def setSSDRoleConstraint(role_name, mutlexcl_name, user): if role_name != mutlexcl_name: if not possessCommonSeniorRole(role_name, mutlexcl_name, user): juniorRoles = getAllJuniorRoles(role_name, user) seniorRoles = getAllSeniorRoles(role_name, user) if mutlexcl_name not in seniorRoles: if mutlexcl_name not in juniorRoles: success = setSSDConstraint(role_name, mutlexcl_name, user) if success: setSSDConstraint(mutlexcl_name, role_name, user) return success else: e = "FAILED, role <<$role>> cannot be mutual exclusive to its junior-role <<$mutlexcl>>." raise xoRETwError(e) else: e = "FAILED, role <<$role>> cannot be mutual exclusive to its senior-role <<$mutlexcl>>" raise xoRETwError(e) else: e = "FAILED, <<$role>> and <<$mutlexcl>> possess a common senior-role." raise xoRETwError(e) else: e = "FAILED, a role cannot be mutual exclusive to itself." raise xoRETwError(e) return 0
def setSSDConstraint(role_name, mutlexcl_name, user): print 'setSSDConstraint' print 'role_name is ', role_name print 'mutlexcl_name is ', mutlexcl_name if not hasSSDRoleConstraintTo(role_name, mutlexcl_name, user): print 'not hasSSDRoleConstraintTo' try: role_obj = Role.objects.get(name=role_name, user=user) except Exception as e: error_message = str(e) raise xoRETwError(e) ssd_constraints = [] if role_obj.ssd_constraints: ssd_constraints = role_obj.ssd_constraints.split(',') ssd_constraints.append(mutlexcl_name) role_obj.ssd_constraints = ",".join(ssd_constraints) role_obj.save() return 1 else: e = "INFO, role: <<$role>> is already (statically) mutual exclusive to <<[self]>>. Note that SSD Constraints are inherited via a role-hierarchy." raise xoRETwError(e) return 0
def permRoleAssign(perm_name, role_name, user): print 'permRoleAssign' print 'perm_name: ', perm_name if ssdPermConstraintAllowPRA(perm_name, role_name, user): print 'RRR' if permMaxCardinalityAllowAssignment(perm_name, user): success = assignPerm(role_name, perm_name, user) if success: incrPermOwnerQuantity(perm_name, user) return success else: e = "FAILED, the permission maximum owner cardinality of <<[$perm name]>> is already reached. In order to assign permission <<[$perm name]>> to role: <<[$role name]>> you have to revoke <<[$perm name]>> from at least one of its current owners first." raise xoRETwError(e) else: e = "FAILED, assignment prevented by SSD constraint defined on permission <<$perm>>. <<$role>> or one of its owners (subjects) possesses at least one permission that is defined as mutual exclusive to <<$perm>>." raise xoRETwError(e)
def addTasksToWorkProfile(tasks, name, user): # use profile name as an exact lookup try: profile = WorkProfile.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if profile: for task in tasks: try: obj, created = Task.objects.get_or_create(name__exact=task, user__exact=user) except: e = sys.exc_info()[0] print "<p>Error: %s</p>" % e if created: obj.save() profile.tasks.add(obj) #obj, created = Task.objects.get_or_create(name=task, user=user) #if created: # obj.save() #profile.tasks.add(obj) return 1
def setSSDPermConstraint(perm_name, mutlexcl_name, user): print 'setSSDPermConstraint' if not permAssignedToSameRole(perm_name, mutlexcl_name, user): print 'not permAssignedToSameRole' try: perm_obj = Permission.objects.get(name=perm_name, user=user) except Exception as e: error_message = str(e) raise xoRETwError(e) ssd_constraints = [] if perm_obj.ssd_constraints: ssd_constraints = perm_obj.ssd_constraints.split(',') ssd_constraints.append(mutlexcl_name) perm_obj.ssd_constraints = ",".join(ssd_constraints) perm_obj.save() try: mutlexcl_obj = Permission.objects.get(name=mutlexcl_name, user=user) except Exception as e: error_message = str(e) raise xoRETwError(e) ssd_constraints = [] if mutlexcl_obj.ssd_constraints: ssd_constraints = mutlexcl_obj.ssd_constraints.split(',') ssd_constraints.append(perm_name) mutlexcl_obj.ssd_constraints = ",".join(ssd_constraints) mutlexcl_obj.save() return 1 else: e = "FAILED, at least one role owns both permissions <<$perm>> and <<$mutlexcl>> (directly or transitively). In order to register a mutual exclusion constraint for two permissions they must not be assigned to the same role." raise xoRETwError(e) return 0
def createObstacle(name, type, user): # use obstacle name as an exact lookup try: obj, created = Obstacle.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name,'type':type, 'user':user}) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1
def createProfile(name, user): # use the permission name as an exact lookup try: obj, created = WorkProfile.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user}) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1
def createScenario(name, graph_dot, user): # use scenario name as an exact lookup try: obj, created = Scenario.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'graph':graph_dot, 'user':user}) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1 return 0
def unlinkConditionFromContextConstraint(condition, name, user): # use CC_condition name as an exact lookup try: CC = ContextConstraint.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if CC: obj, created = Condition.objects.get_or_create(name=condition, user=user) if not created: CC.conditions.remove(obj) return 1 return 0
def assignPerm(role_name, perm_name, user): print 'assignPerm' print 'role_name is ', role_name print 'perm_name is ', perm_name if not directlyOwnsPerm(role_name, perm_name, user): print 'not directlyOwnsPerm - True' if not transitivelyOwnsPerm(role_name, perm_name, user): print 'not transitivelyOwnsPerm - True' print 'TRACE 1' # assign permission to this role role_obj = Role.objects.get(name=role_name, user=user) print 'TRACE 2' permissions = [] if role_obj.permissions: print 'AAA' permissions = role_obj.permissions.split(',') print 'BBB' permissions.append(perm_name) role_obj.permissions = ",".join(permissions) role_obj.save() print 'CCC' return 1 else: print 'XXX' return 0 e = "FAILED, permission <<[$permission name]>> is already transitively assigned to <<[my name]>>." raise xoRETwError(e) else: print 'XXX2' return 0 e = "FAILED, permission <<[$permission name]>> is already directly assigned to <<[my name]>>." raise xoRETwError(e)
def createTask(name, user): # use task name as an exact lookup try: obj, created = Task.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user}) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1 return 0
def createContextConstraint(name, user): # use context constraint name as an exact lookup try: obj, created = ContextConstraint.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user}) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1 return 0
def createStep(actor, action, target, user): name = actor + '_' + action + '_' + target # use step name as an exact lookup try: obj, created = Step.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'actor':actor, 'action':action, 'target':target, 'user':user}) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return name, 1 return name, 0
def addDerivedAbstractContextConditionToObjective(abstract_context_condition, objective_name, user): # use objective name as an exact lookup try: objective = Objective.objects.get(name=objective_name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if objective: obj, created = AbstractContextCondition.objects.get_or_create(name=abstract_context_condition, user=user) if created: obj.save() objective.abstract_context_conditions.add(obj) return 1
def createProfile(name, user): # use the permission name as an exact lookup try: obj, created = WorkProfile.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'user': user }) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1
def createObstacle(name, type, user): # use obstacle name as an exact lookup try: obj, created = Obstacle.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'type': type, 'user': user }) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1
def addDerivedAbstractContextConditionToObjective(abstract_context_condition, objective_name, user): # use objective name as an exact lookup try: objective = Objective.objects.get(name=objective_name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if objective: obj, created = AbstractContextCondition.objects.get_or_create( name=abstract_context_condition, user=user) if created: obj.save() objective.abstract_context_conditions.add(obj) return 1
def createPermission(perm_operation, perm_object, user): print '1' name = perm_operation + '_' + perm_object print 'name is ', name print '2' # use the permission name as an exact lookup try: print '3' obj, created = Permission.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user}) print '4' except: e = sys.exc_info()[0] raise xoRETwError(e) print '5' if created: print '6' obj.save() return 1
def createTask(name, user): # use task name as an exact lookup try: obj, created = Task.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'user': user }) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1 return 0
def createScenario(name, graph_dot, user): # use scenario name as an exact lookup try: obj, created = Scenario.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'graph': graph_dot, 'user': user }) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1 return 0
def createContextConstraint(name, user): # use context constraint name as an exact lookup try: obj, created = ContextConstraint.objects.get_or_create( name__exact=name, user__exact=user, defaults={ 'name': name, 'user': user }) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return 1 return 0
def linkConditionToContextConstraint(condition, name, user): # use CC_condition name as an exact lookup print '1' try: print 'name is ', name CC = ContextConstraint.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) print '2' if CC: print '3' obj, created = Condition.objects.get_or_create(name=condition, user=user) print '4' if created: obj.save() print '5' CC.conditions.add(obj) print '6' return 1
def linkContextConstraintsToPerm(ccs, name, user): try: perm = Permission.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if perm: for cc in ccs: try: obj, created = ContextConstraint.objects.get_or_create(name__exact=cc, user__exact=user) except: e = sys.exc_info()[0] print "<p>Error: %s</p>" % e if created: obj.save() perm.context_constraints.add(obj) return 1
def addScenariosToTask(scenarios, name, user): # use task name as an exact lookup try: task = Task.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if task: for scenario in scenarios: try: obj, created = Scenario.objects.get_or_create(name__exact=scenario, user__exact=user) except: e = sys.exc_info()[0] print "<p>Error: %s</p>" % e if created: obj.save() task.scenarios.add(obj) return 1
def linkContextConstraintsToPerm(ccs, name, user): try: perm = Permission.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if perm: for cc in ccs: try: obj, created = ContextConstraint.objects.get_or_create( name__exact=cc, user__exact=user) except: e = sys.exc_info()[0] print "<p>Error: %s</p>" % e if created: obj.save() perm.context_constraints.add(obj) return 1
def addScenariosToTask(scenarios, name, user): # use task name as an exact lookup try: task = Task.objects.get(name=name, user=user) except: e = sys.exc_info()[0] raise xoRETwError(e) if task: for scenario in scenarios: try: obj, created = Scenario.objects.get_or_create( name__exact=scenario, user__exact=user) except: e = sys.exc_info()[0] print "<p>Error: %s</p>" % e if created: obj.save() task.scenarios.add(obj) return 1
def createPermission(perm_operation, perm_object, user): print '1' name = perm_operation + '_' + perm_object print 'name is ', name print '2' # use the permission name as an exact lookup try: print '3' obj, created = Permission.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'user': user }) print '4' except: e = sys.exc_info()[0] raise xoRETwError(e) print '5' if created: print '6' obj.save() return 1
def createStep(actor, action, target, user): name = actor + '_' + action + '_' + target # use step name as an exact lookup try: obj, created = Step.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'actor': actor, 'action': action, 'target': target, 'user': user }) except: e = sys.exc_info()[0] raise xoRETwError(e) if created: obj.save() return name, 1 return name, 0
def createRole(name, junior_roles, senior_roles, user): print '1' if junior_roles: # now check if two or more of the intended juniorRoles are defined as # mutual exclusive or own mutual exclusive permissions for r1 in junior_roles: for r2 in junior_roles: if r1 != r2: print 'r1 is ', r1 print 'r2 is ', r2 if isStaticallyMutualExclusive(r1, r2, user): e = "Error: at least two of the intended junior-roles of " + name + " are mutual exclusive." + r1 + " and " + r2 + " are mutually exclusive or own permissions that are mutual exclusive." raise xoRETwError(e) print '------2------' if junior_roles and senior_roles: for sr in senior_roles: for jr in junior_roles: if not ssdConstraintsAllowSeniorRole(jr, sr, user): e = "FAILED, " + jr + " and " + sr + " are statically mutual exclusive. Therefore, " + sr + " cannot be defined as (transitive) senior-role of " + jr + ". Creation of role " + name + " failed." raise xoRETwError(e) print '------3------' # create the new role try: role_obj, created = Role.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user}) except Exception as e: error_message = str(e) raise xoRETwError(error_message) if created: role_obj.save() print '------4------' # save junior roles to this role junior = [] if junior_roles: for jr in junior_roles: obj, created = Role.objects.get_or_create(name=jr, user=user) if created: obj.save() junior.append(jr) print 'junior is ', junior role_obj.junior_roles = ",".join(junior) role_obj.save() # save senior_roles to this role senior = [] print 'senior_roles is ', senior_roles if senior_roles: for sr in senior_roles: print 'sr is ', sr obj, created = Role.objects.get_or_create(name=sr, user=user) if created: print 'created - senior' obj.save() senior.append(sr) print '1 senior is ', senior s = ",".join(senior) print 's is ', s role_obj.senior_roles = s role_obj.save() # remove all redundant superclass-relations # my updateRoleHierarchy return 1
def createRole(name, junior_roles, senior_roles, user): print '1' if junior_roles: # now check if two or more of the intended juniorRoles are defined as # mutual exclusive or own mutual exclusive permissions for r1 in junior_roles: for r2 in junior_roles: if r1 != r2: print 'r1 is ', r1 print 'r2 is ', r2 if isStaticallyMutualExclusive(r1, r2, user): e = "Error: at least two of the intended junior-roles of " + name + " are mutual exclusive." + r1 + " and " + r2 + " are mutually exclusive or own permissions that are mutual exclusive." raise xoRETwError(e) print '------2------' if junior_roles and senior_roles: for sr in senior_roles: for jr in junior_roles: if not ssdConstraintsAllowSeniorRole(jr, sr, user): e = "FAILED, " + jr + " and " + sr + " are statically mutual exclusive. Therefore, " + sr + " cannot be defined as (transitive) senior-role of " + jr + ". Creation of role " + name + " failed." raise xoRETwError(e) print '------3------' # create the new role try: role_obj, created = Role.objects.get_or_create(name__exact=name, user__exact=user, defaults={ 'name': name, 'user': user }) except Exception as e: error_message = str(e) raise xoRETwError(error_message) if created: role_obj.save() print '------4------' # save junior roles to this role junior = [] if junior_roles: for jr in junior_roles: obj, created = Role.objects.get_or_create(name=jr, user=user) if created: obj.save() junior.append(jr) print 'junior is ', junior role_obj.junior_roles = ",".join(junior) role_obj.save() # save senior_roles to this role senior = [] print 'senior_roles is ', senior_roles if senior_roles: for sr in senior_roles: print 'sr is ', sr obj, created = Role.objects.get_or_create(name=sr, user=user) if created: print 'created - senior' obj.save() senior.append(sr) print '1 senior is ', senior s = ",".join(senior) print 's is ', s role_obj.senior_roles = s role_obj.save() # remove all redundant superclass-relations # my updateRoleHierarchy return 1