Added Policy Classes for specifying access control policies to PLC tables. + Modified...

diff --git a/PLC/Slices.py b/PLC/Slices.py
index 59a592b..1892cae 100644 (file)
--- a/PLC/Slices.py
+++ b/PLC/Slices.py
@@ -14,6 +14,7 @@ from PLC.Nodes import Node
 from PLC.Persons import Person, Persons
 from PLC.SliceTags import SliceTag
 from PLC.Timestamp import Timestamp
+from PLC.SlicesPolicy import SlicesPolicy
 
 class Slice(Row):
     """
@@ -250,12 +251,61 @@ class Slice(Row):
 
 
 class Slices(Table):
+    def read_policy(self, api, caller, slice_filter, columns, expires):
+       """ 
+       Returns set of rows caller is allowed to touch
+       """
+       
+       # If we are not admin, make sure to return only viewable
+        # slices.
+        if isinstance(caller, Person) and \
+           'admin' not in caller['roles']:
+            # Get slices that we are able to view
+            valid_slice_ids = caller['slice_ids']
+            if 'pi' in caller['roles'] and caller['site_ids']:
+                sites = Sites(self.api, caller['site_ids'])
+                for site in sites:
+                    valid_slice_ids += site['slice_ids']
+
+            if not valid_slice_ids:
+                return []
+
+            if slice_filter is None:
+                slice_filter = valid_slice_ids
+
+        # Must query at least slice_id (see below)
+        if return_fields is not None and 'slice_id' not in return_fields:
+            return_fields.append('slice_id')
+            added_fields = True
+        else:
+            added_fields = False
+
+        # Filter out slices that are not viewable
+        if isinstance(caller, Person) and \
+           'admin' not in caller['roles']:
+            slices = filter(lambda slice: slice['slice_id'] in valid_slice_ids, slices)
+
+        # Remove slice_id if not specified
+        if added_fields:
+            for slice in slices:
+                if 'slice_id' in slice:
+                    del slice['slice_id']
+       
+       return slices
+
     """
     Representation of row(s) from the slices table in the
     database.
     """
+    def __init__(self, api, caller, slice_filter = None, columns = None, expires = int(time.time())):
+       
+       ### XXX Todo: Use pyaspects(?) if this doesn't get better soon
+
+       self.policy = SlicesPolicy(api, caller)
+       policy_filter = self.policy.incoming(slice_filter, columns, {'expires':expires})
+       slice_filter = policy_filter['row_filter']
+       columns = policy_filter['column_filter']
 
-    def __init__(self, api, slice_filter = None, columns = None, expires = int(time.time())):
         Table.__init__(self, api, Slice, columns)
 
         # the view that we're selecting upon: start with view_slices