mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 10:44:30 +01:00
implementing roles resolution from list of groups
This commit is contained in:
parent
7524a189fe
commit
3889a441a3
@ -38,11 +38,14 @@ class Roles:
|
||||
self._nest()
|
||||
|
||||
def _is_parent(self, roleid1, roleid2):
|
||||
"""Test if roleid1 is contained inside roleid2"""
|
||||
|
||||
role2 = self.roles_raw[roleid2]
|
||||
role1 = self.roles_raw[roleid1]
|
||||
|
||||
if role1 == role2:
|
||||
return False
|
||||
|
||||
# Check if role1 is contained by role2
|
||||
for b1 in role1['backends']:
|
||||
if not b1 in role2['backends']:
|
||||
@ -50,6 +53,8 @@ class Roles:
|
||||
for group in role1['backends'][b1]['groups']:
|
||||
if not group in role2['backends'][b1]['groups']:
|
||||
return False
|
||||
|
||||
# If role2 is inside role1, roles are equal, throw exception
|
||||
for b2 in role2['backends']:
|
||||
if not b2 in role1['backends']:
|
||||
return True
|
||||
@ -108,12 +113,60 @@ class Roles:
|
||||
self.roles[p] = nest(p)
|
||||
|
||||
def dump_nest(self):
|
||||
"""write the nested role hierarchy to a file"""
|
||||
"""dump the nested role hierarchy"""
|
||||
return yaml.dump(self.roles, Dumper=CustomDumper)
|
||||
|
||||
def _check_member(role, groups, notroles, roles, parentroles, usedgroups):
|
||||
if role in notroles:
|
||||
return False
|
||||
|
||||
if not (role in parentroles or role in roles):
|
||||
for b in self.roles[role]['backends']:
|
||||
for g in self.roles[role]['backends'][b]['groups']:
|
||||
if b not in groups:
|
||||
notroles.add(role)
|
||||
return False
|
||||
if not g in groups[b]:
|
||||
notroles.add(role)
|
||||
return False
|
||||
|
||||
for b in self.roles[role]['backends']:
|
||||
if not b in usedgroups:
|
||||
usedgroups[b] = Set([])
|
||||
|
||||
for g in self.roles[role]['backends'][b]['groups']:
|
||||
usedgroups[b].add(g)
|
||||
|
||||
flag = True
|
||||
for subrole in self.roles[role]['subroles']:
|
||||
flag = flag and not self._check_member(subrole, groups, notroles, roles, parentroles, usedgroups)
|
||||
if flag:
|
||||
roles.add(role)
|
||||
else:
|
||||
if role in roles:
|
||||
roles.remove(role)
|
||||
parentroles.add(role)
|
||||
return True
|
||||
|
||||
def get_roles(self, groups):
|
||||
"""get list of roles and list of standalone groups"""
|
||||
pass
|
||||
roles = Set([])
|
||||
parentroles = Set([])
|
||||
notroles = Set([])
|
||||
usedgroups = {}
|
||||
unusedgroups = {}
|
||||
ret = {}
|
||||
for r in self.roles:
|
||||
self._check_member(role, groups, notroles, roles, parentroles, usedgroups)
|
||||
for b in groups:
|
||||
for g in groups[b]:
|
||||
if not b in usedgroups or not g in usedgroups[b]:
|
||||
if b not in unusedgroups:
|
||||
unusedgroups[b] = Set([])
|
||||
unusedgroups[b].add(g)
|
||||
ret['roles'] = roles
|
||||
ret['unusedgroups'] = unusedgroups
|
||||
return ret
|
||||
|
||||
def get_groups(self, roles):
|
||||
"""get the list of groups from roles"""
|
||||
|
Loading…
Reference in New Issue
Block a user