def get_implicit_users_for_permission(self, *permission):
"""
gets implicit users for a permission.
For example:
p, admin, data1, read
p, bob, data1, read
g, alice, admin
get_implicit_users_for_permission("data1", "read") will get: ["alice", "bob"].
Note: only users will be returned, roles (2nd arg in "g") will be excluded.
"""
p_subjects = self.get_all_subjects()
g_inherit = self.model.get_values_for_field_in_policy("g", "g", 1)
g_subjects = self.model.get_values_for_field_in_policy("g", "g", 0)
subjects = array_remove_duplicates(g_subjects + p_subjects)
res = list()
subjects = set_subtract(subjects, g_inherit)
for user in subjects:
req = join_slice(user, *permission)
allowed = self.enforce(*req)
if allowed:
res.append(user)
return res
def get_values_for_field_in_policy(self, sec, ptype, field_index):
"""gets all values for a field for all rules in a policy, duplicated values are removed."""
values = []
if sec not in self.model.keys():
return values
if ptype not in self.model[sec]:
return values
for rule in self.model[sec][ptype].policy:
values.append(rule[field_index])
return util.array_remove_duplicates(values)
def test_array_remove_duplicates(self):
res = util.array_remove_duplicates(["data", "data1", "data2", "data1", "data2", "data3"])
self.assertEqual(res, ["data", "data1", "data2", "data3"])