1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
#------------------------------------------------------------------------------
# Copyright (c) 2008, Riverbank Computing Limited
# All rights reserved.
#
# This software is provided without warranty under the terms of the BSD
# license included in enthought/LICENSE.txt and may be redistributed only
# under the conditions described in the aforementioned license. The license
# is also available online at http://www.enthought.com/licenses/BSD.txt
# Thanks for using Enthought open source!
#
# Author: Riverbank Computing Limited
# Description: <Enthought permissions package component>
#------------------------------------------------------------------------------
# Enthought library imports.
from pyface.api import error
from pyface.action.api import Action
from traits.api import Dict, HasTraits, provides, Instance, List
# Local imports.
from apptools.permissions.i_policy_manager import IPolicyManager
from apptools.permissions.permission import ManagePolicyPermission, Permission
from apptools.permissions.secure_proxy import SecureProxy
from i_policy_storage import IPolicyStorage, PolicyStorageError
from role_assignment import role_assignment
from role_definition import role_definition
@provides(IPolicyManager)
class PolicyManager(HasTraits):
"""The default policy manager implementation. This policy enforces the use
of roles. Permissions are associated with roles rather than directly with
users. Users are then associated with one or more roles."""
#### 'IPolicyManager' interface ###########################################
management_actions = List(Instance(Action))
user_permissions = List(Instance(Permission))
#### 'PolicyManager' interface ############################################
# The dictionary of registered permissions keyed on the permission name.
permissions = Dict
# The policy data storage.
policy_storage = Instance(IPolicyStorage)
###########################################################################
# 'IPolicyManager' interface.
###########################################################################
def bootstrapping(self):
"""Return True if we are bootstrapping, ie. no roles have been defined
or assigned."""
try:
bootstrap = self.policy_storage.is_empty()
except PolicyStorageError:
# Suppress the error and assume it isn't empty.
bootstrap = False
return bootstrap
def load_policy(self, user):
"""Load the policy for the given user."""
self.user_permissions = []
# See if the policy is to be unloaded.
if user is None:
return
# Get the user's policy.
try:
user_name, perm_ids = self.policy_storage.get_policy(user.name)
except PolicyStorageError, e:
error(None, str(e))
return
for id in perm_ids:
try:
permission = self.permissions[id]
except KeyError:
# This shouldn't happen if referential integrity is maintained.
continue
self.user_permissions.append(permission)
def register_permission(self, permission):
"""Register the given permission."""
if self.permissions.has_key(permission.id):
other = self.permissions[permission.id]
if other.application_defined:
if permission.application_defined:
raise KeyError, 'permission "%s" has already been defined' % permission.id
# Use the description from the policy manager, if there is
# one, in preference to the application supplied one.
if permission.description:
other.description = permission.description
elif permission.application_defined:
# Again, prefer the policy manager description.
if other.description:
permission.description = other.description
self.permissions[permission.id] = permission
else:
# This should never happen if the policy manager is working
# properly.
raise KeyError, 'permission "%s" has already been defined by the same policy manager' % permission.id
else:
self.permissions[permission.id] = permission
###########################################################################
# Trait handlers.
###########################################################################
def _management_actions_default(self):
"""Return the management actions to manage the policy."""
actions = []
perm = ManagePolicyPermission()
act = Action(name='&Role Definitions...', on_perform=role_definition)
actions.append(SecureProxy(act, permissions=[perm], show=False))
act = Action(name='&Role Assignments...', on_perform=role_assignment)
actions.append(SecureProxy(act, permissions=[perm], show=False))
return actions
def _policy_storage_default(self):
"""Return the default storage for the policy data."""
# Defer to an external storage manager if there is one.
try:
from apptools.permissions.external.policy_storage import PolicyStorage
except ImportError:
from apptools.permissions.default.policy_storage import PolicyStorage
return PolicyStorage()
|
