def setSSDRoleConstraint(role_name, mutlexcl_name, user):
if role_name != mutlexcl_name:
if not possessCommonSeniorRole(role_name, mutlexcl_name, user):
juniorRoles = getAllJuniorRoles(role_name, user)
seniorRoles = getAllSeniorRoles(role_name, user)
if mutlexcl_name not in seniorRoles:
if mutlexcl_name not in juniorRoles:
success = setSSDConstraint(role_name, mutlexcl_name, user)
if success:
setSSDConstraint(mutlexcl_name, role_name, user)
return success
else:
e = "FAILED, role <<$role>> cannot be mutual exclusive to its junior-role <<$mutlexcl>>."
raise xoRETwError(e)
else:
e = "FAILED, role <<$role>> cannot be mutual exclusive to its senior-role <<$mutlexcl>>"
raise xoRETwError(e)
else:
e = "FAILED, <<$role>> and <<$mutlexcl>> possess a common senior-role."
raise xoRETwError(e)
else:
e = "FAILED, a role cannot be mutual exclusive to itself."
raise xoRETwError(e)
return 0
def setSSDConstraint(role_name, mutlexcl_name, user):
print 'setSSDConstraint'
print 'role_name is ', role_name
print 'mutlexcl_name is ', mutlexcl_name
if not hasSSDRoleConstraintTo(role_name, mutlexcl_name, user):
print 'not hasSSDRoleConstraintTo'
try:
role_obj = Role.objects.get(name=role_name, user=user)
except Exception as e:
error_message = str(e)
raise xoRETwError(e)
ssd_constraints = []
if role_obj.ssd_constraints:
ssd_constraints = role_obj.ssd_constraints.split(',')
ssd_constraints.append(mutlexcl_name)
role_obj.ssd_constraints = ",".join(ssd_constraints)
role_obj.save()
return 1
else:
e = "INFO, role: <<$role>> is already (statically) mutual exclusive to <<[self]>>. Note that SSD Constraints are inherited via a role-hierarchy."
raise xoRETwError(e)
return 0
def setSSDRoleConstraint(role_name, mutlexcl_name, user):
if role_name != mutlexcl_name:
if not possessCommonSeniorRole(role_name, mutlexcl_name, user):
juniorRoles = getAllJuniorRoles(role_name, user)
seniorRoles = getAllSeniorRoles(role_name, user)
if mutlexcl_name not in seniorRoles:
if mutlexcl_name not in juniorRoles:
success = setSSDConstraint(role_name, mutlexcl_name, user)
if success:
setSSDConstraint(mutlexcl_name, role_name, user)
return success
else:
e = "FAILED, role <<$role>> cannot be mutual exclusive to its junior-role <<$mutlexcl>>."
raise xoRETwError(e)
else:
e = "FAILED, role <<$role>> cannot be mutual exclusive to its senior-role <<$mutlexcl>>"
raise xoRETwError(e)
else:
e = "FAILED, <<$role>> and <<$mutlexcl>> possess a common senior-role."
raise xoRETwError(e)
else:
e = "FAILED, a role cannot be mutual exclusive to itself."
raise xoRETwError(e)
return 0
def setSSDConstraint(role_name, mutlexcl_name, user):
print 'setSSDConstraint'
print 'role_name is ', role_name
print 'mutlexcl_name is ', mutlexcl_name
if not hasSSDRoleConstraintTo(role_name, mutlexcl_name, user):
print 'not hasSSDRoleConstraintTo'
try:
role_obj = Role.objects.get(name=role_name, user=user)
except Exception as e:
error_message = str(e)
raise xoRETwError(e)
ssd_constraints = []
if role_obj.ssd_constraints:
ssd_constraints = role_obj.ssd_constraints.split(',')
ssd_constraints.append(mutlexcl_name)
role_obj.ssd_constraints = ",".join(ssd_constraints)
role_obj.save()
return 1
else:
e = "INFO, role: <<$role>> is already (statically) mutual exclusive to <<[self]>>. Note that SSD Constraints are inherited via a role-hierarchy."
raise xoRETwError(e)
return 0
def permRoleAssign(perm_name, role_name, user):
print 'permRoleAssign'
print 'perm_name: ', perm_name
if ssdPermConstraintAllowPRA(perm_name, role_name, user):
print 'RRR'
if permMaxCardinalityAllowAssignment(perm_name, user):
success = assignPerm(role_name, perm_name, user)
if success:
incrPermOwnerQuantity(perm_name, user)
return success
else:
e = "FAILED, the permission maximum owner cardinality of <<[$perm name]>> is already reached. In order to assign permission <<[$perm name]>> to role: <<[$role name]>> you have to revoke <<[$perm name]>> from at least one of its current owners first."
raise xoRETwError(e)
else:
e = "FAILED, assignment prevented by SSD constraint defined on permission <<$perm>>. <<$role>> or one of its owners (subjects) possesses at least one permission that is defined as mutual exclusive to <<$perm>>."
raise xoRETwError(e)
def permRoleAssign(perm_name, role_name, user):
print 'permRoleAssign'
print 'perm_name: ', perm_name
if ssdPermConstraintAllowPRA(perm_name, role_name, user):
print 'RRR'
if permMaxCardinalityAllowAssignment(perm_name, user):
success = assignPerm(role_name, perm_name, user)
if success:
incrPermOwnerQuantity(perm_name, user)
return success
else:
e = "FAILED, the permission maximum owner cardinality of <<[$perm name]>> is already reached. In order to assign permission <<[$perm name]>> to role: <<[$role name]>> you have to revoke <<[$perm name]>> from at least one of its current owners first."
raise xoRETwError(e)
else:
e = "FAILED, assignment prevented by SSD constraint defined on permission <<$perm>>. <<$role>> or one of its owners (subjects) possesses at least one permission that is defined as mutual exclusive to <<$perm>>."
raise xoRETwError(e)
def addTasksToWorkProfile(tasks, name, user):
# use profile name as an exact lookup
try:
profile = WorkProfile.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if profile:
for task in tasks:
try:
obj, created = Task.objects.get_or_create(name__exact=task, user__exact=user)
except:
e = sys.exc_info()[0]
print "<p>Error: %s</p>" % e
if created:
obj.save()
profile.tasks.add(obj)
#obj, created = Task.objects.get_or_create(name=task, user=user)
#if created:
# obj.save()
#profile.tasks.add(obj)
return 1
def addTasksToWorkProfile(tasks, name, user):
# use profile name as an exact lookup
try:
profile = WorkProfile.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if profile:
for task in tasks:
try:
obj, created = Task.objects.get_or_create(name__exact=task,
user__exact=user)
except:
e = sys.exc_info()[0]
print "<p>Error: %s</p>" % e
if created:
obj.save()
profile.tasks.add(obj)
#obj, created = Task.objects.get_or_create(name=task, user=user)
#if created:
# obj.save()
#profile.tasks.add(obj)
return 1
def setSSDPermConstraint(perm_name, mutlexcl_name, user):
print 'setSSDPermConstraint'
if not permAssignedToSameRole(perm_name, mutlexcl_name, user):
print 'not permAssignedToSameRole'
try:
perm_obj = Permission.objects.get(name=perm_name, user=user)
except Exception as e:
error_message = str(e)
raise xoRETwError(e)
ssd_constraints = []
if perm_obj.ssd_constraints:
ssd_constraints = perm_obj.ssd_constraints.split(',')
ssd_constraints.append(mutlexcl_name)
perm_obj.ssd_constraints = ",".join(ssd_constraints)
perm_obj.save()
try:
mutlexcl_obj = Permission.objects.get(name=mutlexcl_name,
user=user)
except Exception as e:
error_message = str(e)
raise xoRETwError(e)
ssd_constraints = []
if mutlexcl_obj.ssd_constraints:
ssd_constraints = mutlexcl_obj.ssd_constraints.split(',')
ssd_constraints.append(perm_name)
mutlexcl_obj.ssd_constraints = ",".join(ssd_constraints)
mutlexcl_obj.save()
return 1
else:
e = "FAILED, at least one role owns both permissions <<$perm>> and <<$mutlexcl>> (directly or transitively). In order to register a mutual exclusion constraint for two permissions they must not be assigned to the same role."
raise xoRETwError(e)
return 0
def createObstacle(name, type, user):
# use obstacle name as an exact lookup
try:
obj, created = Obstacle.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name,'type':type, 'user':user})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
def setSSDPermConstraint(perm_name, mutlexcl_name, user):
print 'setSSDPermConstraint'
if not permAssignedToSameRole(perm_name, mutlexcl_name, user):
print 'not permAssignedToSameRole'
try:
perm_obj = Permission.objects.get(name=perm_name, user=user)
except Exception as e:
error_message = str(e)
raise xoRETwError(e)
ssd_constraints = []
if perm_obj.ssd_constraints:
ssd_constraints = perm_obj.ssd_constraints.split(',')
ssd_constraints.append(mutlexcl_name)
perm_obj.ssd_constraints = ",".join(ssd_constraints)
perm_obj.save()
try:
mutlexcl_obj = Permission.objects.get(name=mutlexcl_name, user=user)
except Exception as e:
error_message = str(e)
raise xoRETwError(e)
ssd_constraints = []
if mutlexcl_obj.ssd_constraints:
ssd_constraints = mutlexcl_obj.ssd_constraints.split(',')
ssd_constraints.append(perm_name)
mutlexcl_obj.ssd_constraints = ",".join(ssd_constraints)
mutlexcl_obj.save()
return 1
else:
e = "FAILED, at least one role owns both permissions <<$perm>> and <<$mutlexcl>> (directly or transitively). In order to register a mutual exclusion constraint for two permissions they must not be assigned to the same role."
raise xoRETwError(e)
return 0
def createProfile(name, user):
# use the permission name as an exact lookup
try:
obj, created = WorkProfile.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
def createScenario(name, graph_dot, user):
# use scenario name as an exact lookup
try:
obj, created = Scenario.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'graph':graph_dot, 'user':user})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
return 0
def unlinkConditionFromContextConstraint(condition, name, user):
# use CC_condition name as an exact lookup
try:
CC = ContextConstraint.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if CC:
obj, created = Condition.objects.get_or_create(name=condition, user=user)
if not created:
CC.conditions.remove(obj)
return 1
return 0
def assignPerm(role_name, perm_name, user):
print 'assignPerm'
print 'role_name is ', role_name
print 'perm_name is ', perm_name
if not directlyOwnsPerm(role_name, perm_name, user):
print 'not directlyOwnsPerm - True'
if not transitivelyOwnsPerm(role_name, perm_name, user):
print 'not transitivelyOwnsPerm - True'
print 'TRACE 1'
# assign permission to this role
role_obj = Role.objects.get(name=role_name, user=user)
print 'TRACE 2'
permissions = []
if role_obj.permissions:
print 'AAA'
permissions = role_obj.permissions.split(',')
print 'BBB'
permissions.append(perm_name)
role_obj.permissions = ",".join(permissions)
role_obj.save()
print 'CCC'
return 1
else:
print 'XXX'
return 0
e = "FAILED, permission <<[$permission name]>> is already transitively assigned to <<[my name]>>."
raise xoRETwError(e)
else:
print 'XXX2'
return 0
e = "FAILED, permission <<[$permission name]>> is already directly assigned to <<[my name]>>."
raise xoRETwError(e)
def assignPerm(role_name, perm_name, user):
print 'assignPerm'
print 'role_name is ', role_name
print 'perm_name is ', perm_name
if not directlyOwnsPerm(role_name, perm_name, user):
print 'not directlyOwnsPerm - True'
if not transitivelyOwnsPerm(role_name, perm_name, user):
print 'not transitivelyOwnsPerm - True'
print 'TRACE 1'
# assign permission to this role
role_obj = Role.objects.get(name=role_name, user=user)
print 'TRACE 2'
permissions = []
if role_obj.permissions:
print 'AAA'
permissions = role_obj.permissions.split(',')
print 'BBB'
permissions.append(perm_name)
role_obj.permissions = ",".join(permissions)
role_obj.save()
print 'CCC'
return 1
else:
print 'XXX'
return 0
e = "FAILED, permission <<[$permission name]>> is already transitively assigned to <<[my name]>>."
raise xoRETwError(e)
else:
print 'XXX2'
return 0
e = "FAILED, permission <<[$permission name]>> is already directly assigned to <<[my name]>>."
raise xoRETwError(e)
def createTask(name, user):
# use task name as an exact lookup
try:
obj, created = Task.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
return 0
def createContextConstraint(name, user):
# use context constraint name as an exact lookup
try:
obj, created = ContextConstraint.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
return 0
def unlinkConditionFromContextConstraint(condition, name, user):
# use CC_condition name as an exact lookup
try:
CC = ContextConstraint.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if CC:
obj, created = Condition.objects.get_or_create(name=condition,
user=user)
if not created:
CC.conditions.remove(obj)
return 1
return 0
def createStep(actor, action, target, user):
name = actor + '_' + action + '_' + target
# use step name as an exact lookup
try:
obj, created = Step.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'actor':actor, 'action':action, 'target':target, 'user':user})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return name, 1
return name, 0
def addDerivedAbstractContextConditionToObjective(abstract_context_condition, objective_name, user):
# use objective name as an exact lookup
try:
objective = Objective.objects.get(name=objective_name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if objective:
obj, created = AbstractContextCondition.objects.get_or_create(name=abstract_context_condition, user=user)
if created:
obj.save()
objective.abstract_context_conditions.add(obj)
return 1
def createProfile(name, user):
# use the permission name as an exact lookup
try:
obj, created = WorkProfile.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'user': user
})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
def createObstacle(name, type, user):
# use obstacle name as an exact lookup
try:
obj, created = Obstacle.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'type': type,
'user': user
})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
def addDerivedAbstractContextConditionToObjective(abstract_context_condition,
objective_name, user):
# use objective name as an exact lookup
try:
objective = Objective.objects.get(name=objective_name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if objective:
obj, created = AbstractContextCondition.objects.get_or_create(
name=abstract_context_condition, user=user)
if created:
obj.save()
objective.abstract_context_conditions.add(obj)
return 1
def createPermission(perm_operation, perm_object, user):
print '1'
name = perm_operation + '_' + perm_object
print 'name is ', name
print '2'
# use the permission name as an exact lookup
try:
print '3'
obj, created = Permission.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user})
print '4'
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
print '5'
if created:
print '6'
obj.save()
return 1
def createTask(name, user):
# use task name as an exact lookup
try:
obj, created = Task.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'user': user
})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
return 0
def createScenario(name, graph_dot, user):
# use scenario name as an exact lookup
try:
obj, created = Scenario.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'graph': graph_dot,
'user': user
})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
return 0
def createContextConstraint(name, user):
# use context constraint name as an exact lookup
try:
obj, created = ContextConstraint.objects.get_or_create(
name__exact=name,
user__exact=user,
defaults={
'name': name,
'user': user
})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return 1
return 0
def linkConditionToContextConstraint(condition, name, user):
# use CC_condition name as an exact lookup
print '1'
try:
print 'name is ', name
CC = ContextConstraint.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
print '2'
if CC:
print '3'
obj, created = Condition.objects.get_or_create(name=condition, user=user)
print '4'
if created:
obj.save()
print '5'
CC.conditions.add(obj)
print '6'
return 1
def linkConditionToContextConstraint(condition, name, user):
# use CC_condition name as an exact lookup
print '1'
try:
print 'name is ', name
CC = ContextConstraint.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
print '2'
if CC:
print '3'
obj, created = Condition.objects.get_or_create(name=condition,
user=user)
print '4'
if created:
obj.save()
print '5'
CC.conditions.add(obj)
print '6'
return 1
def linkContextConstraintsToPerm(ccs, name, user):
try:
perm = Permission.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if perm:
for cc in ccs:
try:
obj, created = ContextConstraint.objects.get_or_create(name__exact=cc, user__exact=user)
except:
e = sys.exc_info()[0]
print "<p>Error: %s</p>" % e
if created:
obj.save()
perm.context_constraints.add(obj)
return 1
def addScenariosToTask(scenarios, name, user):
# use task name as an exact lookup
try:
task = Task.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if task:
for scenario in scenarios:
try:
obj, created = Scenario.objects.get_or_create(name__exact=scenario, user__exact=user)
except:
e = sys.exc_info()[0]
print "<p>Error: %s</p>" % e
if created:
obj.save()
task.scenarios.add(obj)
return 1
def linkContextConstraintsToPerm(ccs, name, user):
try:
perm = Permission.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if perm:
for cc in ccs:
try:
obj, created = ContextConstraint.objects.get_or_create(
name__exact=cc, user__exact=user)
except:
e = sys.exc_info()[0]
print "<p>Error: %s</p>" % e
if created:
obj.save()
perm.context_constraints.add(obj)
return 1
def addScenariosToTask(scenarios, name, user):
# use task name as an exact lookup
try:
task = Task.objects.get(name=name, user=user)
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if task:
for scenario in scenarios:
try:
obj, created = Scenario.objects.get_or_create(
name__exact=scenario, user__exact=user)
except:
e = sys.exc_info()[0]
print "<p>Error: %s</p>" % e
if created:
obj.save()
task.scenarios.add(obj)
return 1
def createPermission(perm_operation, perm_object, user):
print '1'
name = perm_operation + '_' + perm_object
print 'name is ', name
print '2'
# use the permission name as an exact lookup
try:
print '3'
obj, created = Permission.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'user': user
})
print '4'
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
print '5'
if created:
print '6'
obj.save()
return 1
def createStep(actor, action, target, user):
name = actor + '_' + action + '_' + target
# use step name as an exact lookup
try:
obj, created = Step.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'actor': actor,
'action': action,
'target': target,
'user': user
})
except:
e = sys.exc_info()[0]
raise xoRETwError(e)
if created:
obj.save()
return name, 1
return name, 0
def createRole(name, junior_roles, senior_roles, user):
print '1'
if junior_roles:
# now check if two or more of the intended juniorRoles are defined as
# mutual exclusive or own mutual exclusive permissions
for r1 in junior_roles:
for r2 in junior_roles:
if r1 != r2:
print 'r1 is ', r1
print 'r2 is ', r2
if isStaticallyMutualExclusive(r1, r2, user):
e = "Error: at least two of the intended junior-roles of " + name + " are mutual exclusive." + r1 + " and " + r2 + " are mutually exclusive or own permissions that are mutual exclusive."
raise xoRETwError(e)
print '------2------'
if junior_roles and senior_roles:
for sr in senior_roles:
for jr in junior_roles:
if not ssdConstraintsAllowSeniorRole(jr, sr, user):
e = "FAILED, " + jr + " and " + sr + " are statically mutual exclusive. Therefore, " + sr + " cannot be defined as (transitive) senior-role of " + jr + ". Creation of role " + name + " failed."
raise xoRETwError(e)
print '------3------'
# create the new role
try:
role_obj, created = Role.objects.get_or_create(name__exact=name, user__exact=user, defaults={'name':name, 'user':user})
except Exception as e:
error_message = str(e)
raise xoRETwError(error_message)
if created:
role_obj.save()
print '------4------'
# save junior roles to this role
junior = []
if junior_roles:
for jr in junior_roles:
obj, created = Role.objects.get_or_create(name=jr, user=user)
if created:
obj.save()
junior.append(jr)
print 'junior is ', junior
role_obj.junior_roles = ",".join(junior)
role_obj.save()
# save senior_roles to this role
senior = []
print 'senior_roles is ', senior_roles
if senior_roles:
for sr in senior_roles:
print 'sr is ', sr
obj, created = Role.objects.get_or_create(name=sr, user=user)
if created:
print 'created - senior'
obj.save()
senior.append(sr)
print '1 senior is ', senior
s = ",".join(senior)
print 's is ', s
role_obj.senior_roles = s
role_obj.save()
# remove all redundant superclass-relations
# my updateRoleHierarchy
return 1
def createRole(name, junior_roles, senior_roles, user):
print '1'
if junior_roles:
# now check if two or more of the intended juniorRoles are defined as
# mutual exclusive or own mutual exclusive permissions
for r1 in junior_roles:
for r2 in junior_roles:
if r1 != r2:
print 'r1 is ', r1
print 'r2 is ', r2
if isStaticallyMutualExclusive(r1, r2, user):
e = "Error: at least two of the intended junior-roles of " + name + " are mutual exclusive." + r1 + " and " + r2 + " are mutually exclusive or own permissions that are mutual exclusive."
raise xoRETwError(e)
print '------2------'
if junior_roles and senior_roles:
for sr in senior_roles:
for jr in junior_roles:
if not ssdConstraintsAllowSeniorRole(jr, sr, user):
e = "FAILED, " + jr + " and " + sr + " are statically mutual exclusive. Therefore, " + sr + " cannot be defined as (transitive) senior-role of " + jr + ". Creation of role " + name + " failed."
raise xoRETwError(e)
print '------3------'
# create the new role
try:
role_obj, created = Role.objects.get_or_create(name__exact=name,
user__exact=user,
defaults={
'name': name,
'user': user
})
except Exception as e:
error_message = str(e)
raise xoRETwError(error_message)
if created:
role_obj.save()
print '------4------'
# save junior roles to this role
junior = []
if junior_roles:
for jr in junior_roles:
obj, created = Role.objects.get_or_create(name=jr, user=user)
if created:
obj.save()
junior.append(jr)
print 'junior is ', junior
role_obj.junior_roles = ",".join(junior)
role_obj.save()
# save senior_roles to this role
senior = []
print 'senior_roles is ', senior_roles
if senior_roles:
for sr in senior_roles:
print 'sr is ', sr
obj, created = Role.objects.get_or_create(name=sr, user=user)
if created:
print 'created - senior'
obj.save()
senior.append(sr)
print '1 senior is ', senior
s = ",".join(senior)
print 's is ', s
role_obj.senior_roles = s
role_obj.save()
# remove all redundant superclass-relations
# my updateRoleHierarchy
return 1