aboutsummaryrefslogtreecommitdiffstats
path: root/python_moondb/python_moondb/api
diff options
context:
space:
mode:
Diffstat (limited to 'python_moondb/python_moondb/api')
-rw-r--r--python_moondb/python_moondb/api/__init__.py0
-rw-r--r--python_moondb/python_moondb/api/keystone.py106
-rw-r--r--python_moondb/python_moondb/api/managers.py15
-rw-r--r--python_moondb/python_moondb/api/model.py132
-rw-r--r--python_moondb/python_moondb/api/pdp.py38
-rw-r--r--python_moondb/python_moondb/api/policy.py248
6 files changed, 539 insertions, 0 deletions
diff --git a/python_moondb/python_moondb/api/__init__.py b/python_moondb/python_moondb/api/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/python_moondb/python_moondb/api/__init__.py
diff --git a/python_moondb/python_moondb/api/keystone.py b/python_moondb/python_moondb/api/keystone.py
new file mode 100644
index 00000000..f5410190
--- /dev/null
+++ b/python_moondb/python_moondb/api/keystone.py
@@ -0,0 +1,106 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import requests
+import json
+from uuid import uuid4
+from oslo_log import log as logging
+from python_moonutilities import exceptions, configuration
+from python_moonutilities.security_functions import filter_input, login, logout
+from python_moondb.api.managers import Managers
+
+LOG = logging.getLogger("moon.db.api.keystone")
+
+
+class KeystoneManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.KeystoneManager = self
+ conf = configuration.get_configuration("openstack/keystone")['openstack/keystone']
+
+ self.__url = conf['url']
+ self.__user = conf['user']
+ self.__password = conf['password']
+ self.__domain = conf['domain']
+ self.__project = conf['project']
+ try:
+ os.environ.pop("http_proxy")
+ os.environ.pop("https_proxy")
+ except KeyError:
+ pass
+
+ def __get(self, endpoint, _exception=exceptions.KeystoneError):
+ _headers = login()
+ req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False)
+ if req.status_code not in (200, 201):
+ LOG.error(req.text)
+ raise _exception
+ data = req.json()
+ logout(_headers)
+ return data
+
+ def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError):
+ _headers = login()
+ req = requests.post("{}{}".format(self.__url, endpoint),
+ data=json.dumps(data),
+ headers=_headers, verify=False)
+ if req.status_code == 409:
+ LOG.warning(req.text)
+ raise exceptions.KeystoneUserConflict
+ if req.status_code not in (200, 201):
+ LOG.error(req.text)
+ raise _exception
+ data = req.json()
+ logout(_headers)
+ return data
+
+ def list_projects(self):
+ return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError)
+
+ @filter_input
+ def create_project(self, tenant_dict):
+ if "name" not in tenant_dict:
+ raise exceptions.KeystoneProjectError("Cannot get the project name.")
+ _project = {
+ "project": {
+ "description": tenant_dict['description'] if 'description' in tenant_dict else "",
+ "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default",
+ "enabled": True,
+ "is_domain": False,
+ "name": tenant_dict['name']
+ }
+ }
+ return self.__post(endpoint="/projects/",
+ data=_project,
+ _exception=exceptions.KeystoneProjectError)
+
+ @filter_input
+ def get_user_by_name(self, username, domain_id="default"):
+ return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id),
+ _exception=exceptions.KeystoneUserError)
+
+ @filter_input
+ def create_user(self, subject_dict):
+ _user = {
+ "user": {
+ "enabled": True,
+ "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex,
+ }
+ }
+ if 'project' in subject_dict:
+ _user['user']['default_project_id'] = subject_dict['project']
+ if 'domain' in subject_dict:
+ _user['user']['domain_id'] = subject_dict['domain']
+ if 'password' in subject_dict:
+ _user['user']['password'] = subject_dict['password']
+ try:
+ return self.__post(endpoint="/users/",
+ data=_user,
+ _exception=exceptions.KeystoneUserError)
+ except exceptions.KeystoneUserConflict:
+ return True
+
diff --git a/python_moondb/python_moondb/api/managers.py b/python_moondb/python_moondb/api/managers.py
new file mode 100644
index 00000000..602e0f11
--- /dev/null
+++ b/python_moondb/python_moondb/api/managers.py
@@ -0,0 +1,15 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from oslo_log import log as logging
+LOG = logging.getLogger("moon.db.api.managers")
+
+
+class Managers(object):
+ """Object that links managers together"""
+ ModelManager = None
+ KeystoneManager = None
+ PDPManager = None
+ PolicyManager = None
diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py
new file mode 100644
index 00000000..fbfbb680
--- /dev/null
+++ b/python_moondb/python_moondb/api/model.py
@@ -0,0 +1,132 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+from oslo_log import log as logging
+from python_moonutilities import exceptions
+from python_moonutilities.security_functions import filter_input, enforce
+from python_moondb.api.managers import Managers
+
+
+LOG = logging.getLogger("moon.db.api.model")
+
+
+class ModelManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.ModelManager = self
+
+ @enforce(("read", "write"), "models")
+ def update_model(self, user_id, model_id, value):
+ if model_id not in self.driver.get_models(model_id=model_id):
+ raise exceptions.ModelUnknown
+ return self.driver.update_model(model_id=model_id, value=value)
+
+ @enforce(("read", "write"), "models")
+ def delete_model(self, user_id, model_id):
+ if model_id not in self.driver.get_models(model_id=model_id):
+ raise exceptions.ModelUnknown
+ # TODO (asteroide): check that no policy is connected to this model
+ return self.driver.delete_model(model_id=model_id)
+
+ @enforce(("read", "write"), "models")
+ def add_model(self, user_id, model_id=None, value=None):
+ if model_id in self.driver.get_models(model_id=model_id):
+ raise exceptions.ModelExisting
+ if not model_id:
+ model_id = uuid4().hex
+ return self.driver.add_model(model_id=model_id, value=value)
+
+ @enforce("read", "models")
+ def get_models(self, user_id, model_id=None):
+ return self.driver.get_models(model_id=model_id)
+
+ @enforce(("read", "write"), "meta_rules")
+ def set_meta_rule(self, user_id, meta_rule_id, value):
+ if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
+ return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
+
+ @enforce("read", "meta_rules")
+ def get_meta_rules(self, user_id, meta_rule_id=None):
+ return self.driver.get_meta_rules(meta_rule_id=meta_rule_id)
+
+ @enforce(("read", "write"), "meta_rules")
+ def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
+ if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleExisting
+ if not meta_rule_id:
+ meta_rule_id = uuid4().hex
+ LOG.info("add_meta_rule {}".format(value))
+ return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
+
+ @enforce(("read", "write"), "meta_rules")
+ def delete_meta_rule(self, user_id, meta_rule_id=None):
+ if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+ raise exceptions.MetaRuleUnknown
+ # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule
+ return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id)
+
+ @enforce("read", "meta_data")
+ def get_subject_categories(self, user_id, category_id=None):
+ return self.driver.get_subject_categories(category_id=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def add_subject_category(self, user_id, category_id=None, value=None):
+ if category_id in self.driver.get_subject_categories(category_id=category_id):
+ raise exceptions.SubjectCategoryExisting
+ # if not category_id:
+ # category_id = uuid4().hex
+ return self.driver.add_subject_category(name=value["name"], description=value["description"], uuid=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def delete_subject_category(self, user_id, category_id):
+ # TODO (asteroide): delete all data linked to that category
+ # TODO (asteroide): delete all meta_rules linked to that category
+ if category_id not in self.driver.get_subject_categories(category_id=category_id):
+ raise exceptions.SubjectCategoryUnknown
+ return self.driver.delete_subject_category(category_id=category_id)
+
+ @enforce("read", "meta_data")
+ def get_object_categories(self, user_id, category_id=None):
+ return self.driver.get_object_categories(category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def add_object_category(self, user_id, category_id=None, value=None):
+ if category_id in self.driver.get_object_categories(category_id=category_id):
+ raise exceptions.ObjectCategoryExisting
+ # if not category_id:
+ # category_id = uuid4().hex
+ return self.driver.add_object_category(name=value["name"], description=value["description"], uuid=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def delete_object_category(self, user_id, category_id):
+ # TODO (asteroide): delete all data linked to that category
+ # TODO (asteroide): delete all meta_rules linked to that category
+ if category_id not in self.driver.get_object_categories(category_id=category_id):
+ raise exceptions.ObjectCategoryUnknown
+ return self.driver.delete_object_category(category_id=category_id)
+
+ @enforce("read", "meta_data")
+ def get_action_categories(self, user_id, category_id=None):
+ return self.driver.get_action_categories(category_id=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def add_action_category(self, user_id, category_id=None, value=None):
+ if category_id in self.driver.get_action_categories(category_id=category_id):
+ raise exceptions.ActionCategoryExisting
+ # if not category_id:
+ # category_id = uuid4().hex
+ return self.driver.add_action_category(name=value["name"], description=value["description"], uuid=category_id)
+
+ @enforce(("read", "write"), "meta_data")
+ def delete_action_category(self, user_id, category_id):
+ # TODO (asteroide): delete all data linked to that category
+ # TODO (asteroide): delete all meta_rules linked to that category
+ if category_id not in self.driver.get_action_categories(category_id=category_id):
+ raise exceptions.ActionCategoryExisting
+ return self.driver.delete_action_category(category_id=category_id)
+
diff --git a/python_moondb/python_moondb/api/pdp.py b/python_moondb/python_moondb/api/pdp.py
new file mode 100644
index 00000000..5fb7aa78
--- /dev/null
+++ b/python_moondb/python_moondb/api/pdp.py
@@ -0,0 +1,38 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+from oslo_log import log as logging
+from python_moonutilities.security_functions import filter_input, enforce
+from python_moondb.api.managers import Managers
+
+
+LOG = logging.getLogger("moon.db.api.pdp")
+
+
+class PDPManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.PDPManager = self
+
+ @enforce(("read", "write"), "pdp")
+ def update_pdp(self, user_id, pdp_id, value):
+ return self.driver.update_pdp(pdp_id=pdp_id, value=value)
+
+ @enforce(("read", "write"), "pdp")
+ def delete_pdp(self, user_id, pdp_id):
+ return self.driver.delete_pdp(pdp_id=pdp_id)
+
+ @enforce(("read", "write"), "pdp")
+ def add_pdp(self, user_id, pdp_id=None, value=None):
+ if not pdp_id:
+ pdp_id = uuid4().hex
+ return self.driver.add_pdp(pdp_id=pdp_id, value=value)
+
+ @enforce("read", "pdp")
+ def get_pdp(self, user_id, pdp_id=None):
+ return self.driver.get_pdp(pdp_id=pdp_id)
+
diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py
new file mode 100644
index 00000000..81689826
--- /dev/null
+++ b/python_moondb/python_moondb/api/policy.py
@@ -0,0 +1,248 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+import logging
+from python_moonutilities.security_functions import enforce
+from python_moondb.api.managers import Managers
+
+LOG = logging.getLogger("moon.db.api.policy")
+
+
+class PolicyManager(Managers):
+
+ def __init__(self, connector=None):
+ self.driver = connector.driver
+ Managers.PolicyManager = self
+
+ def get_policy_from_meta_rules(self, user_id, meta_rule_id):
+ policies = self.PolicyManager.get_policies("admin")
+ models = self.ModelManager.get_models("admin")
+ for pdp_key, pdp_value in self.PDPManager.get_pdp(user_id).items():
+ for policy_id in pdp_value["security_pipeline"]:
+ model_id = policies[policy_id]["model_id"]
+ if meta_rule_id in models[model_id]["meta_rules"]:
+ return policy_id
+
+ @enforce(("read", "write"), "policies")
+ def update_policy(self, user_id, policy_id, value):
+ return self.driver.update_policy(policy_id=policy_id, value=value)
+
+ @enforce(("read", "write"), "policies")
+ def delete_policy(self, user_id, policy_id):
+ # TODO (asteroide): unmap PDP linked to that policy
+ return self.driver.delete_policy(policy_id=policy_id)
+
+ @enforce(("read", "write"), "policies")
+ def add_policy(self, user_id, policy_id=None, value=None):
+ if not policy_id:
+ policy_id = uuid4().hex
+ return self.driver.add_policy(policy_id=policy_id, value=value)
+
+ @enforce("read", "policies")
+ def get_policies(self, user_id, policy_id=None):
+ return self.driver.get_policies(policy_id=policy_id)
+
+ @enforce("read", "perimeter")
+ def get_subjects(self, user_id, policy_id, perimeter_id=None):
+ return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce(("read", "write"), "perimeter")
+ def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
+ k_user = Managers.KeystoneManager.get_user_by_name(value.get('name'))
+ if not k_user['users']:
+ k_user = Managers.KeystoneManager.create_user(value)
+ if not perimeter_id:
+ try:
+ LOG.info("k_user={}".format(k_user))
+ perimeter_id = k_user['users'][0].get('id', uuid4().hex)
+ except IndexError:
+ k_user = Managers.KeystoneManager.get_user_by_name(
+ value.get('name'))
+ perimeter_id = uuid4().hex
+ except KeyError:
+ k_user = Managers.KeystoneManager.get_user_by_name(
+ value.get('name'))
+ perimeter_id = uuid4().hex
+ value.update(k_user['users'][0])
+ return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def delete_subject(self, user_id, policy_id, perimeter_id):
+ return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce("read", "perimeter")
+ def get_objects(self, user_id, policy_id, perimeter_id=None):
+ return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce(("read", "write"), "perimeter")
+ def add_object(self, user_id, policy_id, perimeter_id=None, value=None):
+ if not perimeter_id:
+ perimeter_id = uuid4().hex
+ return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def delete_object(self, user_id, policy_id, perimeter_id):
+ return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce("read", "perimeter")
+ def get_actions(self, user_id, policy_id, perimeter_id=None):
+ return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce(("read", "write"), "perimeter")
+ def add_action(self, user_id, policy_id, perimeter_id=None, value=None):
+ if not perimeter_id:
+ perimeter_id = uuid4().hex
+ return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+ @enforce(("read", "write"), "perimeter")
+ def delete_action(self, user_id, policy_id, perimeter_id):
+ return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id)
+
+ @enforce("read", "data")
+ def get_subject_data(self, user_id, policy_id, data_id=None, category_id=None):
+ available_metadata = self.get_available_metadata(user_id, policy_id)
+ results = []
+ if not category_id:
+ for cat in available_metadata["subject"]:
+ results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
+ category_id=cat))
+ if category_id and category_id in available_metadata["subject"]:
+ results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id))
+ return results
+
+ @enforce(("read", "write"), "data")
+ def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+ if not data_id:
+ data_id = uuid4().hex
+ return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value)
+
+ @enforce(("read", "write"), "data")
+ def delete_subject_data(self, user_id, policy_id, data_id):
+ # TODO (asteroide): check and/or delete assignments linked to that data
+ return self.driver.delete_subject_data(policy_id=policy_id, data_id=data_id)
+
+ @enforce("read", "data")
+ def get_object_data(self, user_id, policy_id, data_id=None, category_id=None):
+ available_metadata = self.get_available_metadata(user_id, policy_id)
+ results = []
+ if not category_id:
+ for cat in available_metadata["object"]:
+ results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
+ category_id=cat))
+ if category_id and category_id in available_metadata["object"]:
+ results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id))
+ return results
+
+ @enforce(("read", "write"), "data")
+ def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+ if not data_id:
+ data_id = uuid4().hex
+ return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value)
+
+ @enforce(("read", "write"), "data")
+ def delete_object_data(self, user_id, policy_id, data_id):
+ # TODO (asteroide): check and/or delete assignments linked to that data
+ return self.driver.delete_object_data(policy_id=policy_id, data_id=data_id)
+
+ @enforce("read", "data")
+ def get_action_data(self, user_id, policy_id, data_id=None, category_id=None):
+ available_metadata = self.get_available_metadata(user_id, policy_id)
+ results = []
+ if not category_id:
+ for cat in available_metadata["action"]:
+ results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
+ category_id=cat))
+ if category_id and category_id in available_metadata["action"]:
+ results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
+ category_id=category_id))
+ return results
+
+ @enforce(("read", "write"), "data")
+ def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+ if not data_id:
+ data_id = uuid4().hex
+ return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value)
+
+ @enforce(("read", "write"), "data")
+ def delete_action_data(self, user_id, policy_id, data_id):
+ # TODO (asteroide): check and/or delete assignments linked to that data
+ return self.driver.delete_action_data(policy_id=policy_id, data_id=data_id)
+
+ @enforce("read", "assignments")
+ def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None):
+ return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id, category_id=category_id)
+
+ @enforce(("read", "write"), "assignments")
+ def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
+ return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce(("read", "write"), "assignments")
+ def delete_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
+ return self.driver.delete_subject_assignment(policy_id=policy_id, subject_id=subject_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce("read", "assignments")
+ def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None):
+ return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id, category_id=category_id)
+
+ @enforce(("read", "write"), "assignments")
+ def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
+ return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce(("read", "write"), "assignments")
+ def delete_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
+ return self.driver.delete_object_assignment(policy_id=policy_id, object_id=object_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce("read", "assignments")
+ def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None):
+ return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id, category_id=category_id)
+
+ @enforce(("read", "write"), "assignments")
+ def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
+ return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce(("read", "write"), "assignments")
+ def delete_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
+ return self.driver.delete_action_assignment(policy_id=policy_id, action_id=action_id,
+ category_id=category_id, data_id=data_id)
+
+ @enforce("read", "rules")
+ def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None):
+ return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, rule_id=rule_id)
+
+ @enforce(("read", "write"), "rules")
+ def add_rule(self, user_id, policy_id, meta_rule_id, value):
+ return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value)
+
+ @enforce(("read", "write"), "rules")
+ def delete_rule(self, user_id, policy_id, rule_id):
+ return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id)
+
+ @enforce("read", "meta_data")
+ def get_available_metadata(self, user_id, policy_id):
+ categories = {
+ "subject": [],
+ "object": [],
+ "action": []
+ }
+ policy = self.driver.get_policies(policy_id=policy_id)
+ model_id = policy[policy_id]["model_id"]
+ model = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id)
+ try:
+ meta_rule_list = model[model_id]["meta_rules"]
+ for meta_rule_id in meta_rule_list:
+ meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
+ categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"])
+ categories["object"].extend(meta_rule[meta_rule_id]["object_categories"])
+ categories["action"].extend(meta_rule[meta_rule_id]["action_categories"])
+ finally:
+ return categories