From 7bb53c64da2dcf88894bfd31503accdd81498f3d Mon Sep 17 00:00:00 2001 From: Thomas Duval Date: Wed, 3 Jun 2020 10:06:52 +0200 Subject: Update to new version 5.4 Signed-off-by: Thomas Duval Change-Id: Idcd868133d75928a1ffd74d749ce98503e0555ea --- moon_manager/moon_manager/api/db/model.py | 429 ++++++++++++++++++++++++++++++ 1 file changed, 429 insertions(+) create mode 100644 moon_manager/moon_manager/api/db/model.py (limited to 'moon_manager/moon_manager/api/db/model.py') diff --git a/moon_manager/moon_manager/api/db/model.py b/moon_manager/moon_manager/api/db/model.py new file mode 100644 index 00000000..9dc6273a --- /dev/null +++ b/moon_manager/moon_manager/api/db/model.py @@ -0,0 +1,429 @@ +# Software Name: MOON + +# Version: 5.4 + +# SPDX-FileCopyrightText: Copyright (c) 2018-2020 Orange and its contributors +# SPDX-License-Identifier: Apache-2.0 + +# This software is distributed under the 'Apache License 2.0', +# the text of which is available at 'http://www.apache.org/licenses/LICENSE-2.0.txt' +# or see the "LICENSE" file for more details. + + +from uuid import uuid4 +import logging +from moon_utilities import exceptions +from moon_utilities.security_functions import enforce +from moon_manager.api.db.managers import Managers +import copy +from moon_manager import pip_driver + +logger = logging.getLogger("moon.db.api.model") + + +class ModelManager(Managers): + + def __init__(self, connector=None): + self.driver = connector.driver + Managers.ModelManager = self + + @enforce(("read", "write"), "models") + def update_model(self, moon_user_id, model_id, value): + if model_id not in self.driver.get_models(model_id=model_id): + raise exceptions.ModelUnknown + + if not value['name'].strip(): + raise exceptions.ModelContentError('Model name invalid') + + if 'meta_rules' not in value: + raise exceptions.MetaRuleUnknown + + model = self.get_models(moon_user_id=moon_user_id, model_id=model_id) + model = model[next(iter(model))] + if ((model['meta_rules'] and value['meta_rules'] and model['meta_rules'] != value[ + 'meta_rules']) \ + or (model['meta_rules'] and not value['meta_rules'])): + policies = Managers.PolicyManager.get_policies(moon_user_id=moon_user_id) + for policy_id in policies: + if policies[policy_id]["model_id"] == model_id: + raise exceptions.DeleteModelWithPolicy + + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if meta_rule_id: + meta_rule_tmp = self.driver.get_meta_rules(meta_rule_id=meta_rule_id) + if (not meta_rule_id) or (not meta_rule_tmp) : + raise exceptions.MetaRuleUnknown + + return self.driver.update_model(model_id=model_id, value=value) + + @enforce(("read", "write"), "models") + def delete_model(self, moon_user_id, model_id): + if model_id not in self.driver.get_models(model_id=model_id): + raise exceptions.ModelUnknown + # TODO (asteroide): check that no policy is connected to this model + policies = Managers.PolicyManager.get_policies(moon_user_id=moon_user_id) + for policy in policies: + if policies[policy]['model_id'] == model_id: + raise exceptions.DeleteModelWithPolicy + return self.driver.delete_model(model_id=model_id) + + @enforce(("read", "write"), "models") + def add_model(self, moon_user_id, model_id=None, value=None): + + if not value['name'].strip(): + raise exceptions.ModelContentError('Model name invalid') + + models = self.driver.get_models() + if model_id in models: + raise exceptions.ModelExisting + + if value.get('meta_rules', []): + for model in models: + if models[model]['name'] == value['name']: + raise exceptions.ModelExisting("Model Name Existed") + if sorted(models[model].get('meta_rules', [])) == sorted(value.get('meta_rules', [])): + raise exceptions.ModelExisting("Meta Rules List Existed in another Model") + + if not model_id: + model_id = uuid4().hex + if value and 'meta_rules' in value: + for meta_rule_id in value['meta_rules']: + if not meta_rule_id: + raise exceptions.MetaRuleUnknown + meta_rule = self.driver.get_meta_rules(meta_rule_id=meta_rule_id) + if not meta_rule: + raise exceptions.MetaRuleUnknown + + return self.driver.add_model(model_id=model_id, value=value) + + @enforce("read", "models") + def get_models(self, moon_user_id, model_id=None): + return self.driver.get_models(model_id=model_id) + + @enforce("read", "policies") + def get_policies(self, moon_user_id, policy_id=None): + return self.driver.get_policies(policy_id=policy_id) + + @enforce(("read", "write"), "meta_rules") + def update_meta_rule(self, moon_user_id, meta_rule_id, value): + meta_rules = self.driver.get_meta_rules() + if not meta_rule_id or meta_rule_id not in meta_rules: + raise exceptions.MetaRuleUnknown + self.__check_meta_rule_dependencies(moon_user_id=moon_user_id, meta_rule_id=meta_rule_id) + if value: + if not value['name'].strip(): + raise exceptions.MetaRuleContentError('Meta_rule name invalid') + + if 'subject_categories' in value: + if (len(value['subject_categories']) == 1 and (value['subject_categories'][0] is None or value[ + 'subject_categories'][0].strip() == "")): + value['subject_categories'] = []; + else: + for subject_category_id in value['subject_categories']: + if (not subject_category_id) or (not self.driver.get_subject_categories( + category_id=subject_category_id)): + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + if (len(value['object_categories']) == 1 and (value['object_categories'][0] is None or value[ + 'object_categories'][0].strip() == "")): + value['object_categories'] = []; + else: + for object_category_id in value['object_categories']: + if (not object_category_id) or (not self.driver.get_object_categories( + category_id=object_category_id)): + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + if (len(value['action_categories']) == 1 and (value['action_categories'][0] is None or value[ + 'action_categories'][0].strip() == "")): + value['action_categories'] = []; + else: + for action_category_id in value['action_categories']: + if (not action_category_id) or (not self.driver.get_action_categories( + category_id=action_category_id)): + raise exceptions.ActionCategoryUnknown + + for meta_rule_obj_id in meta_rules: + counter_matched_list = 0 + counter_matched_list += self.check_combination( + meta_rules[meta_rule_obj_id]['subject_categories'], + value['subject_categories']) + counter_matched_list += self.check_combination( + meta_rules[meta_rule_obj_id]['object_categories'], + value['object_categories']) + counter_matched_list += self.check_combination( + meta_rules[meta_rule_obj_id]['action_categories'], + value['action_categories']) + if counter_matched_list == 3 and meta_rule_obj_id != meta_rule_id: + raise exceptions.MetaRuleExisting("Same categories combination existed") + + return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) + + def __check_meta_rule_dependencies(self, moon_user_id, meta_rule_id): + policies = self.get_policies(moon_user_id=moon_user_id) + for policy in policies: + model_id = policies[policy]["model_id"] + model = self.get_models(moon_user_id=moon_user_id, model_id=model_id)[model_id] + if meta_rule_id in model["meta_rules"]: + raise exceptions.MetaRuleUpdateError("This meta_rule is already in use in a policy") + + policies = Managers.PolicyManager.get_policies(moon_user_id=moon_user_id) + for policy_id in policies: + rules = Managers.PolicyManager.get_rules(moon_user_id=moon_user_id, policy_id=policy_id, + meta_rule_id=meta_rule_id) + if rules['rules']: + raise exceptions.MetaRuleUpdateError + + @enforce("read", "meta_rules") + def get_meta_rules(self, moon_user_id, meta_rule_id=None): + return self.driver.get_meta_rules(meta_rule_id=meta_rule_id) + + @enforce(("read", "write"), "meta_rules") + def add_meta_rule(self, moon_user_id, meta_rule_id=None, value=None): + + if not value['name'].strip(): + raise exceptions.MetaRuleContentError('Meta_rule name invalid') + + meta_rules = self.driver.get_meta_rules() + + if meta_rule_id in meta_rules: + raise exceptions.MetaRuleExisting + + if value: + if 'subject_categories' in value: + if (len(value['subject_categories']) == 1 and (value['subject_categories'][0] is None or value[ + 'subject_categories'][0].strip() == "")): + value['subject_categories'] = []; + else: + for subject_category_id in value['subject_categories']: + if ((not subject_category_id) or (not self.driver.get_subject_categories( + category_id=subject_category_id))): + if subject_category_id.startswith("attributes:"): + _attributes = pip_driver.AttrsManager.get_objects( + moon_user_id="admin", + object_type=subject_category_id.replace("attributes:", "") + ) + action_category_id = subject_category_id.replace("attributes:", "") + if action_category_id != _attributes['id']: + raise exceptions.SubjectCategoryUnknown + else: + raise exceptions.SubjectCategoryUnknown + if 'object_categories' in value: + if(len(value['object_categories']) == 1 and (value['object_categories'][0] is None or value[ + 'object_categories'][0].strip() == "")): + value['object_categories'] = []; + else: + for object_category_id in value['object_categories']: + if ((not object_category_id) or (not self.driver.get_object_categories( + category_id=object_category_id))): + if object_category_id.startswith("attributes:"): + _attributes = pip_driver.AttrsManager.get_objects( + moon_user_id="admin", + object_type=object_category_id.replace("attributes:", "") + ) + action_category_id = object_category_id.replace("attributes:", "") + if action_category_id != _attributes['id']: + raise exceptions.ObjectCategoryUnknown + else: + raise exceptions.ObjectCategoryUnknown + if 'action_categories' in value: + if (len(value['action_categories']) == 1 and (value['action_categories'][0] is None or value[ + 'action_categories'][0].strip() == "")): + value['action_categories'] = []; + else: + for action_category_id in value['action_categories']: + if ((not action_category_id) or (not self.driver.get_action_categories( + category_id=action_category_id))): + if action_category_id.startswith("attributes:"): + _attributes = pip_driver.AttrsManager.get_objects( + moon_user_id="admin", + object_type=action_category_id.replace("attributes:", "") + ) + action_category_id = action_category_id.replace("attributes:", "") + if action_category_id not in _attributes.keys(): + raise exceptions.ActionCategoryUnknown + else: + raise exceptions.ActionCategoryUnknown + + for meta_rule_obj_id in meta_rules: + counter_matched_list = 0 + + counter_matched_list += self.check_combination( + meta_rules[meta_rule_obj_id]['subject_categories'], value['subject_categories']) + + counter_matched_list += self.check_combination( + meta_rules[meta_rule_obj_id]['object_categories'], value['object_categories']) + + counter_matched_list += self.check_combination( + meta_rules[meta_rule_obj_id]['action_categories'], value['action_categories']) + + if counter_matched_list == 3: + raise exceptions.MetaRuleExisting("Same categories combination existed") + + return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value) + + # @enforce(("read", "write"), "meta_rules") + def check_combination(self, list_one, list_two): + counter_removed_items = 0 + temp_list_two = copy.deepcopy(list_two) + for item in list_one: + if item in temp_list_two: + temp_list_two.remove(item) + counter_removed_items += 1 + + if list_two and counter_removed_items == len(list_two) and len(list_two) == len(list_one): + return 1 + return 0 + + @enforce(("read", "write"), "meta_rules") + def delete_meta_rule(self, moon_user_id, meta_rule_id=None): + if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id): + raise exceptions.MetaRuleUnknown + # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule + models = self.get_models(moon_user_id=moon_user_id) + for model_id in models: + for id in models[model_id]['meta_rules']: + if id == meta_rule_id: + raise exceptions.DeleteMetaRuleWithModel + return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id) + + @enforce("read", "meta_data") + def get_subject_categories(self, moon_user_id, category_id=None): + return self.driver.get_subject_categories(category_id=category_id) + + @enforce(("read", "write"), "meta_data") + def add_subject_category(self, moon_user_id, category_id=None, value=None): + + if not value['name'].strip(): + raise exceptions.CategoryNameInvalid + + subject_categories = [] + if category_id is not None: + subject_categories = self.driver.get_subject_categories(category_id=category_id) + + subject_categories_names = self.driver.get_subject_categories(category_name=value['name'].strip()) + + if subject_categories_names or subject_categories: + raise exceptions.SubjectCategoryExisting + + + if not ('description' in value): + value['description'] = "" + return self.driver.add_subject_category(name=value["name"], + description=value["description"], uuid=category_id) + + @enforce(("read", "write"), "meta_data") + def delete_subject_category(self, moon_user_id, category_id): + # TODO (asteroide): delete all data linked to that category + # TODO (asteroide): delete all meta_rules linked to that category + if category_id not in self.driver.get_subject_categories(category_id=category_id): + raise exceptions.SubjectCategoryUnknown + meta_rules = self.get_meta_rules(moon_user_id=moon_user_id) + for meta_rule_id in meta_rules: + for subject_category_id in meta_rules[meta_rule_id]['subject_categories']: + logger.info( + "delete_subject_category {} {}".format(subject_category_id, meta_rule_id)) + logger.info("delete_subject_category {}".format(meta_rules[meta_rule_id])) + if subject_category_id == category_id: + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteSubjectCategoryWithMetaRule + + if self.driver.is_subject_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + + if self.driver.is_subject_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData + + return self.driver.delete_subject_category(category_id=category_id) + + @enforce("read", "meta_data") + def get_object_categories(self, moon_user_id, category_id=None): + return self.driver.get_object_categories(category_id) + + @enforce(("read", "write"), "meta_data") + def add_object_category(self, moon_user_id, category_id=None, value=None): + if not value['name'].strip(): + raise exceptions.CategoryNameInvalid + + object_categories = [] + if category_id is not None: + object_categories = self.driver.get_object_categories(category_id=category_id) + + object_categories_names = self.driver.get_object_categories(category_name=value['name'].strip()) + if object_categories_names or object_categories: + raise exceptions.ObjectCategoryExisting + + if not ('description' in value): + value['description'] = "" + + return self.driver.add_object_category(name=value["name"], description=value["description"], + uuid=category_id) + + @enforce(("read", "write"), "meta_data") + def delete_object_category(self, moon_user_id, category_id): + # TODO (asteroide): delete all data linked to that category + # TODO (asteroide): delete all meta_rules linked to that category + if category_id not in self.driver.get_object_categories(category_id=category_id): + raise exceptions.ObjectCategoryUnknown + meta_rules = self.get_meta_rules(moon_user_id=moon_user_id) + for meta_rule_id in meta_rules: + for object_category_id in meta_rules[meta_rule_id]['object_categories']: + if object_category_id == category_id: + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteObjectCategoryWithMetaRule + + if self.driver.is_object_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + + if self.driver.is_object_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData + + return self.driver.delete_object_category(category_id=category_id) + + @enforce("read", "meta_data") + def get_action_categories(self, moon_user_id, category_id=None): + return self.driver.get_action_categories(category_id=category_id) + + @enforce(("read", "write"), "meta_data") + def add_action_category(self, moon_user_id, category_id=None, value=None): + + if not value['name'].strip(): + raise exceptions.CategoryNameInvalid + + action_categories = [] + if category_id is not None: + action_categories = self.driver.get_action_categories(category_id=category_id) + + action_categories_names = self.driver.get_action_categories(category_name=value['name'].strip()) + if action_categories_names or action_categories: + raise exceptions.ActionCategoryExisting + + if not ('description' in value): + value['description'] = "" + + return self.driver.add_action_category(name=value["name"], description=value["description"], + uuid=category_id) + + @enforce(("read", "write"), "meta_data") + def delete_action_category(self, moon_user_id, category_id): + # TODO (asteroide): delete all data linked to that category + # TODO (asteroide): delete all meta_rules linked to that category + if category_id not in self.driver.get_action_categories(category_id=category_id): + raise exceptions.ActionCategoryUnknown + meta_rules = self.get_meta_rules(moon_user_id=moon_user_id) + for meta_rule_id in meta_rules: + for action_category_id in meta_rules[meta_rule_id]['action_categories']: + if action_category_id == category_id: + # has_rules = self.driver.is_meta_rule_has_rules(meta_rule_id) + # if has_rules: + raise exceptions.DeleteActionCategoryWithMetaRule + + if self.driver.is_action_category_has_assignment(category_id): + raise exceptions.DeleteCategoryWithAssignment + + if self.driver.is_action_data_exist(category_id=category_id): + raise exceptions.DeleteCategoryWithData + + return self.driver.delete_action_category(category_id=category_id) -- cgit 1.2.3-korg