Exemplo n.º 1
0
    def get_role_object(self, role_defn):
        assert isinstance(role_defn, dict)
        assert role_defn.get("type") == "object.Role"

        role_name = role_defn.get("name", None)

        if role_name == None:
            raise ValueError("Role must have name value.")

        role_sid = role_defn.get("sid", None)

        if role_sid == None:
            raise ValueError("Role must have sid value.")

        role_item_defns = role_defn.get("role_items", [])

        role = Role(name=role_name, sid=role_sid)

        for role_item_defn in role_item_defns:
            assert isinstance(role_item_defn, dict)
            check_role_item(role_item_defn)
            role_item = RoleItem(**role_item_defn)
            role.role_items.append(role_item)

        return role
Exemplo n.º 2
0
    def get_role_object(self, role_defn):
        assert isinstance(role_defn, dict)
        assert role_defn.get("type") == "object.Role"

        role_name = role_defn.get("name", None)

        if role_name == None:
            raise ValueError("Role must have name value.")

        role_sid = role_defn.get("sid", None)

        if role_sid == None:
            raise ValueError("Role must have sid value.")

        role_item_defns = role_defn.get("role_items", [])

        role = Role(name=role_name, sid=role_sid)

        for role_item_defn in role_item_defns:
            assert isinstance(role_item_defn, dict)
            check_role_item(role_item_defn)
            role_item = RoleItem(**role_item_defn)
            role.role_items.append(role_item)

        return role
Exemplo n.º 3
0
def before_role_insert(object_service, object_name, data, access_type):
    assert object_name == COSMOS_ROLE_OBJECT_NAME
    assert isinstance(data, dict)
    assert access_type == AccessType.INSERT

    sid = data.get("sid", None)

    if not sid:
        data["sid"] = str(uuid.uuid4())
    else:
        sid = sid.strip()
        data["sid"] = sid

        if sid != ANONYMOUS_USER_ROLE_SID and sid != LOGGED_IN_USER_ROLE_SID:
            for role in WELL_KNOWN_ROLES:
                if role.sid == sid:
                    raise tornado.web.HTTPError(
                        409, "Conflict: Duplicate role sid")

        query = {"sid": sid}
        columns = ["sid"]
        cursor = object_service.find(SYSTEM_USER, COSMOS_ROLE_OBJECT_NAME,
                                     query, columns)

        if (yield cursor.fetch_next):
            user = cursor.next_object()
            if user:
                raise tornado.web.HTTPError(409,
                                            "Conflict: Duplicate role sid")

    try:
        role_items = data.get("role_items")
        if len(role_items) < 1:
            raise ValueError("Role items can not be empty for a role")

        for role_item_def in role_items:
            check_role_item(role_item_def)
    except ValueError as ve:
        raise tornado.web.HTTPError(400, ve.message)
Exemplo n.º 4
0
def before_role_insert(object_service, object_name, data, access_type):
    assert object_name == COSMOS_ROLE_OBJECT_NAME
    assert isinstance(data, dict)
    assert access_type == AccessType.INSERT

    sid = data.get("sid", None)

    if not sid:
        data["sid"] = str(uuid.uuid4())
    else:
        sid = sid.strip()
        data["sid"] = sid

        if sid != ANONYMOUS_USER_ROLE_SID and sid != LOGGED_IN_USER_ROLE_SID:
            for role in WELL_KNOWN_ROLES:
                if role.sid == sid:
                    raise tornado.web.HTTPError(409, "Conflict: Duplicate role sid")

        query = {"sid": sid}
        columns=["sid"]
        cursor = object_service.find(SYSTEM_USER, COSMOS_ROLE_OBJECT_NAME, query, columns)

        if(yield cursor.fetch_next):
            user = cursor.next_object()
            if user:
                raise tornado.web.HTTPError(409, "Conflict: Duplicate role sid")

    try:
        role_items = data.get("role_items")
        if len(role_items) < 1:
            raise ValueError("Role items can not be empty for a role")

        for role_item_def in role_items:
            check_role_item(role_item_def)
    except ValueError as ve:
        raise tornado.web.HTTPError(400, ve.message)