def obj_get(obj_uuid, obj_ver=None):
obj = db.custos_obj(obj_uuid)
obj_val, obj_ver = obj.get_val()
out = [
{
STANZA_OBJS_UUID: obj_uuid,
STANZA_OBJS_VAL: obj_val,
STANZA_OBJS_VER: obj_ver
}
]
return out
def check_perm(perm, AAs_pro, uuid=None, ovr=False):
# Lookup ACS
if perm.startswith(_PERM_PRE_SRV):
ou = db.custos_srv(uuid)
elif perm.startswith(_PERM_PRE_GRP):
ou = db.custos_grp(uuid)
elif perm.startswith(_PERM_PRE_OBJ):
ou = db.custos_obj(uuid)
else:
raise Exception("Unknown permission prefix")
acs = ou.get_ACS()
if acs is None:
raise Exception("No ACS returned")
print("acs = {:s}".format(acs))
print("perm = {:s}".format(perm))
# Lookup ACC
acc = acs[perm]
# Check ACC
# TODO Provide smarter mutli-chain checking
for chain in acc:
AAs_req = [ db.get_attr_val(aa) for aa in chain ]
AAs_out = check_AAs(AAs_req, AAs_pro)
if AAs_out is None:
raise Exception("No attributes returned")
# Derive Pass/Fail
stats = set([ aa[u'Status'] for aa in AAs_out ])
if ((_ATTR_STATUS_DENIED in stats) or
(_ATTR_STATUS_REQUIRED in stats)):
success = False
else:
success = True
break
return (success, AAs_out)
