def __validate_role_constraints(session):
for role_constraint in session.user.role_constraints:
result = __validate_role_constraint(session, role_constraint)
if result is not SUCCESS:
logger.debug('validate_role_constraints deactivate user-role:' +
session.user.uid + '.' + role_constraint.name +
', result=' + str(result))
__deactivate_role(session.user, role_constraint)
def _open_admin():
try:
with _srv_pool.connection() as conn:
c = conn
except Exception as e:
raise LdapException('connutl.open Exception=' + str(e))
if (_ldap_debug):
logger.debug(c.usage)
return c
def __validate_role_constraint(session, constraint):
result = SUCCESS
if __is_constraint(constraint):
for validator in validators:
result = validator.validate(constraint, CurrentDateTime(), session)
if result is not SUCCESS:
logger.debug(validator.__class__.__name__ +
' validation failed:' + constraint.name +
', uid=' + session.user.uid + ', result=' +
str(result))
break
return result
def __validate_user_constraint(session, op):
result = SUCCESS
if __is_constraint(session.user.constraint):
for validator in validators:
result = validator.validate(session.user.constraint,
CurrentDateTime(), session)
if result is not SUCCESS:
logger.debug(validator.__class__.__name__ +
' validation failed:' +
session.user.constraint.name + ', result=' +
str(result))
raise RbacError(msg=op + ' constraint validation failed uid:' +
session.user.uid,
id=result)
return result
def open():
c = _open_admin()
if (_ldap_debug):
logger.debug(c.usage)
return c