Пример #1
0
def check_perm(perm, AAs_pro, uuid=None, ovr=False):

    # Lookup ACS
    if perm.startswith(_PERM_PRE_SRV):
        ou = db.custos_srv(uuid)
    elif perm.startswith(_PERM_PRE_GRP):
        ou = db.custos_grp(uuid)
    elif perm.startswith(_PERM_PRE_OBJ):
        ou = db.custos_obj(uuid)
    else:
        raise Exception("Unknown permission prefix")

    acs = ou.get_ACS()
    if acs is None:
        raise Exception("No ACS returned")

    print("acs = {:s}".format(acs))
    print("perm = {:s}".format(perm))

    # Lookup ACC
    acc = acs[perm]

    # Check ACC
    # TODO Provide smarter mutli-chain checking
    for chain in acc:

        AAs_req = [ db.get_attr_val(aa) for aa in chain ]
        AAs_out = check_AAs(AAs_req, AAs_pro)
        if AAs_out is None:
            raise Exception("No attributes returned")

        # Derive Pass/Fail
        stats = set([ aa[u'Status'] for aa in AAs_out ])
        if ((_ATTR_STATUS_DENIED in stats) or
            (_ATTR_STATUS_REQUIRED in stats)):
            success = False
        else:
            success = True
            break

    return (success, AAs_out)
Пример #2
0
def obj_list(grp_uuid):

    grp = db.custos_grp(grp_uuid)
    obj_uuids = grp.list_objs()
    return [{STANZA_OBJS_UUID: obj_uuid} for obj_uuid in obj_uuids]