def process_role(args):
role = load_entity(Role(), args)
print(args.entity + ' ' + args.operation)
if not args.name:
print("error --name required for entity role")
return False
elif args.operation == ADD:
constraint = load_entity(Constraint(), args)
role.constraint = constraint
admin.add_role(role)
elif args.operation == UPDATE:
constraint = load_entity(Constraint(), args)
role.constraint = constraint
admin.update_role(role)
elif args.operation == DELETE:
admin.delete_role(role)
elif args.operation == READ:
print_role(review.read_role(role), role.name)
pass
elif args.operation == SEARCH:
role.name += '*'
roles = review.find_roles(role)
if len(roles) > 0:
for idx, rle in enumerate(roles):
print_role(rle, role.name + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' + role.name)
else:
print('process_role failed, invalid operation=' + args.operation)
return False
return True
def process_object(args):
pobject = load_entity(PermObj(), args)
print(args.entity + ' ' + args.operation)
if not args.obj_name:
print("error --obj_name required for entity object")
return False
elif args.operation == ADD:
admin.add_object(pobject)
elif args.operation == UPDATE:
admin.update_object(pobject)
elif args.operation == DELETE:
admin.delete_object(pobject)
elif args.operation == READ:
print_entity(review.read_object(pobject), pobject.obj_name)
pass
elif args.operation == SEARCH:
pobject.obj_name += '*'
objs = review.find_objects(pobject)
if len(objs) > 0:
for idx, obj in enumerate(objs):
print_entity(obj, pobject.obj_name + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' +
pobject.obj_name)
else:
print('process_object failed, invalid operation=' + args.operation)
return False
return True
def process_user(args):
user = load_entity(User(), args)
print(args.entity + ' ' + args.operation)
if not args.uid:
print("error --uid required for entity user")
return False
elif args.operation == ADD:
if not args.name:
args.name = args.uid
constraint = load_entity(Constraint(), args)
user.constraint = constraint
admin.add_user(user)
elif args.operation == UPDATE:
if args.name is not None:
constraint = load_entity(Constraint(), args)
user.constraint = constraint
admin.update_user(user)
elif args.operation == DELETE:
admin.delete_user(user)
elif args.operation == ASSIGN:
role_nm = args.role
print('role=' + role_nm)
admin.assign(user, Role(name=role_nm))
elif args.operation == DEASSIGN:
role_nm = args.role
print('role name=' + role_nm)
admin.deassign(user, Role(name=role_nm))
elif args.operation == READ:
print_user(review.read_user(user), user.uid)
pass
elif args.operation == SEARCH:
user.uid += '*'
users = review.find_users(user)
if len(users) > 0:
for idx, usr in enumerate(users):
print_user(usr, user.uid + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' + user.uid)
else:
print('process_user failed, invalid operation=' + args.operation)
return False
return True
def process_perm(args):
perm = load_entity(Perm(), args)
print(args.entity + ' ' + args.operation)
if args.operation == ADD:
admin.add_perm(perm)
elif args.operation == UPDATE:
admin.update_perm(perm)
elif args.operation == DELETE:
admin.delete_perm(perm)
elif args.operation == GRANT:
role_nm = args.role
print('role=' + role_nm)
admin.grant(perm, Role(name=role_nm))
elif args.operation == REVOKE:
role_nm = args.role
print('role=' + role_nm)
admin.revoke(perm, Role(name=role_nm))
elif args.operation == READ:
print_entity(review.read_perm(perm),
perm.obj_name + '.' + perm.op_name)
pass
elif args.operation == SEARCH:
role_nm = args.role
userid = args.uid
prms = []
label = ''
if userid:
label = userid
prms = review.user_perms(User(uid=userid))
elif role_nm:
label = role_nm
prms = review.role_perms(Role(name=role_nm))
else:
if perm.obj_name:
perm.obj_name += '*'
else:
perm.obj_name = '*'
if perm.op_name:
perm.op_name += '*'
else:
perm.op_name = '*'
label = perm.obj_name + '.' + perm.op_name
prms = review.find_perms(perm)
if len(prms) > 0:
for idx, prm in enumerate(prms):
print_entity(prm, label + ':' + str(idx))
else:
print_ln('No matching records found matching filter: ' + label)
else:
print('process_perm failed, invalid operation=' + args.operation)
return False
return True
def process(args):
sess = None
result = False
user = load_entity(User(), args)
perm = load_entity(Perm(), args)
print(args.operation)
try:
if args.operation == AUTH:
sess = access.create_session(user, False)
result = True
elif args.operation == CHCK:
sess = un_pickle()
result = access.check_access(sess, perm)
elif args.operation == ROLES:
sess = un_pickle()
roles = access.session_roles(sess)
for idx, role in enumerate(roles):
print_entity(role, role.name + ':' + str(idx))
result = True
elif args.operation == PERMS:
sess = un_pickle()
perms = access.session_perms(sess)
for idx, perm in enumerate(perms):
print_entity(
perm, perm.obj_name + '.' + perm.op_name + ':' + str(idx))
result = True
elif args.operation == SHOW:
sess = un_pickle()
print_entity(sess, 'session')
print_user(sess.user, 'user')
result = True
elif args.operation == ADD:
sess = un_pickle()
if not args.role:
print("error --role required for this op")
return False
print('role=' + args.role)
access.add_active_role(sess, args.role)
result = True
elif args.operation == DROP:
sess = un_pickle()
if not args.role:
print("error --role required for this op")
return False
print('role=' + args.role)
access.drop_active_role(sess, args.role)
result = True
else:
print('process failed, invalid operation=' + args.operation)
if result:
print('success')
else:
print('failed')
pickle_it(sess)
except RbacError as e:
if e.id == global_ids.ACTV_FAILED_DAY:
print('failed day of week, id=' + str(e.id) + ', msg=' + e.msg)
elif e.id == global_ids.ACTV_FAILED_DATE:
print('failed for date, id=' + str(e.id) + ', msg=' + e.msg)
elif e.id == global_ids.ACTV_FAILED_TIME:
print('failed for time of day, id=' + str(e.id) + ', msg=' + e.msg)
elif e.id == global_ids.ACTV_FAILED_TIMEOUT:
print('failed inactivity timeout, id=' + str(e.id) + ', msg=' +
e.msg)
elif e.id == global_ids.ACTV_FAILED_LOCK:
print('failed locked date')
else:
print('RbacError id=' + str(e.id) + ', ' + e.msg)