1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# Copyright 2016, Tresys Technology, LLC
#
# SPDX-License-Identifier: LGPL-2.1-only
#
#
from PyQt6 import QtCore
import setools
from .modelroles import ModelRoles
from .table import SEToolsTableModel
from .. import details
__all__ = ("RBACRuleTable",)
class RBACRuleTable(SEToolsTableModel[setools.AnyRBACRule]):
"""A table-based model for RBAC rules."""
headers = ["Rule Type", "Source Role", "Target Role/Type", "Object Class", "Default Role"]
def data(self, index: QtCore.QModelIndex, role: int = ModelRoles.DisplayRole):
if not self.item_list or not index.isValid():
return None
row = index.row()
col = index.column()
rule = self.item_list[row]
match role:
case ModelRoles.DisplayRole:
match col:
case 0:
return rule.ruletype.name
case 1:
return rule.source.name
case 2:
return rule.target.name
case 3:
if rule.ruletype == setools.RBACRuletype.role_transition:
return rule.tclass.name
case 4:
if rule.ruletype == setools.RBACRuletype.role_transition:
return rule.default.name
return None
case ModelRoles.ContextMenuRole:
match col:
case 1:
return (details.role_detail_action(rule.source), )
case 2:
if rule.ruletype == setools.RBACRuletype.role_transition:
assert isinstance(rule.target,
setools.Type | setools.TypeAttribute), \
"Invalid rule target, this is an SETools bug."
return (details.type_or_attr_detail_action(rule.target), )
assert isinstance(rule.target, setools.Role), \
"Invalid rule target, this is an SETools bug."
return (details.role_detail_action(rule.target), )
case 3:
if rule.ruletype == setools.RBACRuletype.role_transition:
return (details.objclass_detail_action(rule.tclass), )
case 4:
if rule.ruletype == setools.RBACRuletype.role_transition:
return (details.role_detail_action(rule.default), )
case ModelRoles.ToolTipRole:
match col:
case 1:
return details.role_tooltip(rule.source)
case 2:
if rule.ruletype == setools.RBACRuletype.role_transition:
assert isinstance(rule.target,
setools.Type | setools.TypeAttribute), \
"Invalid rule target, this is an SETools bug."
return details.type_or_attr_tooltip(rule.target)
assert isinstance(rule.target, setools.Role), \
"Invalid rule target, this is an SETools bug."
return details.role_tooltip(rule.target)
case 3:
return details.objclass_tooltip(rule.tclass)
case 4:
if rule.ruletype == setools.RBACRuletype.role_transition:
return details.role_tooltip(rule.default)
case ModelRoles.WhatsThisRole:
match col:
case 0:
column_whatsthis = f"<p>{rule.ruletype} is the type of the rule.</p>"
case 1:
column_whatsthis = \
f"<p>{rule.source} is the source role (subject) in the rule.</p>"
case 2:
if rule.ruletype == setools.RBACRuletype.role_transition:
column_whatsthis = \
f"""
<p>{rule.target} is the target type/attribute (object) in the rule.
</p>"""
else:
column_whatsthis = \
f"<p>{rule.target} is the target role (object) in the rule.</p>"
case 3:
if rule.ruletype == setools.RBACRuletype.role_transition:
column_whatsthis = \
f"<p>{rule.tclass} is the object class of the rule.</p>"
else:
column_whatsthis = \
f"""
<p>The object class column does not apply to {rule.ruletype} rules.
</p>"""
case 4:
if rule.ruletype == setools.RBACRuletype.role_transition:
column_whatsthis = \
f"<p>{rule.default} is the default role in the rule.<p>"
else:
column_whatsthis = \
f"""
<p>The default role column does not apply to {rule.ruletype} rules.
</p>"""
case _:
column_whatsthis = ""
return \
f"""
<b><p>Table Representation of Role-based Access Control (RBAC) Rules</p></b>
<p>Each part of the rule is represented as a column in the table.</p>
{column_whatsthis}
"""
return super().data(index, role)
|
