From: Ruan HE Date: Mon, 27 Jul 2015 16:58:51 +0000 (+0000) Subject: Merge "Raise AuthzException in IntraExtensionAuthzManager whenn needed (untested)." X-Git-Tag: colorado.1.0~185 X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=e43444c05416190123ad66ffc3ffe9ee27f6936c;p=moon.git Merge "Raise AuthzException in IntraExtensionAuthzManager whenn needed (untested)." --- e43444c05416190123ad66ffc3ffe9ee27f6936c diff --cc keystone-moon/keystone/contrib/moon/core.py index 6f4ba4f2,a42a7912..d9a59ff3 --- a/keystone-moon/keystone/contrib/moon/core.py +++ b/keystone-moon/keystone/contrib/moon/core.py @@@ -1607,41 -1538,94 +1607,117 @@@ class IntraExtensionAuthzManager(IntraE return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id) def add_subject_dict(self, user_id, intra_extension_id, subject_dict): - # TODO: sync with intra_admin_extension subjects table, need double check in both authz and admin - return + subject = super(IntraExtensionAuthzManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict) + tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID) + for tenant_id in tenants_dict: + if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: + self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], subject['id'], subject_dict) + break + if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: + self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], subject['id'], subject_dict) + break + return subject def del_subject(self, user_id, intra_extension_id, subject_id): - # TODO: sync with intra_admin_extension subjects table, need double check in both authz and admin - pass + super(IntraExtensionAuthzManager, self).del_subject(user_id, intra_extension_id, subject_id) + tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID) + for tenant_id in tenants_dict: + if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: + self.driver.del_subject(tenants_dict[tenant_id]["intra_admin_extension_id"], subject_id) + break + if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: + self.driver.del_subject(tenants_dict[tenant_id]["intra_authz_extension_id"], subject_id) + break def set_subject_dict(self, user_id, intra_extension_id, subject_id, subject_dict): - # TODO: sync with intra_admin_extension subjects table, need double check in both authz and admin - return + subject = super(IntraExtensionAuthzManager, self).set_subject_dict(user_id, intra_extension_id, subject_dict) + tenants_dict = self.tenant_api.get_tenants_dict(ADMIN_ID) + for tenant_id in tenants_dict: + if tenants_dict[tenant_id]["intra_authz_extension_id"] == intra_extension_id: + self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_admin_extension_id"], subject['id'], subject_dict) + break + if tenants_dict[tenant_id]["intra_admin_extension_id"] == intra_extension_id: + self.driver.set_subject_dict(tenants_dict[tenant_id]["intra_authz_extension_id"], subject['id'], subject_dict) + break + return subject - # TODO: for other no heritaged functions, add raise AuthzException() + def get_subject_categories_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_subject_category(self, user_id, intra_extension_id, subject_category_id): + raise AuthzException() + + def get_object_category_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_object_category(self, user_id, intra_extension_id, object_category_id): + raise AuthzException() + + def get_action_category_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_action_category(self, user_id, intra_extension_id, action_category_id): + raise AuthzException() + + def get_subjects_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_subject_dict(self, user_id, intra_extension_id, subject_id): + raise AuthzException() + + def get_objects_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_object_dict(self, user_id, intra_extension_id, object_id): + raise AuthzException() + + def get_actions_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_action_dict(self, user_id, intra_extension_id, action_id): + raise AuthzException() + + def get_subject_scopes_dict(self, user_id, intra_extension_id, subject_category_id): + raise AuthzException() + + def get_subject_scope_dict(self, user_id, intra_extension_id, subject_category_id, subject_scope_id): + raise AuthzException() + + def get_object_scopes_dict(self, user_id, intra_extension_id, object_category_id): + raise AuthzException() + + def get_object_scope_dict(self, user_id, intra_extension_id, object_category_id, object_scope_id): + raise AuthzException() + + def get_action_scopes_dict(self, user_id, intra_extension_id, action_category_id): + raise AuthzException() + + def get_action_scope_dict(self, user_id, intra_extension_id, action_category_id, action_scope_id): + raise AuthzException() + + def get_subject_assignment_list(self, user_id, intra_extension_id, subject_id, subject_category_id): + raise AuthzException() + + def get_object_assignment_list(self, user_id, intra_extension_id, object_id, object_category_id): + raise AuthzException() + + def get_action_assignment_list(self, user_id, intra_extension_id, action_id, action_category_id): + raise AuthzException() + + def get_aggregation_algorithm_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_sub_meta_rules_dict(self, user_id, intra_extension_id): + raise AuthzException() + + def get_sub_meta_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id): + raise AuthzException() + + def get_rules_dict(self, user_id, intra_extension_id, sub_meta_rule_id): + raise AuthzException() + + def get_rule_dict(self, user_id, intra_extension_id, sub_meta_rule_id, rule_id): + raise AuthzException() @dependency.provider('admin_api')