def get_variable(self, username, variablename):
if variablename not in self.perm_db or variablename not in self.var_value_db:
# variable does not exist
#return "VAR_DOESNT_EXIST"
#raise DB_Exception('Get: VAR_DOESNT_EXIST')
raise DB_Exception("FAILED")
else:
# if variable does exist
if username in self.perm_db[
variablename] or "anyone" in self.perm_db[variablename]:
# if the user has permissions for the variable
if "read" in self.perm_db[variablename][username]:
# if the user has READ permission for the variable, return value
return self.var_value_db[variablename]
else:
# user does not have read permission
#return "NOPERM"
#raise DB_Exception("Get: NOPERM")
raise DB_Exception("DENIED")
elif username == 'admin':
return self.var_value_db[variablename]
else:
# user has no permissions for variable
#return "NOPERM_FOR_USER"
#raise DB_Exception("Get: NOPERM_FOR_USER")
raise DB_Exception("DENIED")
def set_variable(self, username, variablename, value):
# TODO
#check varname constraints
if len(variablename) > 255:
raise DB_Exception("FAILED")
elif isinstance(value, (str, basestring)) and len(value) > 65000:
raise DB_Exception("FAILED")
else:
if variablename in self.var_value_db and variablename in self.perm_db:
if self.chkaccess(username, variablename, 'write'):
self.var_value_db[variablename] = value
return "SET"
else:
raise DB_Exception("DENIED")
else:
if variablename not in self.var_value_db:
self.var_value_db[variablename] = value
# set default access
if variablename not in self.perm_db:
self.perm_db[variablename] = {}
self.perm_db[variablename][username] = [
'read', 'write', 'append', 'delegate'
]
self.perm_db[variablename]['admin'] = [
'read', 'write', 'append', 'delegate'
]
return "SET"
def default_delegate(self, current_username, permsfrom_username,
permsto_username):
# TODO
if len(current_username) > 255 or len(permsfrom_username) > 255 or len(
permsto_username) > 255:
raise DB_Exception("FAILED")
elif current_username != 'admin':
print "only admin can run this function!"
raise DB_Exception("DENIED")
else:
vars_w_delegate = self.findall_vars_with_delegate_perm(
permsfrom_username)
for v in vars_w_delegate:
if self.chkaccess(permsfrom_username, v, 'read'):
self.set_delegation(current_username, permsfrom_username,
permsto_username, 'read', v)
if self.chkaccess(permsfrom_username, v, 'write'):
self.set_delegation(current_username, permsfrom_username,
permsto_username, 'write', v)
if self.chkaccess(permsfrom_username, v, 'append'):
self.set_delegation(current_username, permsfrom_username,
permsto_username, 'append', v)
if self.chkaccess(permsfrom_username, v, 'delegate'):
self.set_delegation(current_username, permsfrom_username,
permsto_username, 'delegate', v)
def default_delegate(self, current_username, permsfrom_username,
delegate_username):
if current_username != "admin":
#raise DB_Exception('Default Delegate: NOPERM')
raise DB_Exception('DENIED')
vars_to_delegate = self.findall_vars_with_delegate_perm(
permsfrom_username)
#print "found variables to delegate... :: " + str(vars_to_delegate)
for var in vars_to_delegate:
if permsfrom_username not in self.perm_db[var]:
#raise DB_Exception('fatal error occurred, target user not in db?')
raise DB_Exception("FAILED")
if delegate_username not in self.perm_db[var]:
self.perm_db[var][delegate_username] = self.perm_db[var][
permsfrom_username]
else:
# merge permissions that the delegate user already has, with the perms that target_user has
var_perms = self.perm_db[var][
permsfrom_username] # permissions target user has to delegate
delegate_varperms = self.perm_db[var][
delegate_username] # permissions delegate already has
result_varperms = var_perms
result_varperms.extend(x for x in delegate_varperms
if x not in result_varperms)
self.perm_db[var][delegate_username] = result_varperms
return "SUCCESS"
def set_default_delegator(self, username, default_del_username):
if default_del_username not in self.user_db:
raise DB_Exception(
"set default del error: delegate user not found")
# raise DB_Exception("FAILED")
elif username != "admin":
raise DB_Exception("set default del: NOPERM")
# raise DB_Exception("DENIED")
else:
self.default_delegator = default_del_username
return "SUCCESS"
def get_variable(self, username, variablename):
# TODO
if len(variablename) > 255 or len(username) > 255:
raise DB_Exception("FAILED")
else:
if variablename in self.var_value_db:
if self.chkaccess(username, variablename, 'read'):
return self.var_value_db[variablename]
else:
raise DB_Exception("DENIED")
else:
raise DB_Exception("FAILED")
def check_user_auth(self, username, given_password):
if username not in self.user_db:
# if username is not in database
#return "USER_NOT_FOUND"
#raise DB_Exception('Check User Auth: USER_NOT_FOUND')
raise DB_Exception("FAILED")
elif self.user_db[username] == given_password:
# if the provided password matches the password on file for username
return "SUCCESS"
else:
# authentication failure
#return "FAIL"
#raise DB_Exception('Check User Auth: FAIL')
raise DB_Exception("DENIED")
def INIT_user(self, currentuser, username, password):
if currentuser != "admin":
#return "NOPERM"
#TODO: Change to DENIED
#raise DB_Exception("Create Principal: NO_PERM")
raise DB_Exception("DENIED")
elif username not in self.user_db:
# if username not already in the database, add new user
self.user_db[username] = password
return "CREATE_PRINCIPAL"
else:
# username is already in use
#return "USER_ALREADY_EXISTS"
#raise DB_Exception("Create Principal: USER_ALREADY_EXISTS")
raise DB_Exception("FAILED")
def remove_delegation(self, running_username, current_username,
target_username, permission, variablename):
if permission not in ["read", "write", "append", "delegate"]:
#return "BAD_PERMISSION_GIVEN"
raise DB_Exception('Delete Delegation: BAD_PERMISSION_GIVEN')
# raise DB_Exception("FAILED")
if variablename not in self.perm_db or variablename not in self.var_value_db:
# variable does not exist
#return "VAR_DOESNT_EXIST"
#raise DB_Exception('Delete Delegation: VAR_DOESNT_EXIST')
raise DB_Exception("FAILED")
else:
# variable exists
if current_username in self.perm_db[
variablename] and "delegate" in self.perm_db[variablename][
current_username]:
# if current user has perms for var, and DELEGATE is one of them
if target_username in self.perm_db[variablename]:
# if target user has perms for var
if permission in self.perm_db[variablename][
target_username]:
# if the permission you want to remove is given to target user, remove it
self.perm_db[variablename][target_username].remove(
permission)
return "DELETE_DELEGATION"
else:
# target user did not have the permission you want to revoke
#return "PERMISSION_NOT_GIVEN"
#raise DB_Exception('Delete Delegation: PERMISSION_NOT_GIVEN')
raise DB_Exception("DENIED")
else:
# target user does not have any perms over variable
#return "PERMISSION_NOT_GIVEN"
#raise DB_Exception('Delete Delegation: PERMISSION_NOT_GIVEN')
raise DB_Exception("DENIED")
elif running_username == 'admin':
if current_username not in self.perm_db[variablename]:
raise DB_Exception("FAILED")
elif 'delegate' not in self.perm_db[variablename][
current_username] or permission not in self.perm_db[
variablename][current_username]:
raise DB_Exception("FAILED")
elif target_username not in self.perm_db[
variablename] or permission not in self.perm_db[
variablename][target_username]:
raise DB_Exception("FAILED")
else:
self.perm_db[variablename][target_username].remove(
permission)
return "DELETE_DELEGATION"
else:
# current user has no perms over variable
#return "NOPERM"
#raise DB_Exception('Delete Delegation: NOPERM')
raise DB_Exception("DENIED")
def set_variable(self, username, variablename, value):
if len(value) > 65000:
raise DB_Exception("FAILED")
if len(variablename) > 255:
raise DB_Exception("FAILED")
# handle if the variable is not set yet
if variablename not in self.perm_db and variablename not in self.var_value_db:
# init permission dictionary for perm db
self.perm_db[variablename] = {}
# set initial perms for creator
self.perm_db[variablename][username] = [
"read", "write", "append", "delegate"
]
# set initial value for var
#Also give admin rights.
self.perm_db[variablename]['admin'] = [
"read", "write", "append", "delegate"
]
self.var_value_db[variablename] = value
return "SET"
else:
# handle if the variable is already set
if len(value) > 65000:
raise DB_Exception("FAILED")
# if username is registered for the variable
if username in self.perm_db[
variablename] or "anyone" in self.perm_db[variablename]:
# if username has write permission
if "write" in self.perm_db[variablename][username]:
# set the variable content and return
self.var_value_db[variablename] = value
return "SET"
else:
# return error: user does not have write permission
#return "NOPERM_FOR_USER"
#raise DB_Exception("Set: NOPERM_FOR_USER")
raise DB_Exception("DENIED")
elif username == 'admin':
self.var_value_db[variablename] = value
return "SET"
else:
# return error: user does not have any permissions for variable
#return "NOPERM_FOR_USER"
#raise DB_Exception("Set: NOPERM_FOR_USER")
raise DB_Exception("DENIED")
def change_password(self, username, target_username, new_password):
if username not in self.user_db:
# if username is not found in database
#return "USER_NOT_FOUND"
#raise DB_Exception('Change Password: USER_NOT_FOUND')
raise DB_Exception("FAILED")
elif target_username not in self.user_db:
#return "TARGET_USER_NOT_FOUND"
#raise DB_Exception('Change Password: TARGET_USER_NOT_FOUND')
raise DB_Exception("FAILED")
elif username == target_username or username == "admin":
# if the username is changing its own password, or admin is changing the username's password
self.user_db[target_username] = new_password
return "CHANGE_PASSWORD"
else:
# authentication failure
#return "FAIL"
#raise DB_Exception('Change Password: FAIL')
raise DB_Exception("DENIED")
def create_user(self, currentuser, username, password, var_db):
if self.default_delegator not in self.user_db:
#raise DB_Exception("Create principal: def del does not exist")
raise DB_Exception("FAILED")
if currentuser != "admin":
#return "NOPERM"
#TODO: Change to DENIED
#raise DB_Exception("Create Principal: NO_PERM")
raise DB_Exception("DENIED")
elif username not in self.user_db:
# if username not already in the database, add new user
self.user_db[username] = password
var_db.default_delegate(currentuser, self.default_delegator,
username)
#var_db.default_delegate(currentuser, username, self.default_delegator)
return "CREATE_PRINCIPAL"
else:
# username is already in use
#return "USER_ALREADY_EXISTS"
#raise DB_Exception("Create Principal: USER_ALREADY_EXISTS")
raise DB_Exception("FAILED")
def set_delegation(self, uname_running, uname_permfrom, uname_permto,
permission, variablename):
# TODO
if len(uname_running) > 255 or len(uname_permfrom) > 255 or len(
uname_permto) > 255 or len(variablename) > 255:
raise DB_Exception("FAILED")
elif permission not in ['read', 'write', 'append', 'delegate']:
raise DB_Exception("FAILED")
else:
if uname_running == 'admin':
# he can give perms even if a user doesnt have delegate perm
if variablename not in self.symlink_db:
self.symlink_db[variablename] = []
delegate_entry = [uname_permfrom, permission, uname_permto]
if delegate_entry not in self.symlink_db[variablename]:
self.symlink_db[variablename].append(delegate_entry)
return "SET_DELEGATION"
else:
return "SET_DELEGATION"
elif uname_running == uname_permfrom:
# check if delegation perm over variable is available for user
if self.chkaccess(uname_permfrom, variablename, 'delegate'):
if variablename not in self.symlink_db:
self.symlink_db[variablename] = []
# has this perm already been given?
delegate_entry = [uname_permfrom, permission, uname_permto]
if delegate_entry not in self.symlink_db[variablename]:
self.symlink_db[variablename].append(delegate_entry)
return "SET_DELEGATION"
else:
return "SET_DELEGATION"
else:
raise DB_Exception("DENIED")
else:
raise DB_Exception("DENIED")
def remove_delegation(self, uname_running, uname_permfrom, uname_permto,
permission, variablename):
# TODO
if len(uname_running) > 255 or len(uname_permfrom) > 255 or len(
uname_permto) > 255 or len(variablename) > 255:
raise DB_Exception("FAILED")
elif permission not in ['read', 'write', 'append', 'delegate']:
raise DB_Exception("FAILED")
else:
symlink_to_remove = [uname_permfrom, permission, uname_permto]
if uname_running == 'admin':
if variablename not in self.symlink_db:
return "DELETE_DELEGATION"
if symlink_to_remove in self.symlink_db[variablename]:
self.symlink_db[variablename].remove(symlink_to_remove)
return "DELETE_DELEGATION"
else:
return "DELETE_DELEGATION"
elif uname_running == uname_permfrom:
# if no symlinks exist for this variable, just return success
if variablename not in self.symlink_db:
return "DELETE_DELEGATION"
if self.chkaccess(uname_permfrom, variablename, permission):
if symlink_to_remove in self.symlink_db[variablename]:
self.symlink_db[variablename].remove(symlink_to_remove)
return "DELETE_DELEGATION"
else:
return "DELETE_DELEGATION"
else:
raise DB_Exception("DENIED")
else:
raise DB_Exception("DENIED")
def append_to_variable(self, username, variablename, value):
# TODO
if len(variablename) > 255:
raise DB_Exception("FAILED")
elif isinstance(value,
(str, basestring, list, dict)) and len(value) > 6500:
raise DB_Exception("FAILED")
else:
if variablename in self.var_value_db:
if self.chkaccess(username, variablename, 'append'):
# verify append length will not exceed max
if len(self.var_value_db[variablename]) + len(
value) > 6500:
raise DB_Exception("FAILED")
# verify types are the same
if type(self.var_value_db[variablename]) != type(value):
raise DB_Exception("FAILED")
if isinstance(self.var_value_db[variablename],
(str, basestring)):
self.var_value_db[variablename] += value
return "APPEND"
elif isinstance(self.var_value_db[variablename], list):
self.var_value_db[variablename].append(value)
return "APPEND"
elif isinstance(self.var_value_db[variablename], dict):
self.var_value_db[variablename].update(value)
return "APPEND"
else:
print "unknown types requested. "
raise DB_Exception("FAILED")
else:
raise DB_Exception("DENIED")
else:
raise DB_Exception("FAILED")
def append_to_variable(self, username, variablename, value):
# handle if the variable is not set yet
if variablename not in self.perm_db and variablename not in self.var_value_db:
# init permission dictionary for perm db
self.perm_db[variablename] = {}
# set initial perms for creator
self.perm_db[variablename][username] = [
"read", "write", "append", "delegate"
]
# set initial value for var
self.var_value_db[variablename] = value
return "APPEND"
else:
# handle if the variable is already set
# if username is registered for the variable
if username in self.perm_db[
variablename] or "anyone" in self.perm_db[variablename]:
# if username has append permission
if "append" in self.perm_db[variablename][username]:
# append the given value to current value
# have to check what type of data structure it is to append correctly
if isinstance(
self.var_value_db[variablename],
(int, long, float, complex, basestring, str)):
if isinstance(
self.var_value_db[variablename],
(basestring,
str)) and len(self.var_value_db[variablename]
) + len(value) > 65000:
raise DB_Exception("FAILED")
self.var_value_db[variablename] += value
elif isinstance(self.var_value_db[variablename], list):
self.var_value_db[variablename].append(value)
elif isinstance(self.var_value_db[variablename], dict):
self.var_value_db[variablename].update(value)
else:
#return "VARTYPE_APPEND_NOT_SUPPORTED"
raise DB_Exception('Append To: VARTYPE_NOT_SUPPORTED')
# raise DB_Exception("FAILED")
return "APPEND"
else:
# user does not have append permissions
#return "NOPERM_FOR_USER"
#raise DB_Exception('Append To: NOPERM_FOR_USER')
raise DB_Exception("DENIED")
elif username == 'admin':
# have to check what type of data structure it is to append correctly
if isinstance(self.var_value_db[variablename],
(int, long, float, complex, basestring, str)):
if isinstance(
self.var_value_db[variablename],
(basestring,
str)) and len(self.var_value_db[variablename]) + len(
value) > 65000:
raise DB_Exception("FAILED")
self.var_value_db[variablename] += value
elif isinstance(self.var_value_db[variablename], list):
self.var_value_db[variablename].append(value)
elif isinstance(self.var_value_db[variablename], dict):
self.var_value_db[variablename].update(value)
else:
# return "VARTYPE_APPEND_NOT_SUPPORTED"
raise DB_Exception('Append To: VARTYPE_NOT_SUPPORTED')
# raise DB_Exception("FAILED")
return "APPEND"
else:
# user does not have any permissions for variable
#return "NOPERM_FOR_USER"
#raise DB_Exception('Append To: NOPERM_FOR_USER')
raise DB_Exception("DENIED")
def set_delegation(self, running_username, current_username,
target_username, permission, variablename):
if current_username != 'admin' and permission not in [
"read", "write", "append", "delegate"
]:
#return "BAD_PERMISSION_GIVEN"
#raise DB_Exception('Set Delegation: BAD_PERMISSION_GIVEN')
raise DB_Exception("FAILED")
if variablename not in self.perm_db or variablename not in self.var_value_db:
# if variable does not exist
#return "VAR_DOESNT_EXIST"
#raise DB_Exception('Set Delegation: VAR_DOESNT_EXIST')
raise DB_Exception("FAILED")
else:
# variable exists
if running_username == current_username or running_username == 'admin':
if current_username not in self.perm_db[variablename]:
raise DB_Exception("FAILURE")
if permission not in self.perm_db[variablename][
current_username]:
raise DB_Exception("DENIED")
# current user has permissions for variable
if "delegate" in self.perm_db[variablename][
current_username] and permission in self.perm_db[
variablename][current_username]:
# current user has DELEGATE permissions
if target_username in self.perm_db[variablename]:
#if target user already has permissions for variable
if permission in self.perm_db[variablename][
target_username]:
# if target user already has specific permission for var
#return "PERM_ALREADY_GIVEN"
#raise DB_Exception('Set Delegation: PERM_ALREADY_GIVEN')
return "SET_DELEGATION"
# raise DB_Exception("FAILED")
else:
# target user does not have permission for var
self.perm_db[variablename][target_username].append(
permission)
return "SET_DELEGATION"
else:
# target user has never obtains perms for variable before
self.perm_db[variablename][target_username] = [
permission
]
return "SET_DELEGATION"
elif running_username == 'admin':
if current_username in self.perm_db[variablename]:
if permission not in self.perm_db[variablename][
current_username]:
# cant give permission they dont have
raise DB_Exception("FAILED")
elif target_username in self.perm_db[variablename]:
self.perm_db[variablename][target_username].append(
permission)
return "SET_DELEGATION"
else:
self.perm_db[variablename][target_username] = [
permission
]
return "SET_DELEGATION"
else:
# USER can't give permission because they dont exist
raise DB_Exception("FAILED")
else:
# current user cannot delegate
#return "NOPERM"
#raise DB_Exception('Set Delegation: NOPERM')
raise DB_Exception("DENIED")
else:
# current user has no perms for variable
#return "NOPERM"
#raise DB_Exception('Set Delegation: NOPERM')
raise DB_Exception("DENIED")