Python RoleCheck Examples

Example #1

File: policy.py Project: larsbutler/glance

LOG = logging.getLogger(__name__)

policy_opts = [
    cfg.StrOpt('policy_file',
               default='policy.json',
               help=_('The location of the policy file.')),
    cfg.StrOpt('policy_default_rule',
               default='default',
               help=_('The default policy to use.')),
]

CONF = cfg.CONF
CONF.register_opts(policy_opts)

DEFAULT_RULES = {
    'context_is_admin': policy.RoleCheck('role', 'admin'),
    'default': policy.TrueCheck(),
    'manage_image_cache': policy.RoleCheck('role', 'admin'),
}


class Enforcer(object):
    """Responsible for loading and enforcing rules"""
    def __init__(self):
        self.default_rule = CONF.policy_default_rule
        self.policy_path = self._find_policy_file()
        self.policy_file_mtime = None
        self.policy_file_contents = None
        self.load_rules()

    def set_rules(self, rules):

Example #2

File: policy.py Project: hughsaunders/glance-openstack

policy_opts = [
    cfg.StrOpt('policy_file',
               default='policy.json',
               help=_('The location of the policy file.')),
    cfg.StrOpt('policy_default_rule',
               default='default',
               help=_('The default policy to use.')),
]

CONF = cfg.CONF
CONF.register_opts(policy_opts)

DEFAULT_RULES = {
    'default': policy.TrueCheck(),
    'manage_image_cache': policy.RoleCheck('role', 'admin'),
}


class Enforcer(object):
    """Responsible for loading and enforcing rules"""
    def __init__(self):
        self.default_rule = CONF.policy_default_rule
        self.policy_path = self._find_policy_file()
        self.policy_file_mtime = None
        self.policy_file_contents = None

    def set_rules(self, rules):
        """Create a new Rules object based on the provided dict of rules"""
        rules_obj = policy.Rules(rules, self.default_rule)
        policy.set_rules(rules_obj)