aboutsummaryrefslogtreecommitdiffstats
path: root/python_moondb/python_moondb
diff options
context:
space:
mode:
Diffstat (limited to 'python_moondb/python_moondb')
-rw-r--r--python_moondb/python_moondb/__init__.py2
-rw-r--r--python_moondb/python_moondb/api/model.py33
-rw-r--r--python_moondb/python_moondb/api/policy.py15
-rw-r--r--python_moondb/python_moondb/backends/sql.py19
4 files changed, 65 insertions, 4 deletions
diff --git a/python_moondb/python_moondb/__init__.py b/python_moondb/python_moondb/__init__.py
index b266a9d4..287558f7 100644
--- a/python_moondb/python_moondb/__init__.py
+++ b/python_moondb/python_moondb/__init__.py
@@ -3,5 +3,5 @@
# license which can be found in the file 'LICENSE' in this package distribution
# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
-__version__ = "1.2.8"
+__version__ = "1.2.9"
diff --git a/python_moondb/python_moondb/api/model.py b/python_moondb/python_moondb/api/model.py
index 57857cd2..f5858662 100644
--- a/python_moondb/python_moondb/api/model.py
+++ b/python_moondb/python_moondb/api/model.py
@@ -9,7 +9,6 @@ from python_moonutilities import exceptions
from python_moonutilities.security_functions import filter_input, enforce
from python_moondb.api.managers import Managers
-
logger = logging.getLogger("moon.db.api.model")
@@ -30,6 +29,10 @@ class ModelManager(Managers):
if model_id not in self.driver.get_models(model_id=model_id):
raise exceptions.ModelUnknown
# TODO (asteroide): check that no policy is connected to this model
+ policies = Managers.PolicyManager.get_policies(user_id=user_id)
+ for policy in policies:
+ if policies[policy]['model_id'] == model_id:
+ raise exceptions.DeleteModelWithPolicy
return self.driver.delete_model(model_id=model_id)
@enforce(("read", "write"), "models")
@@ -65,6 +68,10 @@ class ModelManager(Managers):
if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
raise exceptions.MetaRuleUnknown
# TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule
+ models = self.get_models(user_id=user_id)
+ for model_id in models:
+ if models[model_id]['meta_rules'] == meta_rule_id:
+ raise exceptions.DeleteMetaRuleWithModel
return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id)
@enforce("read", "meta_data")
@@ -83,6 +90,13 @@ class ModelManager(Managers):
# TODO (asteroide): delete all meta_rules linked to that category
if category_id not in self.driver.get_subject_categories(category_id=category_id):
raise exceptions.SubjectCategoryUnknown
+ meta_rules = self.get_meta_rules(user_id=user_id)
+ for meta_rule_id in meta_rules:
+ for subject_category_id in meta_rules[meta_rule_id]['subject_categories']:
+ if subject_category_id == category_id:
+ raise exceptions.DeleteCategoryWithMetaRule
+ if self.driver.is_subject_data_exist(category_id=category_id):
+ raise exceptions.DeleteCategoryWithData
return self.driver.delete_subject_category(category_id=category_id)
@enforce("read", "meta_data")
@@ -101,6 +115,13 @@ class ModelManager(Managers):
# TODO (asteroide): delete all meta_rules linked to that category
if category_id not in self.driver.get_object_categories(category_id=category_id):
raise exceptions.ObjectCategoryUnknown
+ meta_rules = self.get_meta_rules(user_id=user_id)
+ for meta_rule_id in meta_rules:
+ for object_category_id in meta_rules[meta_rule_id]['object_categories']:
+ if object_category_id == category_id:
+ raise exceptions.DeleteCategoryWithMetaRule
+ if self.driver.is_object_data_exist(category_id=category_id):
+ raise exceptions.DeleteCategoryWithData
return self.driver.delete_object_category(category_id=category_id)
@enforce("read", "meta_data")
@@ -118,6 +139,12 @@ class ModelManager(Managers):
# TODO (asteroide): delete all data linked to that category
# TODO (asteroide): delete all meta_rules linked to that category
if category_id not in self.driver.get_action_categories(category_id=category_id):
- raise exceptions.ActionCategoryExisting
+ raise exceptions.ActionCategoryUnknown
+ meta_rules = self.get_meta_rules(user_id=user_id)
+ for meta_rule_id in meta_rules:
+ for action_category_id in meta_rules[meta_rule_id]['action_categories']:
+ if action_category_id == category_id:
+ raise exceptions.DeleteCategoryWithMetaRule
+ if self.driver.is_action_data_exist(category_id=category_id):
+ raise exceptions.DeleteCategoryWithData
return self.driver.delete_action_category(category_id=category_id)
-
diff --git a/python_moondb/python_moondb/api/policy.py b/python_moondb/python_moondb/api/policy.py
index 9e7ad96c..69392e6d 100644
--- a/python_moondb/python_moondb/api/policy.py
+++ b/python_moondb/python_moondb/api/policy.py
@@ -8,6 +8,7 @@ import logging
from python_moonutilities.security_functions import enforce
from python_moondb.api.managers import Managers
from python_moonutilities import exceptions
+# from python_moondb.core import PDPManager
logger = logging.getLogger("moon.db.api.policy")
@@ -46,6 +47,11 @@ class PolicyManager(Managers):
# TODO (asteroide): unmap PDP linked to that policy
if policy_id not in self.driver.get_policies(policy_id=policy_id):
raise exceptions.PolicyUnknown
+ pdps = self.PDPManager.get_pdp(user_id=user_id)
+ for pdp in pdps:
+ for policy_id in pdps[pdp]['security_pipeline']:
+ if policy_id == policy_id:
+ raise exceptions.DeletePolicyWithPdp
return self.driver.delete_policy(policy_id=policy_id)
@enforce(("read", "write"), "policies")
@@ -147,6 +153,9 @@ class PolicyManager(Managers):
@enforce(("read", "write"), "data")
def delete_subject_data(self, user_id, policy_id, data_id):
# TODO (asteroide): check and/or delete assignments linked to that data
+ subject_assignments = self.get_subject_assignments(user_id=user_id, policy_id=policy_id, subject_id=data_id)
+ if subject_assignments:
+ raise exceptions.DeleteData
return self.driver.delete_subject_data(policy_id=policy_id, data_id=data_id)
@enforce("read", "data")
@@ -175,6 +184,9 @@ class PolicyManager(Managers):
@enforce(("read", "write"), "data")
def delete_object_data(self, user_id, policy_id, data_id):
# TODO (asteroide): check and/or delete assignments linked to that data
+ object_assignments = self.get_object_assignments(user_id=user_id, policy_id=policy_id, object_id=data_id)
+ if object_assignments:
+ raise exceptions.DeleteData
return self.driver.delete_object_data(policy_id=policy_id, data_id=data_id)
@enforce("read", "data")
@@ -203,6 +215,9 @@ class PolicyManager(Managers):
@enforce(("read", "write"), "data")
def delete_action_data(self, user_id, policy_id, data_id):
# TODO (asteroide): check and/or delete assignments linked to that data
+ action_assignments = self.get_action_assignments(user_id=user_id, policy_id=policy_id, action_id=data_id)
+ if action_assignments:
+ raise exceptions.DeleteData
return self.driver.delete_action_data(policy_id=policy_id, data_id=data_id)
@enforce("read", "assignments")
diff --git a/python_moondb/python_moondb/backends/sql.py b/python_moondb/python_moondb/backends/sql.py
index a838a854..366ed7de 100644
--- a/python_moondb/python_moondb/backends/sql.py
+++ b/python_moondb/python_moondb/backends/sql.py
@@ -548,6 +548,16 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def delete_action(self, policy_id, perimeter_id):
self.__delete_perimeter(Action, ActionUnknown, policy_id, perimeter_id)
+ def __is_perimeter_data_exist(self, ClassType ,data_id=None, category_id=None):
+ logger.info("driver {} {}".format( data_id, category_id))
+ with self.get_session_for_read() as session:
+ query = session.query(ClassType)
+ query = query.filter_by(category_id=category_id)
+ ref_list = query.all()
+ if ref_list:
+ return True
+ return False
+
def __get_perimeter_data(self, ClassType, policy_id, data_id=None, category_id=None):
logger.info("driver {} {} {}".format(policy_id, data_id, category_id))
with self.get_session_for_read() as session:
@@ -602,6 +612,9 @@ class PolicyConnector(BaseConnector, PolicyDriver):
if ref:
session.delete(ref)
+ def is_subject_data_exist(self, data_id=None, category_id=None):
+ return self.__is_perimeter_data_exist(SubjectData, data_id=data_id, category_id=category_id)
+
def get_subject_data(self, policy_id, data_id=None, category_id=None):
return self.__get_perimeter_data(SubjectData, policy_id, data_id=data_id, category_id=category_id)
@@ -614,6 +627,9 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def delete_subject_data(self, policy_id, data_id):
return self.__delete_perimeter_data(SubjectData, policy_id, data_id)
+ def is_object_data_exist(self, data_id=None, category_id=None):
+ return self.__is_perimeter_data_exist(ObjectData, data_id=data_id, category_id=category_id)
+
def get_object_data(self, policy_id, data_id=None, category_id=None):
return self.__get_perimeter_data(ObjectData, policy_id, data_id=data_id, category_id=category_id)
@@ -626,6 +642,9 @@ class PolicyConnector(BaseConnector, PolicyDriver):
def delete_object_data(self, policy_id, data_id):
return self.__delete_perimeter_data(ObjectData, policy_id, data_id)
+ def is_action_data_exist(self, data_id=None,category_id=None):
+ return self.__is_perimeter_data_exist(ActionData, data_id=data_id, category_id=category_id)
+
def get_action_data(self, policy_id, data_id=None, category_id=None):
return self.__get_perimeter_data(ActionData, policy_id, data_id=data_id, category_id=category_id)