def delete_perm(perm):
"""
This method will remove permission operation entity from permission object. A Fortress permission is (object->operation). The perm operation must exist before making this call.
required parameters:
perm.obj_name - maps to already existing perm object
perm.op_name - maps to already existing op name
optional parameters:
perm.obj_id
"""
utils.validate_perm(perm)
return permdao.delete(perm)
def read_perm(perm):
"""
This method returns a matching permission entity to caller.
required parameters:
perm.obj_name - maps to already existing perm object
perm.op_name - maps to already existing op name
optional parameters:
perm.obj_id
return:
Perm
"""
utils.validate_perm(perm)
return permdao.read(perm)
def find_perms(perm):
"""
Method returns a list of type Permission that match the perm object search string.
required parameters:
perm.obj_name - maps to already existing perm object. May be partial name with wildcard on end - *.
perm.op_name - maps to already existing op name. May be partial name with wildcard on end - *.
optional parameters:
perm.obj_id. May be partial with wildcard.
return:
Perm list
"""
utils.validate_perm(perm)
return permdao.search(perm)
def perm_users(perm):
"""
Return all users that have been granted a particular permission via their role assignments.
required parameters:
perm.obj_name - maps to already existing perm object
perm.op_name - maps to already existing op name
optional parameters:
perm.obj_id
return:
User list
"""
utils.validate_perm(perm)
out_perm = permdao.read(perm)
return userdao.search_on_roles(out_perm.roles)
def perm_roles(perm):
"""
Return a list of type String of all roles that have granted a particular permission.
required parameters:
perm.obj_name - maps to already existing perm object
perm.op_name - maps to already existing op name
optional parameters:
perm.obj_id
return:
String list of role names
"""
utils.validate_perm(perm)
out_perm = permdao.read(perm)
return out_perm.roles
def grant(perm, role):
"""
This method will add permission operation to an existing permission object which resides under ou=Permissions,ou=RBAC,dc=yourHostName,dc=com container in directory information tree.
The perm operation entity may have Role or User associations. The target Permission must not exist prior to calling.
A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: (PermObj*->Permission).
required parameters:
perm.obj_name - existing perm obj.
perm.obj_name - existing perm op.
role.name - existing role.
optional parameters:
perm.obj_id - object identifier
"""
utils.validate_role(role)
utils.validate_perm(perm)
return permdao.grant(perm, role)
def revoke(perm, role):
"""
This command revokes the permission to perform an operation on an object from the set of permissions assigned to a role.
The command is implemented by setting the access control list of the object involved.
The command is valid if and only if the pair (operation, object) represents a permission, the role is a member of the ROLES data set, and the permission is assigned to that role.
required parameters:
perm.obj_name - existing perm obj.
perm.obj_name - existing perm op.
role.name - existing role.
optional parameters:
perm.obj_id - object identifier
"""
utils.validate_role(role)
utils.validate_perm(perm)
return permdao.revoke(perm, role)
def update_perm(perm):
"""
This method will update permission operation pre-existing in target directory under ou=Permissions,ou=RBAC,dc=yourHostName,dc=com container in directory information tree.
The perm operation entity may also contain Role or User associations to add or remove using this function.
The perm operation must exist before making this call. Only non-null attributes will be updated.
required parameters:
perm.obj_name - maps to already existing perm object
perm.op_name - maps to already existing op name
optional parameters:
perm.obj_id - object identifier
perm.props - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1
perm.type - any safe text
perm.description - any safe text
"""
utils.validate_perm(perm)
return permdao.update(perm)
def add_perm(perm):
"""
This method will add permission operation to an existing permission object which resides under ou=Permissions,ou=RBAC,dc=yourHostName,dc=com container in directory information tree.
The perm operation entity may have Role or User associations. The target Permission must not exist prior to calling.
A Fortress Permission instance exists in a hierarchical, one-many relationship between its parent and itself as stored in ldap tree: (PermObj*->Permission).
required parameters:
perm.obj_name - maps to already existing perm object
perm.op_name - accepts an arbitrary name for an operation that maps to runtime process.
optional parameters:
perm.obj_id - object identifier
perm.props - multi-occurring property key and values are separated with a ':'. e.g. mykey1:myvalue1
perm.type - any safe text
perm.description - any safe text
"""
utils.validate_perm(perm)
return permdao.create(perm)