class Policy(EnumBase):
"""Permission policy for a given operation.
@cvar OPEN: Access is granted.
@cvar CLOSED: Access is denied.
"""
OPEN = Constant(True, 'OPEN')
CLOSED = Constant(False, 'CLOSED')
class Role(EnumBase):
"""User roles.
@cvar ANONYMOUS: A user with the anonymous role only has read-only access
to data in Fluidinfo, unless a permission specifically grants write
access to a particular entity.
@cvar SUPERUSER: A user with the superuser role has read-write access to
all data in Fluidinfo and is not subject to permission checks.
@cvar USER: A user with the user role has read-write access to some data
in Fluidinfo, based on the rules defined by the permission system.
@cvar USER_MANAGER: A user with the user manager role is the same as a
C{USER}, except they can create, update and delete L{User}s.
"""
ANONYMOUS = Constant(1, 'ANONYMOUS')
SUPERUSER = Constant(2, 'SUPERUSER')
USER = Constant(3, 'USER')
USER_MANAGER = Constant(4, 'USER_MANAGER')
class Node(object):
"""A node in the abstract syntax tree for a parsed Fluidinfo query.
@param kind: The kind of L{Node}, such as L{Node.PATH} or L{Node.OR}, for
example.
@param value: The value (C{int}, C{string}, etc.) or the symbol for the
node (C{>}, C{=}, etc.)
@param left: The L{Node} on the left edge or C{None} if there is no left
edge.
@param right: The L{Node} on the right edge or C{None} if there is no
right edge.
"""
EQ_OPERATOR = Constant(0, 'EQ_OPERATOR')
NEQ_OPERATOR = Constant(1, 'NEQ_OPERATOR')
LT_OPERATOR = Constant(2, 'LT_OPERATOR')
LTE_OPERATOR = Constant(3, 'LTE_OPERATOR')
GT_OPERATOR = Constant(4, 'GT_OPERATOR')
GTE_OPERATOR = Constant(5, 'GTE_OPERATOR')
PATH = Constant(6, 'PATH')
VALUE = Constant(7, 'VALUE')
HAS = Constant(8, 'HAS')
KEY = Constant(9, 'KEY')
CONTAINS = Constant(10, 'CONTAINS')
MATCHES = Constant(11, 'MATCHES')
EXCEPT = Constant(12, 'EXCEPT')
AND = Constant(13, 'AND')
OR = Constant(14, 'OR')
def __init__(self, kind, value, left, right):
self.kind = kind
self.value = value
self.left = left
self.right = right
def __eq__(self, node):
"""Determine if another L{Node} is equivalent to this one.
@param node: The other L{Node} to check.
@return: C{True} if they're equal, otherwise C{False}.
"""
return (self.kind == node.kind and self.value == node.value)
def __repr__(self):
"""Get a printable representation of this node."""
left = self.left if self.left is None else 'Node(%s)' % self.left.kind
right = (self.right if self.right is None else 'Node(%s)' %
self.right.kind)
return ('<Node(%s) value=%r left=%s right=%s>' %
(self.kind, self.value, left, right))
class Operation(EnumBase):
"""An enumeration to represent different permission operations.
@cvar CREATE_NAMESPACE: Create namespaces or tags in a given namespace.
@cvar UPDATE_NAMESPACE: Change the properties of a namespace.
@cvar DELETE_NAMESPACE: Delete the namespace, which must be empty.
@cvar LIST_NAMESPACE: See a list of contained namespaces and tag names.
@cvar CONTROL_NAMESPACE: Change permissions for a namespace.
@cvar UPDATE_TAG: Change the properties of the tag.
@cvar DELETE_TAG: Delete the entire tag and removing it from all objects.
@cvar CONTROL_TAG: Change permissions for a tag.
@cvar WRITE_TAG_VALUE: Add a tag to an object, or change an exiting one.
@cvar READ_TAG_VALUE: Read the value of a tag on an object.
@cvar DELETE_TAG_VALUE: Remove a tag from an object.
@cvar CONTROL_TAG_VALUE: Change permissions for a tag-values.
@cvar CREATE_USER: Create a user.
@cvar DELETE_USER: Delete a user.
@cvar UPDATE_USER: Update user details.
@cvar CREATE_OBJECT: Create an object.
@cvar TAG_OPERATIONS: A C{list} of all tag related operations.
@cvar NAMESPACE_OPERATIONS: A C{list} of all namespace related operations.
@cvar PATH_OPERATIONS: A C{list} of tag and namespace operations.
@cvar CONTROL_OPERATIONS: A C{list} of all C{CONTROL} operations.
@cvar ALLOWED_ANONYMOUS_OPERATIONS: A C{list} of operations that a user
with L{Role.ANONYMOUS} can perform.
"""
CREATE_NAMESPACE = Constant(1, 'CREATE_NAMESPACE')
UPDATE_NAMESPACE = Constant(2, 'UPDATE_NAMESPACE')
DELETE_NAMESPACE = Constant(3, 'DELETE_NAMESPACE')
LIST_NAMESPACE = Constant(4, 'LIST_NAMESPACE')
CONTROL_NAMESPACE = Constant(5, 'CONTROL_NAMESPACE')
UPDATE_TAG = Constant(6, 'UPDATE_TAG')
DELETE_TAG = Constant(7, 'DELETE_TAG')
CONTROL_TAG = Constant(8, 'CONTROL_TAG')
WRITE_TAG_VALUE = Constant(9, 'WRITE_TAG_VALUE')
READ_TAG_VALUE = Constant(10, 'READ_TAG_VALUE')
DELETE_TAG_VALUE = Constant(11, 'DELETE_TAG_VALUE')
CONTROL_TAG_VALUE = Constant(12, 'CONTROL_TAG_VALUE')
CREATE_USER = Constant(13, 'CREATE_USER')
DELETE_USER = Constant(14, 'DELETE_USER')
UPDATE_USER = Constant(15, 'UPDATE_USER')
CREATE_OBJECT = Constant(17, 'CREATE_OBJECT')
TAG_OPERATIONS = [
UPDATE_TAG, DELETE_TAG, WRITE_TAG_VALUE, READ_TAG_VALUE,
DELETE_TAG_VALUE, CONTROL_TAG, CONTROL_TAG_VALUE
]
NAMESPACE_OPERATIONS = [
CREATE_NAMESPACE, UPDATE_NAMESPACE, DELETE_NAMESPACE, LIST_NAMESPACE,
CONTROL_NAMESPACE
]
PATH_OPERATIONS = TAG_OPERATIONS + NAMESPACE_OPERATIONS
USER_OPERATIONS = [CREATE_USER, DELETE_USER, UPDATE_USER]
CONTROL_OPERATIONS = [CONTROL_NAMESPACE, CONTROL_TAG, CONTROL_TAG_VALUE]
ALLOWED_ANONYMOUS_OPERATIONS = [LIST_NAMESPACE, READ_TAG_VALUE]
def testInstantiate(self):
"""A L{Constant} includes an ID and a name."""
constant = Constant(42, 'VALUE')
self.assertEqual(42, constant.id)
self.assertEqual('VALUE', constant.name)
class SampleEnum(object):
VALUE = Constant(1, 'VALUE')
unacceptable = 10
def testRepr(self):
"""
A helpful string is generated when C{repr} is used with a L{Constant}.
"""
constant = Constant(42, 'VALUE')
self.assertEqual('<Constant id=42 name=VALUE>', repr(constant))
def testStr(self):
"""
L{Constant.name} is returned when a constant is converted to a string.
"""
constant = Constant(42, 'VALUE')
self.assertEqual('VALUE', str(constant))