def check_perm(perm, AAs_pro, uuid=None, ovr=False):
# Lookup ACS
if perm.startswith(_PERM_PRE_SRV):
ou = db.custos_srv(uuid)
elif perm.startswith(_PERM_PRE_GRP):
ou = db.custos_grp(uuid)
elif perm.startswith(_PERM_PRE_OBJ):
ou = db.custos_obj(uuid)
else:
raise Exception("Unknown permission prefix")
acs = ou.get_ACS()
if acs is None:
raise Exception("No ACS returned")
print("acs = {:s}".format(acs))
print("perm = {:s}".format(perm))
# Lookup ACC
acc = acs[perm]
# Check ACC
# TODO Provide smarter mutli-chain checking
for chain in acc:
AAs_req = [ db.get_attr_val(aa) for aa in chain ]
AAs_out = check_AAs(AAs_req, AAs_pro)
if AAs_out is None:
raise Exception("No attributes returned")
# Derive Pass/Fail
stats = set([ aa[u'Status'] for aa in AAs_out ])
if ((_ATTR_STATUS_DENIED in stats) or
(_ATTR_STATUS_REQUIRED in stats)):
success = False
else:
success = True
break
return (success, AAs_out)
def obj_list(grp_uuid):
grp = db.custos_grp(grp_uuid)
obj_uuids = grp.list_objs()
return [{STANZA_OBJS_UUID: obj_uuid} for obj_uuid in obj_uuids]