##
-# This Module implements rights and lists of rights for the Geni wrapper. Rights
+# This Module implements rights and lists of rights for the SFA. Rights
# are implemented by two classes:
#
# Right - represents a single right
# allows "listslices", "listcomponentresources", etc.
##
+
+
##
# privilege_table is a list of priviliges and what operations are allowed
# per privilege.
-privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential"],
+privilege_table = {"authority": ["register", "remove", "update", "resolve", "list", "getcredential", "*"],
"refresh": ["remove", "update"],
- "resolve": ["resolve", "list", "getcredential"],
+ "resolve": ["resolve", "list", "getcredential", "listresources", "getversion"],
"sa": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice",
"getsliceresources", "getticket", "loanresources", "stopslice", "startslice",
- "deleteslice", "resetslice", "listslices", "listnodes", "getpolicy"],
- "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "deleteslice", "updateslice", "getsliceresources"],
+ "deleteslice", "resetslice", "listslices", "listnodes", "getpolicy", "createsliver"],
+ "embed": ["getticket", "redeemslice", "redeemticket", "createslice", "createsliver", "deleteslice", "updateslice", "getsliceresources"],
"bind": ["getticket", "loanresources", "redeemticket"],
- "control": ["updateslice", "createslice", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources"],
+ "control": ["updateslice", "createslice", "createsliver", "stopslice", "startslice", "deleteslice", "resetslice", "getsliceresources", "getgids"],
"info": ["listslices", "listnodes", "getpolicy"],
- "ma": ["setbootstate", "getbootstate", "reboot"],
- "operator": ["gettrustedcerts", ""]}
+ "ma": ["setbootstate", "getbootstate", "reboot", "getgids", "gettrustedcerts"],
+ "operator": ["gettrustedcerts", "getgids"]}
+
##
rl.add("resolve")
rl.add("info")
elif type == "sa":
- rl.add("authority,sa")
+ rl.add("authority")
+ rl.add("sa")
elif type == "ma":
- rl.add("authority,ma")
+ rl.add("authority")
+ rl.add("ma")
elif type == "authority":
- rl.add("authority,sa,ma")
+ rl.add("authority")
+ rl.add("sa")
+ rl.add("ma")
elif type == "slice":
rl.add("refresh")
rl.add("embed")
#
# @param kind is a string naming the right. For example "control"
- def __init__(self, kind):
+ def __init__(self, kind, delegate=False):
self.kind = kind
-
+ self.delegate = delegate
+
##
# Test to see if this right object is allowed to perform an operation.
# Returns True if the operation is allowed, False otherwise.
my_allowed_ops = privilege_table.get(self.kind.lower(), None)
child_allowed_ops = privilege_table.get(child.kind.lower(), None)
+ if not self.delegate:
+ return False
+
if "*" in my_allowed_ops:
return True
#
# @param right is either a Right object or a string describing the right
- def add(self, right):
+ def add(self, right, delegate=False):
if isinstance(right, str):
- right = Right(kind = right)
+ right = Right(right, delegate)
self.rights.append(right)
##
parts = string.split(",")
for part in parts:
- self.rights.append(Right(part))
+ if ':' in part:
+ spl = part.split(':')
+ kind = spl[0].strip()
+ delegate = bool(int(spl[1]))
+ else:
+ kind = part.strip()
+ delegate = 0
+ self.rights.append(Right(kind, bool(delegate)))
##
# Save the rightlist object to a string. It is saved in the format of a
# comma-separated list.
- def save_to_string(self):
+ def save_to_string(self):
right_names = []
for right in self.rights:
- right_names.append(right.kind)
+ right_names.append('%s:%d' % (right.kind.strip(), right.delegate))
return ",".join(right_names)
##
- # Determine tje rights that an object should have. The rights are entirely
+ # set the delegate bit to 'delegate' on
+ # all privileges
+ #
+ # @param delegate boolean (True or False)
+
+ def delegate_all_privileges(self, delegate):
+ for right in self.rights:
+ right.delegate = delegate
+
+ ##
+ # true if all privileges have delegate bit set true
+ # false otherwise
+
+ def get_all_delegate(self):
+ for right in self.rights:
+ if not right.delegate:
+ return False
+ return True
+
+
+
+ ##
+ # Determine the rights that an object should have. The rights are entirely
# dependent on the type of the object. For example, users automatically
# get "refresh", "resolve", and "info".
#
git://git.onelab.eu / sfa.git / blobdiff