3 # support for privileges according to GENI specification
7 # a list of priviliges and what operations are allowed per privilege
9 privilege_table = {"authority": ["*"],
10 "refresh": ["remove", "update"],
11 "resolve": ["resolve", "list", "getcredential"],
13 "embed": ["getticket", "createslice", "deleteslice", "updateslice"],
14 "bind": ["getticket", "loanresources"],
15 "control": ["updateslice", "stopslice", "startslice", "deleteslice"],
16 "info": ["listslices", "listcomponentresources", "getsliceresources"],
19 # a "Right" is a single privilege.
22 def __init__(self, kind):
25 def can_perform(self, op_name):
26 allowed_ops = privilege_table.get(self.kind.lower(), None)
30 # if "*" is specified, then all ops are permitted
31 if "*" in allowed_ops:
34 return (op_name.lower() in allowed_ops)
36 # a "RightList" is a list of privileges
39 def __init__(self, string=None):
42 self.load_from_string(string)
44 def load_from_string(self, string):
47 # none == no rights, so leave the list empty
51 parts = string.split(",")
53 self.rights.append(Right(part))
55 def save_to_string(self):
57 for right in self.rights:
58 right_names.append(right.kind)
60 return ",".join(right_names)
62 def can_perform(self, op_name):
63 for right in self.rights:
64 if right.can_perform(op_name):