14186.6.3
by William Grant
Add basic model and interfaces. |
1 |
# Copyright 2011 Canonical Ltd. This software is licensed under the
|
2 |
# GNU Affero General Public License version 3 (see the file LICENSE).
|
|
3 |
||
4 |
"""Interfaces for pillar and artifact access policies."""
|
|
5 |
||
6 |
__metaclass__ = type |
|
7 |
||
8 |
__all__ = [ |
|
14186.6.24
by William Grant
AccessPolicy model updated, replacing name/displayname with type. |
9 |
'AccessPolicyType', |
14186.6.3
by William Grant
Add basic model and interfaces. |
10 |
'IAccessPolicy', |
11 |
'IAccessPolicyArtifact', |
|
14186.6.7
by William Grant
Initial IAccessPolicyArtifactSource implementation. |
12 |
'IAccessPolicyArtifactSource', |
14186.6.20
by William Grant
Fix tests by renaming AccessPolicyPermission to AccessPolicyGrant. |
13 |
'IAccessPolicyGrant', |
14186.6.4
by William Grant
Introduce IAccessPolicySource. |
14 |
'IAccessPolicySource', |
14186.8.4
by William Grant
Bug.setAccessPolicy now rejects attempts to set one for a different pillar. |
15 |
'UnsuitableAccessPolicyError', |
14186.6.3
by William Grant
Add basic model and interfaces. |
16 |
]
|
17 |
||
14186.8.4
by William Grant
Bug.setAccessPolicy now rejects attempts to set one for a different pillar. |
18 |
import httplib |
19 |
||
14186.6.24
by William Grant
AccessPolicy model updated, replacing name/displayname with type. |
20 |
from lazr.enum import ( |
21 |
DBEnumeratedType, |
|
22 |
DBItem, |
|
23 |
)
|
|
14186.8.4
by William Grant
Bug.setAccessPolicy now rejects attempts to set one for a different pillar. |
24 |
from lazr.restful.declarations import error_status |
14186.6.3
by William Grant
Add basic model and interfaces. |
25 |
from zope.interface import ( |
26 |
Attribute, |
|
27 |
Interface, |
|
28 |
)
|
|
29 |
||
30 |
||
14186.8.4
by William Grant
Bug.setAccessPolicy now rejects attempts to set one for a different pillar. |
31 |
@error_status(httplib.BAD_REQUEST) |
32 |
class UnsuitableAccessPolicyError(Exception): |
|
33 |
pass
|
|
34 |
||
35 |
||
14186.6.24
by William Grant
AccessPolicy model updated, replacing name/displayname with type. |
36 |
class AccessPolicyType(DBEnumeratedType): |
37 |
"""Access policy type."""
|
|
38 |
||
39 |
PRIVATE = DBItem(1, """ |
|
40 |
Private
|
|
41 |
||
42 |
This policy covers general private information.
|
|
43 |
""") |
|
44 |
||
45 |
SECURITY = DBItem(2, """ |
|
46 |
Security
|
|
47 |
||
48 |
This policy covers information relating to confidential security
|
|
49 |
vulnerabilities.
|
|
50 |
""") |
|
51 |
||
52 |
||
14186.6.3
by William Grant
Add basic model and interfaces. |
53 |
class IAccessPolicy(Interface): |
54 |
id = Attribute("ID") |
|
55 |
pillar = Attribute("Pillar") |
|
14186.6.24
by William Grant
AccessPolicy model updated, replacing name/displayname with type. |
56 |
type = Attribute("Type") |
57 |
||
14186.6.3
by William Grant
Add basic model and interfaces. |
58 |
|
59 |
class IAccessPolicyArtifact(Interface): |
|
60 |
id = Attribute("ID") |
|
61 |
concrete_artifact = Attribute("Concrete artifact") |
|
14186.6.30
by William Grant
APA.policy |
62 |
policy = Attribute("Access policy") |
14186.6.3
by William Grant
Add basic model and interfaces. |
63 |
|
64 |
||
14186.6.20
by William Grant
Fix tests by renaming AccessPolicyPermission to AccessPolicyGrant. |
65 |
class IAccessPolicyGrant(Interface): |
14186.6.3
by William Grant
Add basic model and interfaces. |
66 |
id = Attribute("ID") |
14186.6.32
by William Grant
Complete the rename. |
67 |
grantee = Attribute("Grantee") |
68 |
grantor = Attribute("Grantor") |
|
69 |
date_created = Attribute("Date created") |
|
14186.6.3
by William Grant
Add basic model and interfaces. |
70 |
policy = Attribute("Access policy") |
71 |
abstract_artifact = Attribute("Abstract artifact") |
|
14186.6.28
by William Grant
Fix stuff. |
72 |
|
14186.6.3
by William Grant
Add basic model and interfaces. |
73 |
concrete_artifact = Attribute("Concrete artifact") |
14186.6.4
by William Grant
Introduce IAccessPolicySource. |
74 |
|
75 |
||
76 |
class IAccessPolicySource(Interface): |
|
77 |
||
78 |
def create(pillar, display_name): |
|
79 |
"""Create an `IAccessPolicy` for the pillar with the given name."""
|
|
80 |
||
81 |
def getByID(id): |
|
82 |
"""Return the `IAccessPolicy` with the given ID."""
|
|
83 |
||
14186.6.25
by William Grant
Fix tests. |
84 |
def getByPillarAndType(pillar, type): |
85 |
"""Return the pillar's `IAccessPolicy` with the given type."""
|
|
14186.6.4
by William Grant
Introduce IAccessPolicySource. |
86 |
|
87 |
def findByPillar(pillar): |
|
88 |
"""Return a ResultSet of all `IAccessPolicy`s for the pillar."""
|
|
14186.6.7
by William Grant
Initial IAccessPolicyArtifactSource implementation. |
89 |
|
90 |
||
91 |
class IAccessPolicyArtifactSource(Interface): |
|
92 |
||
93 |
def ensure(concrete_artifact): |
|
94 |
"""Return the `IAccessPolicyArtifact` for a concrete artifact.
|
|
95 |
||
96 |
Creates the abstract artifact if it doesn't already exist.
|
|
97 |
"""
|
|
14186.6.12
by William Grant
IAccessPolicyPermissionSource, with grant() implemented and various tests. |
98 |
|
14186.6.38
by William Grant
APAS.get. |
99 |
def get(concrete_artifact): |
100 |
"""Return the `IAccessPolicyArtifact` for an artifact, if it exists.
|
|
101 |
||
102 |
Use ensure() if you want to create one if it doesn't yet exist.
|
|
103 |
"""
|
|
104 |
||
14186.6.37
by William Grant
APA/APG deletion. |
105 |
def delete(concrete_artifact): |
106 |
"""Delete the `IAccessPolicyArtifact` for a concrete artifact.
|
|
107 |
||
108 |
Also removes any AccessPolicyGrants for the artifact.
|
|
109 |
"""
|
|
110 |
||
14186.6.12
by William Grant
IAccessPolicyPermissionSource, with grant() implemented and various tests. |
111 |
|
14186.6.20
by William Grant
Fix tests by renaming AccessPolicyPermission to AccessPolicyGrant. |
112 |
class IAccessPolicyGrantSource(Interface): |
14186.6.12
by William Grant
IAccessPolicyPermissionSource, with grant() implemented and various tests. |
113 |
|
14186.6.28
by William Grant
Fix stuff. |
114 |
def grant(grantee, grantor, object): |
14186.6.20
by William Grant
Fix tests by renaming AccessPolicyPermission to AccessPolicyGrant. |
115 |
"""Create an `IAccessPolicyGrant`.
|
14186.6.12
by William Grant
IAccessPolicyPermissionSource, with grant() implemented and various tests. |
116 |
|
14186.6.28
by William Grant
Fix stuff. |
117 |
:param grantee: the `IPerson` to hold the access.
|
118 |
:param grantor: the `IPerson` that grants the access.
|
|
119 |
:param object: the `IAccessPolicy` or `IAccessPolicyArtifact` to
|
|
120 |
grant access to.
|
|
14186.6.12
by William Grant
IAccessPolicyPermissionSource, with grant() implemented and various tests. |
121 |
"""
|
122 |
||
14186.6.13
by William Grant
getByID should be in the interface too. |
123 |
def getByID(id): |
14186.6.20
by William Grant
Fix tests by renaming AccessPolicyPermission to AccessPolicyGrant. |
124 |
"""Return the `IAccessPolicyGrant` with the given ID."""
|
14186.6.13
by William Grant
getByID should be in the interface too. |
125 |
|
14186.6.12
by William Grant
IAccessPolicyPermissionSource, with grant() implemented and various tests. |
126 |
def findByPolicy(policy): |
14186.6.20
by William Grant
Fix tests by renaming AccessPolicyPermission to AccessPolicyGrant. |
127 |
"""Return all `IAccessPolicyGrant` objects for the policy."""
|