Merged trunk in from 17245:17645

[sfa.git] / sfa / trust / rights.py

diff --git a/sfa/trust/rights.py b/sfa/trust/rights.py
index 16ef185..e3d110f 100644 (file)
--- a/sfa/trust/rights.py
+++ b/sfa/trust/rights.py
@@ -11,6 +11,7 @@
 ##
 
 
+
 ##
 # privilege_table is a list of priviliges and what operations are allowed
 # per privilege.
@@ -29,6 +30,7 @@ privilege_table = {"authority": ["register", "remove", "update", "resolve", "lis
                    "operator": ["gettrustedcerts", "getgids"]}
 
 
+
 ##
 # Determine tje rights that an object should have. The rights are entirely
 # dependent on the type of the object. For example, users automatically
@@ -51,11 +53,15 @@ def determine_rights(type, name):
         rl.add("resolve")
         rl.add("info")
     elif type == "sa":
-        rl.add("authority,sa")
+        rl.add("authority")
+        rl.add("sa")
     elif type == "ma":
-        rl.add("authority,ma")
+        rl.add("authority")
+        rl.add("ma")
     elif type == "authority":
-        rl.add("authority,sa,ma")
+        rl.add("authority")
+        rl.add("sa")
+        rl.add("ma")
     elif type == "slice":
         rl.add("refresh")
         rl.add("embed")
@@ -78,9 +84,10 @@ class Right:
    #
    # @param kind is a string naming the right. For example "control"
 
-   def __init__(self, kind):
+   def __init__(self, kind, delegate=False):
       self.kind = kind
-
+      self.delegate = delegate
+      
    ##
    # Test to see if this right object is allowed to perform an operation.
    # Returns True if the operation is allowed, False otherwise.
@@ -109,6 +116,9 @@ class Right:
       my_allowed_ops = privilege_table.get(self.kind.lower(), None)
       child_allowed_ops = privilege_table.get(child.kind.lower(), None)
 
+      if not self.delegate:
+          return False
+
       if "*" in my_allowed_ops:
           return True
 
@@ -140,9 +150,9 @@ class RightList:
     #
     # @param right is either a Right object or a string describing the right
 
-    def add(self, right):
+    def add(self, right, delegate=False):
         if isinstance(right, str):
-            right = Right(kind = right)
+            right = Right(right, delegate)
         self.rights.append(right)
 
     ##
@@ -157,16 +167,23 @@ class RightList:
 
         parts = string.split(",")
         for part in parts:
-            self.rights.append(Right(part))
+            if ':' in part:
+                spl = part.split(':')
+                kind = spl[0].strip()
+                delegate = bool(int(spl[1]))
+            else:
+                kind = part.strip()
+                delegate = 0
+            self.rights.append(Right(kind, bool(delegate)))
 
     ##
     # Save the rightlist object to a string. It is saved in the format of a
     # comma-separated list.
 
-    def save_to_string(self):
+    def save_to_string(self):        
         right_names = []
         for right in self.rights:
-            right_names.append(right.kind)
+            right_names.append('%s:%d' % (right.kind.strip(), right.delegate))
 
         return ",".join(right_names)
 
@@ -203,7 +220,29 @@ class RightList:
 
 
     ##
-    # Determine tje rights that an object should have. The rights are entirely
+    # set the delegate bit to 'delegate' on
+    # all privileges
+    #
+    # @param delegate boolean (True or False)
+
+    def delegate_all_privileges(self, delegate):
+        for right in self.rights:
+            right.delegate = delegate
+
+    ##
+    # true if all privileges have delegate bit set true
+    # false otherwise
+
+    def get_all_delegate(self):
+        for right in self.rights:
+            if not right.delegate:
+                return False
+        return True
+
+
+
+    ##
+    # Determine the rights that an object should have. The rights are entirely
     # dependent on the type of the object. For example, users automatically
     # get "refresh", "resolve", and "info".
     #