def _get_policy(self, key):
pid = self.redis.uget(key)
policy = Policy()
if not pid:
return policy
for constraint in Policy.attributes:
if constraint == 'owner':
policy.owner = self.redis.uget('pid:%s:owner' % pid)
if policy.owner == '':
policy.owner = None
else:
key = 'pid:%s:%s' % (pid, constraint)
values = self.redis.smembers(key)
setattr(policy, constraint, [value.decode(
self.redis.encoding) for value in values])
return policy
def _map_policy(self, spolicy):
policy = Policy()
policy.owner = spolicy.owner
for field in Policy.attributes:
if field == 'owner':
continue
setattr(policy, field, self._map_policy_rule(getattr(spolicy, field)))
return policy
def test_policy_equal():
policy1 = Policy()
policy2 = Policy()
policy1.owner = 'frank'
policy1.read = ['cow', 'moo']
policy2.owner = 'frank'
policy2.read = ['cow', 'moo']
assert policy1 == policy2
policy2.read = ['cow', 'noo']
assert policy1 != policy2
policy2.read = ['cow', 'moo']
policy2.owner = 'sam'
assert policy1 != policy2
def _map_policy(self, spolicy):
policy = Policy()
policy.owner = spolicy.owner
for field in Policy.attributes:
if field == 'owner':
continue
setattr(policy, field,
self._map_policy_rule(getattr(spolicy, field)))
return policy
def test_policy_equal():
policy1 = Policy()
policy2 = Policy()
policy1.owner = 'frank'
policy1.read = ['cow', 'moo']
policy2.owner = 'frank'
policy2.read = ['cow', 'moo']
assert policy1 == policy2
policy2.read = ['cow', 'noo']
assert policy1 != policy2
policy2.read = ['cow', 'moo']
policy2.owner = 'sam'
assert policy1 != policy2
def _make_policy(member):
"""
Make a new private policy with the named member.
"""
policy = Policy()
policy.owner = member
for constraint in ('read', 'write', 'create', 'delete', 'manage'):
setattr(policy, constraint, [member])
policy.accept = ['NONE']
return policy
def _make_policy(member):
"""
Make a new private policy with the named member.
"""
policy = Policy()
policy.owner = member
for constraint in ('read', 'write', 'create', 'delete', 'manage'):
setattr(policy, constraint, [member])
policy.accept = ['NONE']
return policy
def _load_policy(self, spolicy):
policy = Policy()
for pol in spolicy:
principal_name = pol.principal_name
if pol.principal_type == 'R':
principal_name = 'R:%s' % principal_name
if pol.constraint == 'owner':
policy.owner = principal_name
else:
principals = getattr(policy, pol.constraint, [])
principals.append(principal_name)
setattr(policy, pol.constraint, principals)
return policy
def _load_policy(self, spolicy):
policy = Policy()
if spolicy is not None:
for pol in spolicy:
principal_name = pol.principal_name
if pol.principal_type == 'R':
principal_name = 'R:%s' % pol.principal_name
if pol.type == 'owner':
policy.owner = principal_name
else:
principals = getattr(policy, pol.type, [])
principals.append(principal_name)
setattr(policy, pol.type, principals)
return policy
def _load_policy(self, spolicy):
policy = Policy()
if spolicy is not None:
for pol in spolicy:
principal_name = pol.principal_name
if pol.principal_type == 'R':
principal_name = 'R:%s' % pol.principal_name
if pol.type == 'owner':
policy.owner = principal_name
else:
principals = getattr(policy, pol.type, [])
principals.append(principal_name)
setattr(policy, pol.type, principals)
return policy
def remove_from_policy(user_to_remove, policy):
"""
remove the user from the policy. Manage should already have been checked
ignore the owner section, so that if the owner is removed
they can add themselves back in.
NB - that will require extra code somewhere
"""
new_policy = Policy()
for attr, values in policy.__dict__.iteritems():
if attr != 'owner' and user_to_remove.usersign in getattr(policy, attr):
setattr(new_policy, attr, getattr(policy, attr))
getattr(new_policy, attr).remove(user_to_remove.usersign)
else:
setattr(new_policy, attr, getattr(policy, attr))
new_policy.owner = policy.owner
return new_policy
def test_reuse_policy_object():
"""
Explicitly test a bug fix in policy handling wherein the owner
field could get transformed into (and stay) a list thus ruining
second use. Not that second use is encourage, but it could happen.
"""
policy = Policy()
policy.owner = u"campy"
bag = Bag("policytest1")
bag.policy = policy
store.put(bag)
bag = Bag("policytest2")
bag.policy = policy
store.put(bag)
bag1 = store.get(Bag("policytest1"))
bag2 = store.get(Bag("policytest2"))
assert bag1.policy.owner == "campy"
assert bag2.policy.owner == "campy"
assert bag1.policy.owner == bag2.policy.owner
def test_reuse_policy_object():
"""
Explicitly test a bug fix in policy handling wherein the owner
field could get transformed into (and stay) a list thus ruining
second use. Not that second use is encourage, but it could happen.
"""
policy = Policy()
policy.owner = u'campy'
bag = Bag('policytest1')
bag.policy = policy
STORE.put(bag)
bag = Bag('policytest2')
bag.policy = policy
STORE.put(bag)
bag1 = STORE.get(Bag('policytest1'))
bag2 = STORE.get(Bag('policytest2'))
assert bag1.policy.owner == 'campy'
assert bag2.policy.owner == 'campy'
assert bag1.policy.owner == bag2.policy.owner
