1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# Copyright 2011 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
"""Interfaces for pillar and artifact access policies."""
__metaclass__ = type
__all__ = [
'AccessPolicyType',
'IAccessPolicy',
'IAccessPolicyArtifact',
'IAccessPolicyArtifactSource',
'IAccessPolicyGrant',
'IAccessPolicySource',
'UnsuitableAccessPolicyError',
]
import httplib
from lazr.enum import (
DBEnumeratedType,
DBItem,
)
from lazr.restful.declarations import error_status
from zope.interface import (
Attribute,
Interface,
)
@error_status(httplib.BAD_REQUEST)
class UnsuitableAccessPolicyError(Exception):
pass
class AccessPolicyType(DBEnumeratedType):
"""Access policy type."""
PRIVATE = DBItem(1, """
Private
This policy covers general private information.
""")
SECURITY = DBItem(2, """
Security
This policy covers information relating to confidential security
vulnerabilities.
""")
class IAccessPolicy(Interface):
id = Attribute("ID")
pillar = Attribute("Pillar")
type = Attribute("Type")
class IAccessPolicyArtifact(Interface):
id = Attribute("ID")
concrete_artifact = Attribute("Concrete artifact")
policy = Attribute("Access policy")
class IAccessPolicyGrant(Interface):
id = Attribute("ID")
grantee = Attribute("Grantee")
grantor = Attribute("Grantor")
date_created = Attribute("Date created")
policy = Attribute("Access policy")
abstract_artifact = Attribute("Abstract artifact")
concrete_artifact = Attribute("Concrete artifact")
class IAccessPolicySource(Interface):
def create(pillar, display_name):
"""Create an `IAccessPolicy` for the pillar with the given name."""
def getByID(id):
"""Return the `IAccessPolicy` with the given ID."""
def getByPillarAndType(pillar, type):
"""Return the pillar's `IAccessPolicy` with the given type."""
def findByPillar(pillar):
"""Return a ResultSet of all `IAccessPolicy`s for the pillar."""
class IAccessPolicyArtifactSource(Interface):
def ensure(concrete_artifact):
"""Return the `IAccessPolicyArtifact` for a concrete artifact.
Creates the abstract artifact if it doesn't already exist.
"""
def get(concrete_artifact):
"""Return the `IAccessPolicyArtifact` for an artifact, if it exists.
Use ensure() if you want to create one if it doesn't yet exist.
"""
def delete(concrete_artifact):
"""Delete the `IAccessPolicyArtifact` for a concrete artifact.
Also removes any AccessPolicyGrants for the artifact.
"""
class IAccessPolicyGrantSource(Interface):
def grant(grantee, grantor, object):
"""Create an `IAccessPolicyGrant`.
:param grantee: the `IPerson` to hold the access.
:param grantor: the `IPerson` that grants the access.
:param object: the `IAccessPolicy` or `IAccessPolicyArtifact` to
grant access to.
"""
def getByID(id):
"""Return the `IAccessPolicyGrant` with the given ID."""
def findByPolicy(policy):
"""Return all `IAccessPolicyGrant` objects for the policy."""
|