import repository from arizona
[raven.git] / owl / server / owlacl.py
1 import ravenlib.acl.mysqlacl
2 import MySQLdb
3 import db
4 from owllib import *
5
6 _manager = None
7
8 def _init(password):
9     global _manager
10     _manager = ravenlib.acl.mysqlacl.MysqlAclManager(
11                     dbaddress="localhost", dbname="acl", dbuser="root", 
12                      dbpasswd=password)
13
14 def init(password):
15     global _manager
16     if _manager is None:
17         try:
18             _init(password)
19         except MySQLdb.OperationalError, e:
20             if e[0] == 1049:
21                 # Error 1049 means the database doesn't exist.
22                 dbconn = db.DB(user="root", passwd=password, name="information_schema")
23                 dbconn.execute("CREATE DATABASE IF NOT EXISTS `acl`")
24                 dbconn.close()
25                 _init(password)
26             else:
27                 raise
28
29 def check_authorized(aclname, principal, right):
30     global _manager
31     try:
32         _manager.test_acl(aclname, principal, right)
33     except ravenlib.acl.mysqlacl.AclDoesNotExistError:
34         # For backwards compability with existing databases assume that if the ACL does not
35         # exist then access is allowed.
36         pass
37
38 def create_acl(aclname, owner):
39     global _manager
40     if owner=='*':
41         acl = _manager.create_acl_if_not_exist(aclname,
42                 {'*' : ['owner', 'write', 'read', 'index']})
43     else:
44         acl = _manager.create_acl_if_not_exist(aclname,
45                 {owner : ['owner', 'write'], '*' : ['read', 'index']})
46     return acl
47
48 def delete_acl_no_check(aclname):
49     global _manager
50     try:
51         _manager.delete_acl(aclname)
52     except ravenlib.acl.mysqlacl.AclDoesNotExistError:
53         # if the acl doesn't exist, then deleting it is a no-op
54         pass
55
56 def delete_acl(aclname, auth):
57     global _manager
58
59     check_authorized(aclname, auth, 'owner')
60     _manager.delete_acl(aclname)
61
62 def get_acl(aclname, auth):
63     global _manager
64
65     check_authorized(aclname, auth, 'owner')
66     return _manager.get_acl(aclname)
67
68
69 def add_right(aclname, auth, principal, right):
70     global _manager
71
72     check_authorized(aclname, auth, 'owner')
73     acl = _manager.get_acl(aclname)
74     acl.add_right(principal, right)
75
76 def delete_right(aclname, auth, principal, right):
77     global _manager
78
79     debug(None, 'owlacl.delete_right: %s %s %s\n' % (auth, principal, right))
80     check_authorized(aclname, auth, 'owner')
81     acl = _manager.get_acl(aclname)
82     acl.delete_right(principal, right)