source: TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/xacml/esg_ext.py @ 7691

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/xacml/esg_ext.py@7691
Revision 7691, 6.1 KB checked in by pjkersha, 10 years ago (diff)

Completing new module for custom ESGF types needed for XACML.

Line 
1"""NDG Security
2
3Extensions for Earth System Grid Federation Group/Role Attribute Value type
4"""
5__author__ = "P J Kershaw"
6__date__ = "01/11/10"
7__copyright__ = "(C) 2010 Science and Technology Facilities Council"
8__contact__ = "Philip.Kershaw@stfc.ac.uk"
9__license__ = "BSD - see LICENSE file in top-level directory"
10__contact__ = "Philip.Kershaw@stfc.ac.uk"
11__revision__ = "$Id$"
12import logging
13log = logging.getLogger(__name__)
14
15from ndg.xacml.core.functions.v1.bag import BagBase
16from ndg.xacml.core.functions.v1.at_least_one_member_of import \
17    AtLeastOneMemberOfBase
18from ndg.xacml.core.attributevalue import AttributeValueClassFactory
19from ndg.xacml.parsers import XMLParseError
20from ndg.xacml.parsers.etree.attributevaluereader import (
21                                                DataTypeReaderClassFactory)
22from ndg.xacml.parsers.etree import QName
23from ndg.xacml.parsers.etree.attributevaluereader import (
24                                                DataTypeReaderClassFactory,
25                                                ETreeDataTypeReaderBase)
26
27
28class ESGFGroupRoleAttributeValue(AttributeValue):
29    """Earth System Grid Federation Group/Role Attribute Value type
30   
31    Attributes have the concept of a different groups and within those groups
32    roles indicating a function or privilege
33   
34    @cvar IDENTIFIER: DataType for this attribute value type
35    @type IDENTIFIER: string
36    @cvar TYPE: Realisation as a Python type
37    @type TYPE: string
38    @cvar GROUPROLE_ELEMENT_LOCAL_NAME: XML element name for this type
39    @type GROUPROLE_ELEMENT_LOCAL_NAME: string
40    @cvar GROUP_ELEMENT_LOCAL_NAME: name of group XML sub-element
41    @type GROUP_ELEMENT_LOCAL_NAME: string
42    @cvar ROLE_ELEMENT_LOCAL_NAME: name of role XML sub-element
43    @type ROLE_ELEMENT_LOCAL_NAME: string
44    @cvar ROLE_DEFAULT_VALUE: default value for role name
45    @type ROLE_DEFAULT_VALUE: string
46    """
47   
48    IDENTIFIER = 'groupRole'
49    TYPE = tuple   
50    GROUPROLE_ELEMENT_LOCAL_NAME = 'groupRole'
51    GROUP_ELEMENT_LOCAL_NAME = 'group'
52    ROLE_ELEMENT_LOCAL_NAME = 'role'
53    ROLE_DEFAULT_VALUE = 'default'
54   
55    __slots__ = ('__group', '__role')
56   
57    def __init__(self):
58        """Add additional attributes to AttributeValue base type"""
59        super(ESGFGroupRoleAttributeValue, self).__init__()
60        self.__group = None
61        self.__role = self.__class__.ROLE_DEFAULT_VALUE
62       
63    @property
64    def group(self):
65        """@return: group name
66        @rtype: basestring / NoneType
67        """ 
68        return self.__group
69   
70    @property.setter
71    def group(self, value):
72        """@param value: new group value to set
73        @type value: basestring
74        """
75        if not isinstance(value, basestring):
76            raise TypeError('Expecting string type for "group" attribute; got '
77                            '%r' % type(value))
78           
79        self.__group = value
80         
81    @property
82    def role(self):
83        """@return: role name
84        @rtype: basestring
85        """ 
86        return self.__role
87   
88    @property.setter
89    def role(self, value):
90        """@param value: new role value to set
91        @type value: basestring
92        """
93        if not isinstance(value, basestring):
94            raise TypeError('Expecting string type for "role" attribute; got '
95                            '%r' % type(value))
96       
97        return self.__role
98   
99    @property
100    def value(self):
101        """Override default value property to give custom result.  Also,
102        'value' becomes a read-only property.  Making this change is critical
103        to the function of the GroupRoleAtLeastOneMemberOf class below - it
104        relies on being able to make comparison of the value attribute of
105        different GroupRoleAttributeValue instances.  Defined this way,
106        comparison is by group,role to group,role tuple
107        """
108        return self.group, self.role
109   
110
111class ESGFGroupRoleBag(BagBase):
112    """Bag function for Earth System Grid Federation Group/Role custom attribute
113    value type"""
114    TYPE = ESGFGroupRoleAttributeValue
115    FUNCTION_NS = 'urn:esg:security:xacml:2.0:function:grouprole-bag'
116
117 
118class ESGFGroupRoleAtLeastOneMemberOf(AtLeastOneMemberOfBase):
119    """At least one member of function for Earth System Grid Federation
120    Group/Role custom attribute value type"""
121    TYPE = ESGFGroupRoleAttributeValue
122    FUNCTION_NS = ('urn:esg:security:xacml:2.0:function:'
123                   'grouprole-at-least-one-member-of')
124
125   
126class ETreeESGFGroupRoleDataTypeReader(ETreeDataTypeReaderBase):
127    """ElementTree based parser for Earth System Grid Federation Group/Role
128    attribute value data type"""
129   
130    @classmethod
131    def parse(cls, elem, attributeValue):
132        """Parse ESGF Group/Role type object using ElementTree
133
134        @param obj: input object to parse
135        @type obj: ElementTree Element, or stream object
136        @return: ElementTree element
137        @rtype: xml.etree.Element
138        """
139        if len(elem) != 1:
140            raise XMLParseError("Expecting single groupRole child element but " 
141                                "found only %d element(s)" % len(elem))
142                     
143        groupRoleElem = elem[0]
144       
145        if (QName.getLocalPart(groupRoleElem.tag) != 
146            attributeValue.__class__.GROUPROLE_ELEMENT_LOCAL_NAME):
147            raise XMLParseError("%r element found, expecting \"%s\" element " 
148                        "instead" % 
149                        attributeValue.__class__.GROUPROLE_ELEMENT_LOCAL_NAME)
150       
151        # Allow for any of the defined Expression sub-types in the child
152        # elements
153        for subElem in groupRoleElem:
154            localName = QName.getLocalPart(subElem.tag)
155            if localName == attributeValue.__class__.ROLE_ELEMENT_LOCAL_NAME:
156                attributeValue.role = subElem.text
157            elif localName == attributeValue.__class__.GROUP_ELEMENT_LOCAL_NAME:
158                attributeValue.group = subElem.text
159            else:
160                raise XMLParseError('%r ESG Group/Role sub-element not '
161                                    'recognised' % localName) 
Note: See TracBrowser for help on using the repository browser.