source: TI12-security/trunk/NDG_XACML/ndg/xacml/core/rule.py @ 6790

"""NDG Security Rule type definition

NERC DataGrid Project
"""
__author__ = "P J Kershaw"
__date__ = "25/02/10"
__copyright__ = "(C) 2010 Science and Technology Facilities Council"
__contact__ = "Philip.Kershaw@stfc.ac.uk"
__license__ = "BSD - see LICENSE file in top-level directory"
__contact__ = "Philip.Kershaw@stfc.ac.uk"
__revision__ = "$Id: $"
from ndg.xacml.utils import TypedList
from ndg.xacml.core import XacmlCoreBase
from ndg.xacml.core.target import Target
from ndg.xacml.core.condition import Condition


class Effect(object):
    """Rule Effect"""
    DENY_STR = 'Deny'
    PERMIT_STR = 'Permit'
    TYPES = (DENY_STR, PERMIT_STR)
    __slots__ = ('__value',)
    
    def __init__(self, effect=DENY_STR):
        self.__value = None
        self.value = effect

    def __getstate__(self):
        '''Enable pickling'''
        _dict = {}
        for attrName in Effect.__slots__:
            # Ugly hack to allow for derived classes setting private member
            # variables
            if attrName.startswith('__'):
                attrName = "_Effect" + attrName
                
            _dict[attrName] = getattr(self, attrName)
            
        return _dict
  
    def __setstate__(self, attrDict):
        '''Enable pickling'''
        for attrName, val in attrDict.items():
            setattr(self, attrName, val)
            
    def _setValue(self, value):
        if isinstance(value, Effect):
            # Cast to string
            value = str(value)
            
        elif not isinstance(value, basestring):
            raise TypeError('Expecting string or Effect instance for '
                            '"value" attribute; got %r instead' % type(value))
            
        if value not in self.__class__.TYPES:
            raise AttributeError('Permissable effect types are %r; got '
                                 '%r instead' % (Effect.TYPES, value))
        self.__value = value
        
    def _getValue(self):
        return self.__value
    
    value = property(fget=_getValue, fset=_setValue, doc="Effect value")
    
    def __str__(self):
        return self.__value

    def __eq__(self, effect):
        if isinstance(effect, Effect):
            # Cast to string
            value = effect.value
            
        elif isinstance(effect, basestring):
            value = effect
            
        else:
            raise TypeError('Expecting string or Effect instance for '
                            'input effect value; got %r instead' % type(value))
            
        if value not in self.__class__.TYPES:
            raise AttributeError('Permissable effect types are %r; got '
                                 '%r instead' % (Effect.TYPES, value))
            
        return self.__value == value        


class PermitEffect(Effect):
    """Permit authorisation Effect"""
    __slots__ = ()

    def __init__(self):
        super(PermitEffect, self).__init__(Effect.PERMIT_STR)
        
    def _setValue(self):  
        raise AttributeError("can't set attribute")


class DenyEffect(Effect):
    """Deny authorisation Effect"""
    __slots__ = ()
    
    def __init__(self):
        super(DenyEffect, self).__init__(Effect.DENY_STR)
        
    def _setValue(self, value):  
        raise AttributeError("can't set attribute")

# Add instances of each for convenience
Effect.PERMIT = PermitEffect()
Effect.DENY = DenyEffect()


class Rule(XacmlCoreBase):
    """XACML Policy Rule"""
    ELEMENT_LOCAL_NAME = 'Rule'
    RULE_ID_ATTRIB_NAME = 'RuleId'
    EFFECT_ATTRIB_NAME = 'Effect'
    
    DESCRIPTION_LOCAL_NAME = 'Description'
    
    __slots__ = (
        '__target', 
        '__condition', 
        '__description', 
        '__id', 
        '__effect'
    )
    
    def __init__(self):
        self.__id = None
        self.__effect = None
        self.__target = None
        self.__condition = None
        
    @property
    def target(self):
        "Rule target"
        return self.__target
    
    @target.setter
    def target(self, value):
        if not isinstance(value, Target):
            raise TypeError('Expecting %r type for "id" '
                            'attribute; got %r' % (Target, type(value))) 
        self.__target = value
           
    @property
    def condition(self):
        "rule condition"
        return self.__condition
    
    @condition.setter
    def condition(self, value):
        if not isinstance(value, Condition):
            raise TypeError('Expecting %r type for "id" '
                            'attribute; got %r' % (Condition, type(value))) 
            
        self.__condition = value
             
    def _get_id(self):
        return self.__id

    def _set_id(self, value):
        if not isinstance(value, basestring):
            raise TypeError('Expecting %r type for "id" '
                            'attribute; got %r' % (basestring, type(value)))
            
        self.__id = value   

    id = property(_get_id, _set_id, None, "Rule identifier attribute")  
      
    def _get_effect(self):
        return self.__effect

    def _set_effect(self, value):
        if not isinstance(value, Effect):
            raise TypeError('Expecting %r type for "effect" '
                            'attribute; got %r' % (Effect, type(value)))
            
        self.__effect = value   

    effect = property(_get_effect, _set_effect, None, 
                      "Rule effect attribute")  

    def _getDescription(self):
        return self.__description

    def _setDescription(self, value):
        if not isinstance(value, basestring):
            raise TypeError('Expecting string type for "description" '
                            'attribute; got %r' % type(value))
        self.__description = value

    description = property(_getDescription, _setDescription, 
                           doc="Rule Description text")