source: TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/__init__.py @ 3896

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/pdp/__init__.py@3896
Revision 3896, 4.4 KB checked in by pjkersha, 14 years ago (diff)

Updates for ndg.security.common.authz.pep and ndg.security.common.authz.pdp for BrowsePDP Gatekeeper code for ows_server.

Line 
1"""NDG Policy Decision Point Package - contains abstract interface to PEP
2
3The PDP makes authorisation decisions based on the access constraints applying
4to a resource and the access rights of a user requesting it
5
6Adapted from original gatekeeper.py code
7
8NERC Data Grid Project
9"""
10__author__ = "P J Kershaw"
11__date__ = "04/04/08"
12__copyright__ = "(C) 200* STFC & NERC"
13__contact__ = "P.J.Kershaw@rl.ac.uk"
14__license__ = \
15"""This software may be distributed under the terms of the Q Public
16License, version 1.0 or later."""
17__contact__ = "P.J.Kershaw@rl.ac.uk"
18__revision__ = "$Id:gatekeeper.py 3079 2007-11-30 09:39:46Z pjkersha $"
19
20import logging
21log = logging.getLogger(__name__)
22
23class PDPError(Exception):
24    """Base class for PDP exceptions"""
25   
26class PDPUserAccessDenied(PDPError):
27    """Access Denied"""
28    def __init__(self, msg=None):
29        PDPError.__init__(self, msg or PDPUserAccessDenied.__doc__)
30 
31class PDPUserInsufficientPrivileges(PDPError):
32    """Insufficient privileges to access resource"""
33    def __init__(self, msg=None):
34        PDPError.__init__(self, msg or PDPUserInsufficientPrivileges.__doc__)
35   
36class PDPUserNotLoggedIn(PDPError):
37    """User is not logged in"""
38    def __init__(self, msg=None):
39        PDPError.__init__(self, msg or PDPUserNotLoggedIn.__doc__)
40
41class PDPMissingResourceConstraints(PDPError):
42    """Access constraints for resource are not set correctly"""
43    def __init__(self, msg=None):
44        PDPError.__init__(self, msg or PDPMissingResourceConstraints.__doc__)
45
46class PDPUnknownResourceType(PDPError):
47    """The type for requested resource is not known"""
48    def __init__(self, msg=None):
49        PDPError.__init__(self, msg or PDPUnknownResourceType.__doc__)
50           
51 
52class PDPInterface(object):
53    """PEP (Gatekeeper) abstract interface to a Policy Decision Point
54   
55    PDPs must adhere to this interface by subclassing from it"""
56   
57    def __init__(self, 
58                 cfgFilePath=None, 
59                 cfg=None, 
60                 cfgSection='DEFAULT',
61                 **cfgKw):
62        """PDPInterface(cfgFilePath|cfg|**cfgKw)
63       
64        @type cfgFilePath: string
65        @param cfgFilePath: file path to configuration file
66        @type cfg: ConfigParser object to retrieve parameters from as an
67        alternative to cfgFilePath input
68        @type cfgSection: string
69        @param cfgSection: sets the section name to retrieve config params
70        from
71        @type cfgKw: dict
72        @param cfgKw: set parameters as key value pairs."""
73        raise NotImplementedError("%s\n%s" % (PDPInterface.__doc__,
74                                              PDPInterface.__init__.__doc__))
75   
76       
77    def accessPermitted(self, resrcHandle, userHandle, accessType, *arg, **kw):
78        """Make an Access control decision with this behaviour:
79       
80        @type resrcHandle: any - determined by derived class PDP
81        @param resrcHandle: a handle to the resource to make access decision
82        for.  This could be for example a resource ID string, or a dict or
83        other object to hold resource information required by the PDP
84       
85        @type userHandle: any - determined by derived class PDP
86        @param userHandle: a handle to the user requesting access. 
87        e.g. a user ID, an attribute certificate or a handle to a service
88        which can be interrogated to get the required information
89       
90        @type accessType: any - determined by derived class PDP
91        @param accessType: the type of access being requested e.g. read,
92        read/write, put etc.
93       
94        @rtype: bool
95        @return: True if access permitted; False if denied or else raise
96        an Exception
97       
98        Nb.
99       
100         * *arg and **kw are included to enable further customisation,
101        resrcHandle, userHandle and accessType are merely indicators.
102       
103         * The alias to this method 'accessPermitted'
104         
105         * Derived classes should keep to the exception types in this file
106         where possible.  New exception types should inherit from PDPError.
107         Detailed error information should be left out of the exception
108         message and put in the error log instead"""
109        raise NotImplementedError("%s\n%s" % (PDPInterface.__doc__,
110                                  PDPInterface.accessPermitted.__doc__))
111        return False
112   
113    # Alias for convenience
114    __call__ = accessPermitted
Note: See TracBrowser for help on using the repository browser.