util/rights.py

   1 privilege_table = {"authority": ["*"],
   2                    "refresh": ["remove", "update"],
   3                    "resolve": ["resolve", "list", "getcredential"],
   4                    "sa": ["*"],
   5                    "embed": ["getticket", "createslice", "deleteslice", "updateslice"],
   6                    "bind": ["getticket", "loanresources"],
   7                    "control": ["updateslice", "stopslice", "startslice", "deleteslice"],
   8                    "info": ["listslices", "listcomponentresources", "getsliceresources"],
   9                    "ma": ["*"]}
  10
  11 class Right:
  12    def __init__(self, kind):
  13       self.kind = kind
  14
  15    def can_perform(self, op_name):
  16       allowed_ops = privilege_table.get(self.kind.lower(), None)
  17       if not allowed_ops:
  18          return False
  19
  20       # if "*" is specified, then all ops are permitted
  21       if "*" in allowed_ops:
  22          return True
  23
  24       return (op_name.lower() in allowed_ops)
  25
  26 class RightList:
  27     def __init__(self, string=None):
  28         self.rights = []
  29         if string:
  30             self.load_from_string(string)
  31
  32     def load_from_string(self, string):
  33         self.rights = []
  34
  35         # none == no rights, so leave the list empty
  36         if not string:
  37             return
  38
  39         parts = string.split(",")
  40         for part in parts:
  41             self.rights.append(Right(part))
  42
  43     def save_to_string(self):
  44         right_names = []
  45         for right in self.rights:
  46             right_names.append(right.kind)
  47
  48         return ",".join(right_names)
  49
  50     def can_perform(self, op_name):
  51         for right in self.rights:
  52             if right.can_perform(op_name):
  53                 return True
  54         return False
  55
  56