category_scope',
- rel=self._get_rel('object_category_scope'),
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/object_scopes/{object_category_id}/{object_scope_id}',
+ get_action='get_object_scope',
+ delete_action='del_object_scope',
+ rel=self._get_rel('object_scope'),
path_vars={
'intra_extension_id': self._get_path('intra_extensions'),
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_category_scopes/{action_category_id}',
- get_action='get_action_category_scopes',
- post_action='add_action_category_scope',
- rel=self._get_rel('action_category_scope'),
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}',
+ get_action='get_action_scopes',
+ post_action='add_action_scope',
+ rel=self._get_rel('action_scope'),
path_vars={
'intra_extension_id': self._get_path('intra_extensions'),
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_category_scopes/{action_category_id}/{action_category_scope_id}',
- get_action='get_action_category_scope',
- delete_action='del_action_category_scope',
- rel=self._get_rel('action_category_scope'),
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/action_scopes/{action_category_id}/{action_scope_id}',
+ get_action='get_action_scope',
+ delete_action='del_action_scope',
+ rel=self._get_rel('action_scope'),
path_vars={
'intra_extension_id': self._get_path('intra_extensions'),
})
@@ -280,7 +298,7 @@ class Routers(wsgi.RoutersBase):
self._add_resource(
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/'
- 'subject_assignments/{subject_id}/{subject_category_id}/{subject_category_scope_id}',
+ 'subject_assignments/{subject_id}/{subject_category_id}/{subject_scope_id}',
delete_action='del_subject_assignment',
rel=self._get_rel('subject_assignments'),
path_vars={
@@ -305,7 +323,7 @@ class Routers(wsgi.RoutersBase):
self._add_resource(
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/'
- 'object_assignments/{object_id}/{object_category}',
+ 'object_assignments/{object_id}/{object_category_id}',
get_action='get_object_assignment',
rel=self._get_rel('object_assignments'),
path_vars={
@@ -314,7 +332,7 @@ class Routers(wsgi.RoutersBase):
self._add_resource(
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/'
- 'object_assignments/{object_id}/{object_category}/{object_category_scope}',
+ 'object_assignments/{object_id}/{object_category_id}/{object_scope_id}',
delete_action='del_object_assignment',
rel=self._get_rel('object_assignments'),
path_vars={
@@ -339,7 +357,7 @@ class Routers(wsgi.RoutersBase):
self._add_resource(
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/'
- 'action_assignments/{action_id}/{action_category}',
+ 'action_assignments/{action_id}/{action_category_id}',
get_action='get_action_assignment',
rel=self._get_rel('action_assignments'),
path_vars={
@@ -348,7 +366,7 @@ class Routers(wsgi.RoutersBase):
self._add_resource(
mapper, intra_ext_controller,
path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/'
- 'action_assignments/{action_id}/{action_category}/{action_category_scope}',
+ 'action_assignments/{action_id}/{action_category_id}/{action_scope_id}',
delete_action='del_action_assignment',
rel=self._get_rel('action_assignments'),
path_vars={
@@ -358,7 +376,7 @@ class Routers(wsgi.RoutersBase):
# Metarule route
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithms',
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm',
post_action='add_aggregation_algorithm',
rel=self._get_rel('aggregation_algorithms'),
path_vars={
@@ -366,7 +384,7 @@ class Routers(wsgi.RoutersBase):
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithms/{aggregation_algorithm_id}',
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/aggregation_algorithm/{aggregation_algorithm_id}',
get_action='get_aggregation_algorithm',
delete_action='del_aggregation_algorithm',
rel=self._get_rel('aggregation_algorithms'),
@@ -395,7 +413,7 @@ class Routers(wsgi.RoutersBase):
# Rules route
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rules/{sub_meta_rule_id}',
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}',
get_action='get_rules',
post_action='add_rule',
rel=self._get_rel('rules'),
@@ -404,7 +422,7 @@ class Routers(wsgi.RoutersBase):
})
self._add_resource(
mapper, intra_ext_controller,
- path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rules/{sub_meta_rule_id}/{rule_id}',
+ path=self.PATH_PREFIX+'/intra_extensions/{intra_extension_id}/rule/{sub_meta_rule_id}/{rule_id}',
get_action='get_rule',
delete_action='del_rule',
rel=self._get_rel('rules'),
@@ -412,24 +430,6 @@ class Routers(wsgi.RoutersBase):
'intra_extension_id': self._get_path('intra_extensions'),
})
- # Tenants route
- self._add_resource(
- mapper, tenants_controller,
- path=self.PATH_PREFIX+'/tenants',
- get_action='get_tenants',
- post_action='add_tenant',
- rel=self._get_rel('tenants'),
- path_vars={})
- self._add_resource(
- mapper, tenants_controller,
- path=self.PATH_PREFIX+'/tenant/{tenant_uuid}',
- get_action='get_tenant',
- delete_action='del_tenant',
- rel=self._get_rel('tenants'),
- path_vars={
- 'tenant_uuid': self._get_path('tenants'),
- })
-
# Logs route
self._add_resource(
mapper, logs_controller,