def __init__(self, user, action_class=None, access_type=None, start_time=None, end_time=None, parent=None):
# Make sure the given user is allowed to have this capability
if user.is_admin():
if self.use not in ADMIN_USES:
raise ValueError("The administrator can't have a capability of type %s" % self.use)
elif self.use not in NORMAL_USES:
raise ValueError("Only the administrator can have a capability of type %s" % self.use)
if parent is not None:
# Action/access types default to those of a non-admin parent
if parent.use != ADMIN_USE:
action_class = parent.action_class
access_type = parent.access_type
# Missing start/end times default to those of the parent,
# while given ones must fall within any limits set by the parent
if start_time is None:
start_time = parent.start_time
else:
start_time = start_time if parent.start_time is None else max(start_time, parent.start_time)
if end_time is None:
end_time = parent.end_time
else:
end_time = end_time if parent.end_time is None else min(end_time, parent.end_time)
# Set all the values
self.user = user
self.key = rand64(CAP_BYTES)
self.parent = parent
self.action_class = action_class
self.access_type = access_type
self.start_time = start_time
self.end_time = end_time
# Call the reconstructor on new instances as well
self._init()
def __init__(self): self.serial = rand64(SERIAL_BYTES)