3 # support for privileges according to GENI specification
7 # a list of priviliges and what operations are allowed per privilege
9 privilege_table = {"authority": ["*"],
10 "refresh": ["remove", "update"],
11 "resolve": ["resolve", "list", "getcredential"],
13 "embed": ["getticket", "createslice", "deleteslice", "updateslice"],
14 "bind": ["getticket", "loanresources"],
15 "control": ["updateslice", "stopslice", "startslice", "deleteslice", "resetslice"],
16 "info": ["listslices", "listcomponentresources", "getsliceresources"],
19 # a "Right" is a single privilege.
22 def __init__(self, kind):
25 def can_perform(self, op_name):
26 allowed_ops = privilege_table.get(self.kind.lower(), None)
30 # if "*" is specified, then all ops are permitted
31 if "*" in allowed_ops:
34 return (op_name.lower() in allowed_ops)
36 def is_superset(self, child):
37 my_allowed_ops = privilege_table.get(self.kind.lower(), None)
38 child_allowed_ops = privilege_table.get(child.kind.lower(), None)
40 if "*" in my_allowed_ops:
43 for right in child_allowed_ops:
44 if not right in my_allowed_ops:
49 # a "RightList" is a list of privileges
52 def __init__(self, string=None):
55 self.load_from_string(string)
58 if isinstance(right, str):
59 right = Right(kind = right)
60 self.rights.append(right)
62 def load_from_string(self, string):
65 # none == no rights, so leave the list empty
69 parts = string.split(",")
71 self.rights.append(Right(part))
73 def save_to_string(self):
75 for right in self.rights:
76 right_names.append(right.kind)
78 return ",".join(right_names)
80 def can_perform(self, op_name):
81 for right in self.rights:
82 if right.can_perform(op_name):
86 def is_superset(self, child):
87 for child_right in child.rights:
89 for my_right in self.rights:
90 if my_right.is_superset(child_right):