1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-25 18:54:29 +01:00

better comments and slight improvement in perf

This commit is contained in:
kakwa 2015-05-16 19:57:26 +02:00
parent 19f98aa664
commit 17499c82ae

View File

@ -35,6 +35,7 @@ class Roles:
raise DumplicateRoleKey(e.key) raise DumplicateRoleKey(e.key)
stream.close() stream.close()
self.roles = {} self.roles = {}
self.admin_roles = []
self._nest() self._nest()
def _is_parent(self, roleid1, roleid2): def _is_parent(self, roleid1, roleid2):
@ -81,6 +82,9 @@ class Roles:
for backend in role['backends']: for backend in role['backends']:
self.backends.add(backend) self.backends.add(backend)
#if 'LC_admins' in role and role['LC_admins']:
# self.admin_roles.append(roleid)
# Create the nested groups # Create the nested groups
for roleid in self.roles_raw: for roleid in self.roles_raw:
role = self.roles_raw[roleid] role = self.roles_raw[roleid]
@ -117,9 +121,16 @@ class Roles:
return yaml.dump(self.roles, Dumper=CustomDumper) return yaml.dump(self.roles, Dumper=CustomDumper)
def _check_member(self, role, groups, notroles, roles, parentroles, usedgroups): def _check_member(self, role, groups, notroles, roles, parentroles, usedgroups):
# if we have already calculate user is not member of role
# return False
if role in notroles: if role in notroles:
return False return False
# if we have already calculate that user is already member, skip
# role membership calculation
# (parentroles is a list of roles that the user is member of by
# being member of one of their subroles)
if not (role in parentroles or role in roles): if not (role in parentroles or role in roles):
for b in self.roles[role]['backends']: for b in self.roles[role]['backends']:
for g in self.roles[role]['backends'][b]['groups']: for g in self.roles[role]['backends'][b]['groups']:
@ -130,22 +141,26 @@ class Roles:
notroles.add(role) notroles.add(role)
return False return False
# add groups of the role to usedgroups
for b in self.roles[role]['backends']: for b in self.roles[role]['backends']:
if not b in usedgroups: if not b in usedgroups:
usedgroups[b] = Set([]) usedgroups[b] = Set([])
for g in self.roles[role]['backends'][b]['groups']: for g in self.roles[role]['backends'][b]['groups']:
usedgroups[b].add(g) usedgroups[b].add(g)
flag = True flag = True
# recursively determine if user is member of any subrole
for subrole in self.roles[role]['subroles']: for subrole in self.roles[role]['subroles']:
flag = flag and not self._check_member(subrole, groups, notroles, roles, parentroles, usedgroups) flag = flag and not self._check_member(subrole, groups, notroles, roles, parentroles, usedgroups)
# if not, add role to the list of roles
if flag: if flag:
roles.add(role) roles.add(role)
# else remove it from the list of roles and add
# it to the list of parentroles
else: else:
if role in roles: if role in roles:
roles.remove(role) roles.remove(role)
parentroles.add(role) parentroles.add(role)
return True return True
def get_roles(self, groups): def get_roles(self, groups):
@ -156,8 +171,10 @@ class Roles:
usedgroups = {} usedgroups = {}
unusedgroups = {} unusedgroups = {}
ret = {} ret = {}
# determine roles membership
for role in self.roles: for role in self.roles:
self._check_member(role, groups, notroles, roles, parentroles, usedgroups) self._check_member(role, groups, notroles, roles, parentroles, usedgroups)
# determine standalone groups not matching any roles
for b in groups: for b in groups:
for g in groups[b]: for g in groups[b]:
if not b in usedgroups or not g in usedgroups[b]: if not b in usedgroups or not g in usedgroups[b]: