def get_access(my, type, key, default=None):
# if a list of keys is provided, then go through each key
if isinstance(key, list):
for item in key:
user_access = my.get_access(type, item)
if user_access != None:
return user_access
return None
# qualify the key with a project_code
project_code = "*"
if isinstance(key, dict):
# this avoids get_access() behavior changes on calling it twice
key2 = key.copy()
rule_project = key.get('project')
if rule_project:
project_code = rule_project
key2.pop('project')
key = Common.get_dict_list(key2)
# special case for projects
elif type == "project":
project_code = key
key = [('code','plugins')]
key = "%s?project=%s" % (key, project_code)
#print "key: ", key
# Fix added below to remove any unicode string markers from 'key' string ... sometimes the values
# of the 'key' dictionary that is passed in contains values that are unicode strings, and sometimes
# values that are ascii.
#
# FIXME: however might not necessarily be the best fix here, so this should be re-assessed at
# some point to see if a better fix can be put in place
# boris: Since we took out str() in Common.get_dict_list(), we have to re-introduce this back, but with , instead of : since it's a tuple
key = key.replace("', u'", "', '")
# if there are no rules, just return the default
rules = my.groups.get(type)
if not rules:
return default
result = None
value = rules.get(key)
if value:
result, dct = value
# DEPRECATED
if not result:
result = rules.get('__DEFAULT__')
if not result:
result = default
return result
def get_access(my, type, key, default=None):
# if a list of keys is provided, then go through each key
if isinstance(key, list):
for item in key:
user_access = my.get_access(type, item)
if user_access != None:
return user_access
return None
# qualify the key with a project_code
project_code = "*"
if isinstance(key, dict):
# this avoids get_access() behavior changes on calling it twice
key2 = key.copy()
rule_project = key.get('project')
if rule_project:
project_code = rule_project
key2.pop('project')
key = Common.get_dict_list(key2)
# special case for projects
elif type == "project":
project_code = key
key = [('code', 'plugins')]
key = "%s?project=%s" % (key, project_code)
#print "key: ", key
# Fix added below to remove any unicode string markers from 'key' string ... sometimes the values
# of the 'key' dictionary that is passed in contains values that are unicode strings, and sometimes
# values that are ascii.
#
# FIXME: however might not necessarily be the best fix here, so this should be re-assessed at
# some point to see if a better fix can be put in place
# boris: Since we took out str() in Common.get_dict_list(), we have to re-introduce this back, but with , instead of : since it's a tuple
key = key.replace("', u'", "', '")
# if there are no rules, just return the default
rules = my.groups.get(type)
if not rules:
return default
result = None
value = rules.get(key)
if value:
result, dct = value
# DEPRECATED
if not result:
result = rules.get('__DEFAULT__')
if not result:
result = default
return result
def add_xml_rules(my, xml):
'''xml should be an XML object with the data in the form of
<rules>
<group type='sobject' default='<default>'>
<rule key='<key>' access='<access>'/>
</group>
</rules>
'''
if isinstance(xml, basestring):
xmlx = Xml()
xmlx.read_string(xml)
xml = xmlx
my.xml = xml
# parse shorthand rules
rule_nodes = xml.get_nodes("rules/rule")
if not rule_nodes:
return
if my.project_codes == None:
search = Search('sthpw/project')
projects = search.get_sobjects()
my.project_codes = [x.get_code() for x in projects]
my.project_codes.append('*')
for rule_node in rule_nodes:
# initiate the project_code here for each loop
project_code = '*'
group_type = Xml.get_attribute( rule_node, "group" )
if not group_type:
# category is the preferred name over group now
# TODO: phase out the use of group completely
group_type = Xml.get_attribute( rule_node, "category" )
# get an existing rule set or create a new one
if my.groups.has_key(group_type):
rules = my.groups[group_type]
else:
rules = {}
my.groups[group_type] = rules
# set the default, if specified
group_default = xml.get_attribute( rule_node, "default" )
if group_default:
rules['__DEFAULT__'] = group_default
continue
# generate the rule key
#rule_key = xml.get_attribute(rule_node, 'key')
attrs = xml.get_attributes(rule_node)
attrs2 = {}
count = 0
for name, value in attrs.items():
if name in ['access', 'group', 'category', 'project']:
continue
# have to turn everything into strings
attrs2[str(name)] = str(value)
count += 1
if count == 1 and attrs2.has_key('key'):
# backwards compatibility
rule_key = attrs2['key']
else:
#rule_key = str(attrs2)
rule_key = str(Common.get_dict_list(attrs2))
rule_project = xml.get_attribute(rule_node, 'project')
if rule_project:
project_code = rule_project
# special treatment for search_filter to enable
# project-specific search
if group_type=='search_filter':
attrs2['project'] = rule_project
# if there is a value, then combine it with the key
rule_value = xml.get_attribute(rule_node, 'value')
if rule_value:
rule_key = "%s||%s" % (rule_key, rule_value)
# add a project code qualifier
rule_keys = []
if project_code == '*' and group_type != 'search_filter':
for code in my.project_codes:
key = "%s?project=%s" % (rule_key, code)
rule_keys.append(key)
else:
key= "%s?project=%s" % (rule_key, project_code)
#key = str(key) # may need to stringify unicode string
rule_keys.append(key)
rule_access = xml.get_attribute(rule_node, 'access')
#if rule_access == "":
# raise AccessException("Cannot have empty 'access':\n%s" \
# % xml.to_string(rule_node) )
# if no key is specified, it is considered a DEFAULT
if not rule_keys and not rule_value:
rule_keys = ['__DEFAULT__']
for rule_key in rule_keys:
# check if rule_access exists first, which doesn't for search_filter,
# but it has to go into the rules regardless
# if the rule already exists, take the highest one
if rule_access and rules.has_key(rule_key):
curr_access, cur_attrs = rules[rule_key]
try:
access_enum = my._get_access_enum(rule_access)
if my._get_access_enum(curr_access) > access_enum:
continue
except:
if group_type == "builtin":
continue
else:
raise
rules[rule_key] = rule_access, attrs2
#for rule, values in rules.items():
# print "rule: ", rule, values[0]
# FIXME: this one doesn't support the multi-attr structure
# convert this to a python data structure
group_nodes = xml.get_nodes("rules/group")
for group_node in group_nodes:
group_type = Xml.get_attribute( group_node, "type" )
# get an existing rule set or create a new one
if my.groups.has_key(group_type):
rules = my.groups[group_type]
else:
rules = {}
my.groups[group_type] = rules
# set the default, if specified
group_default = xml.get_attribute( group_node, "default" )
if group_default != "":
rules['__DEFAULT__'] = group_default
# get all of the rule nodes
rule_nodes = Xml.get_children(group_node)
for rule_node in rule_nodes:
project_code='*'
if Xml.get_node_name(rule_node) != 'rule':
continue
rule_key = xml.get_attribute(rule_node, 'key')
rule_access = xml.get_attribute(rule_node, 'access')
rule_project = xml.get_attribute(rule_node, 'project')
if rule_project:
project_code = rule_project
if rule_access == "":
raise AccessException("Cannot have empty 'access':\n%s" \
% xml.to_string(rule_node) )
rule_keys = []
attrs2 = {'key': rule_key}
# add a project code qualifier
if project_code == '*' and group_type != 'search_filter':
for code in my.project_codes:
key = "%s?project=%s" % (rule_key, code)
rule_keys.append(key)
else:
key= "%s?project=%s" % (rule_key, project_code)
rule_keys.append(key)
for rule_key in rule_keys:
rules[rule_key] = rule_access, attrs2
def get_access(my, group, key, default=None):
# if a list of keys is provided, then go through each key
if isinstance(key, list):
for item in key:
user_access = my.get_access(group, item)
if user_access != None:
return user_access
return None
# qualify the key with a project_code
project_code = "*"
rule_project = None
if isinstance(key, dict):
# this avoids get_access() behavior changes on calling it twice
key2 = key.copy()
rule_project = key.get('project')
if rule_project:
project_code = rule_project
key2.pop('project')
# backward compatibility with the key attribute
if len(key2) == 1 and key2.keys() == ['key']:
key = key2['key']
else:
key = Common.get_dict_list(key2)
if group == 'project':
key = str(key)
else:
key = "%s?project=%s" % (key, project_code)
# Fix added below to remove any unicode string markers from 'key' string ... sometimes the values
# of the 'key' dictionary that is passed in contains values that are unicode strings, and sometimes
# values that are ascii.
#
# FIXME: however might not necessarily be the best fix here, so this should be re-assessed at
# some point to see if a better fix can be put in place
# boris: Since we took out str() in Common.get_dict_list(), we have to re-introduce this back, but with , instead of : since it's a tuple
key = key.replace("', u'", "', '")
# if there are no rules, just return the default
rules = my.groups.get(group)
if not rules:
return default
result = None
value = rules.get(key)
if value:
result, dct = value
# if default is explicitly turned off by caller, don't use __DEFAULT__
if not result and default != None:
result = rules.get('__DEFAULT__')
if not result:
result = default
return result
def get_access(self, group, key, default=None):
# if a list of keys is provided, then go through each key
if isinstance(key, list):
for item in key:
user_access = self.get_access(group, item)
if user_access != None:
return user_access
return None
# qualify the key with a project_code
project_code = "*"
rule_project = None
if isinstance(key, dict):
# this avoids get_access() behavior changes on calling it twice
key2 = key.copy()
rule_project = key.get('project')
if rule_project:
project_code = rule_project
key2.pop('project')
# backward compatibility with the key attribute
if len(key2) == 1 and key2.keys() == ['key']:
key = key2['key']
else:
key = Common.get_dict_list(key2)
if group == 'project':
key = str(key)
else:
key = "%s?project=%s" % (key, project_code)
# Fix added below to remove any unicode string markers from 'key' string ... sometimes the values
# of the 'key' dictionary that is passed in contains values that are unicode strings, and sometimes
# values that are ascii.
#
# FIXME: however might not necessarily be the best fix here, so this should be re-assessed at
# some point to see if a better fix can be put in place
# boris: Since we took out str() in Common.get_dict_list(), we have to re-introduce this back, but with , instead of : since it's a tuple
key = key.replace("', u'", "', '")
# if there are no rules, just return the default
rules = self.groups.get(group)
if not rules:
return default
result = None
value = rules.get(key)
if value:
result, dct = value
# if default is explicitly turned off by caller, don't use __DEFAULT__
if not result and default != None:
result = rules.get('__DEFAULT__')
if not result:
result = default
return result
def add_xml_rules(self, xml, project_code=None):
'''xml should be an XML object with the data in the form of
<rules>
<group type='sobject' default='<default>'>
<rule key='<key>' access='<access>'/>
</group>
</rules>
'''
from pyasm.search import SObject
if isinstance(xml, SObject):
sobject = xml
xml = sobject.get_xml_value("access_rules")
if not project_code:
project_code = sobject.get_value("project_code")
project_override = project_code
if isinstance(xml, basestring):
xmlx = Xml()
xmlx.read_string(xml)
xml = xmlx
# parse shorthand rules
rule_nodes = xml.get_nodes("rules/rule")
if not rule_nodes:
return
# store all of the project codes (this will only run once)
if self.project_codes == None:
search = Search('sthpw/project')
projects = search.get_sobjects()
self.project_codes = [x.get_code() for x in projects]
self.project_codes.append('*')
for rule_node in rule_nodes:
# initiate the project_code here for each loop
project_code = '*'
group_type = Xml.get_attribute( rule_node, "group" )
if not group_type:
# category is the preferred name over group now
# TODO: phase out the use of group completely
group_type = Xml.get_attribute( rule_node, "category" )
# get an existing rule set or create a new one
if self.groups.has_key(group_type):
rules = self.groups[group_type]
else:
rules = {}
self.groups[group_type] = rules
# set the default, if specified
group_default = xml.get_attribute( rule_node, "default" )
if group_default:
rules['__DEFAULT__'] = group_default
continue
# generate the rule key
#rule_key = xml.get_attribute(rule_node, 'key')
attrs = xml.get_attributes(rule_node)
attrs2 = {}
count = 0
for name, value in attrs.items():
if name in ['access', 'group', 'category', 'project']:
continue
# have to turn everything into strings
attrs2[str(name)] = str(value)
count += 1
if count == 1 and attrs2.has_key('key'):
# backwards compatibility
rule_key = attrs2['key']
else:
#rule_key = str(attrs2)
rule_key = str(Common.get_dict_list(attrs2))
if project_override:
rule_project = project_override
else:
rule_project = xml.get_attribute(rule_node, 'project')
if rule_project:
project_code = rule_project
# special treatment for search_filter to enable
# project-specific search
if group_type=='search_filter':
attrs2['project'] = rule_project
# if there is a value, then combine it with the key
rule_value = xml.get_attribute(rule_node, 'value')
if rule_value:
rule_key = "%s||%s" % (rule_key, rule_value)
# add a project code qualifier
rule_keys = []
# project rule is special
if group_type == 'project':
key = str(rule_key)
rule_keys.append(key)
elif project_code == '*' and group_type != 'search_filter':
for code in self.project_codes:
key = "%s?project=%s" % (rule_key, code)
rule_keys.append(key)
else:
key= "%s?project=%s" % (rule_key, project_code)
#key = str(key) # may need to stringify unicode string
rule_keys.append(key)
#key= "%s?project=*" % (rule_key)
#rule_keys.append(key)
rule_access = xml.get_attribute(rule_node, 'access')
#if rule_access == "":
# raise AccessException("Cannot have empty 'access':\n%s" \
# % xml.to_string(rule_node) )
# if no key is specified, it is considered a DEFAULT
if not rule_keys and not rule_value:
rule_keys = ['__DEFAULT__']
for rule_key in rule_keys:
# check if rule_access exists first, which doesn't for search_filter,
# but it has to go into the rules regardless
# if the rule already exists, take the highest one
if rule_access and rules.has_key(rule_key):
curr_access, cur_attrs = rules[rule_key]
try:
access_enum = self._get_access_enum(rule_access)
if self._get_access_enum(curr_access) > access_enum:
continue
except:
if group_type == "builtin":
continue
else:
raise
rules[rule_key] = rule_access, attrs2
# FIXME: this one doesn't support the multi-attr structure
# convert this to a python data structure
group_nodes = xml.get_nodes("rules/group")
for group_node in group_nodes:
group_type = Xml.get_attribute( group_node, "type" )
# get an existing rule set or create a new one
if self.groups.has_key(group_type):
rules = self.groups[group_type]
else:
rules = {}
self.groups[group_type] = rules
# set the default, if specified
group_default = xml.get_attribute( group_node, "default" )
if group_default != "":
rules['__DEFAULT__'] = group_default
# get all of the rule nodes
rule_nodes = Xml.get_children(group_node)
for rule_node in rule_nodes:
project_code='*'
if Xml.get_node_name(rule_node) != 'rule':
continue
rule_key = xml.get_attribute(rule_node, 'key')
rule_access = xml.get_attribute(rule_node, 'access')
if project_override:
rule_project = project_override
else:
rule_project = xml.get_attribute(rule_node, 'project')
if rule_project:
project_code = rule_project
if rule_access == "":
raise AccessException("Cannot have empty 'access':\n%s" \
% xml.to_string(rule_node) )
rule_keys = []
attrs2 = {'key': rule_key}
# add a project code qualifier
if project_code == '*' and group_type != 'search_filter':
for code in self.project_codes:
key = "%s?project=%s" % (rule_key, code)
rule_keys.append(key)
else:
key= "%s?project=%s" % (rule_key, project_code)
rule_keys.append(key)
for rule_key in rule_keys:
rules[rule_key] = rule_access, attrs2
