source: TI12-security/branches/BODC/NDG/BODCUserRoles.py @ 611

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/branches/BODC/NDG/BODCUserRoles.py@759
Revision 611, 3.4 KB checked in by pjkersha, 14 years ago (diff)
Line 
1"""NDG Attribute Authority User Roles class for the BODC - acts as an interface
2between BODC user database and the Attribute Authority
3
4NERC Data Grid Project
5
6P J Kershaw 09/09/05
7
8Copyright (C) 2005 CCLRC & NERC
9
10This software may be distributed under the terms of the Q Public License,
11version 1.0 or later.
12"""
13from DCOracle2 import *
14
15# For parsing of properties file
16import cElementTree as ElementTree
17
18from NDG.X509 import *
19from NDG.AttAuthority import AAUserRoles
20from NDG.AttAuthority import AAUserRolesError
21
22
23class BODCUserRoles(AAUserRoles):
24    """User Roles class dynamic import for BODC Attribute Authority"""
25
26    # valid configuration property keywords
27    __validKeys = [ 'userName', 'dbAddr']
28                   
29                   
30    def __init__(self, propFilePath=None):
31   
32        self.__db = None
33
34        if propFilePath:
35            prop = self.readProperties(propFilePath)
36            self.connect(prop['userName'], prop['dbAddr'])
37       
38
39    def readProperties(self, propFilePath):
40
41        """Read the configuration properties for the Attribute Authority
42
43        propFilePath: file path to properties file
44        """
45       
46        try:
47            tree = ElementTree.parse(propFilePath)
48           
49        except IOError, ioErr:
50            raise AAUserRolesError(\
51                                "Error parsing properties file \"%s\": %s" % \
52                                (ioErr.filename, ioErr.strerror))
53
54       
55        prop = tree.getroot()
56
57        # Copy properties from file as member variables
58        userRolesProp = \
59                dict([(elem.tag, elem.text.strip()) for elem in prop])
60
61
62        # Check for missing properties
63        propKeys = userRolesProp.keys()
64        missingKeys = [key for key in BODCUserRoles.__validKeys \
65                       if key not in propKeys]
66        if missingKeys != []:
67            raise AAUserRolesError("The following properties are " + \
68                                    "missing from the properties file: " + \
69                                    ', '.join(missingKeys))
70
71        return userRolesProp
72       
73       
74       
75
76    def connect(self, 
77                userName,
78                dbAddr, 
79                passPhrase=None,
80                prompt=None):
81        """Connect to database
82       
83        If no passphrase is given prompt from stdin"""
84       
85       
86        if not passPhrase:
87            if not prompt:
88                prompt = "Database Passphrase: "
89               
90            import getpass
91            passPhrase = getpass.getpass(prompt=prompt)
92
93
94        try:
95            self.__db = connect("%s/%s@%s" % (userName, passPhrase, dbAddr))
96            self.__cursor = self.__db.cursor()
97           
98        except Exception, e:
99            raise AAUserRolesError(\
100                "Error connecting to database \"%s\": %s" % (dbAddr, e))
101               
102       
103    def usrIsRegistered(self, dn):
104        """Check user with given Distinguished Name is registered with
105        BODC database"""
106       
107        try:
108            emailAddr = X500DN(dn)['CN']
109            query = "<BODC Database query>"
110            self.__cursor.execute(query, emailAddr)
111
112            if self.__cursor.fetchall():
113                return True
114            else:
115                return False
116               
117        except Exception, e:
118            raise AAUserRolesError(\
119                "Error checking user \"%s\" is registered: %s" % (dn, e))
120
121
122    def getRoles(self, dn):
123        """Retrieve roles from user with given Distinguished Name"""
124        try:
125            emailAddr = X500DN(dn)['CN']
126            query = "<BODC Database query>"
127            self.__cursor.execute(query, emailAddr)
128            roles = self.__cursor.fetchall()
129            return [i[0] for i in roles]
130           
131        except Exception, e:
132            raise AAUserRolesError(\
133            "Error getting roles for user \"%s\" is registered: %s" % (dn, e))
Note: See TracBrowser for help on using the repository browser.