implementing nesting roles

2025-07-04 12:27:47 +02:00 · 2015-05-15 01:03:31 +02:00 · 2015-05-15 01:03:31 +02:00 · 7524a189fe
commit 7524a189fe
parent d74893d104
11 changed files with 295 additions and 163 deletions
--- a/ldapcherry/roles.py
+++ b/ldapcherry/roles.py
@ -12,7 +12,13 @@ from sets import Set
 from ldapcherry.pyyamlwrapper import loadNoDump
 from ldapcherry.pyyamlwrapper import DumplicatedKey
 from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile
+import yaml

+class CustomDumper(yaml.SafeDumper):
+    "A custom YAML dumper that never emits aliases"
+
+    def ignore_aliases(self, _data):
+        return True

 class Roles:

@ -28,10 +34,33 @@ class Roles:
        except DumplicatedKey as e:
            raise DumplicateRoleKey(e.key)
        stream.close()
+        self.roles = {}
        self._nest()

+    def _is_parent(self, roleid1, roleid2):
+        role2 = self.roles_raw[roleid2]
+        role1 = self.roles_raw[roleid1]
+
+        if role1 == role2:
+            return False
+        # Check if role1 is contained by role2
+        for b1 in role1['backends']:
+            if not b1 in role2['backends']:
+                return False
+            for group in role1['backends'][b1]['groups']:
+                if not group in role2['backends'][b1]['groups']:
+                    return False
+        for b2 in role2['backends']:
+            if not b2 in role1['backends']:
+                return True
+            for group in role2['backends'][b2]['groups']:
+                if not group in role1['backends'][b2]['groups']:
+                    return True
+        raise DumplicateRoleContent(roleid1, roleid2)
+
    def _nest(self):
        """nests the roles (creates roles hierarchy)"""
+        parents = {} 
        for roleid in self.roles_raw:
            role = self.roles_raw[roleid]

@ -45,16 +74,42 @@ class Roles:

            # Create the list of backends
            for backend in role['backends']:
-                self.backends.add(backend['name'])
+                self.backends.add(backend)

            # Create the nested groups
+        for roleid in self.roles_raw:
+            role = self.roles_raw[roleid]
+
+            parents[roleid]=[]
            for roleid2 in self.roles_raw:
                role2 = self.roles_raw[roleid2]
-        self.roles = self.roles_raw
+                if self._is_parent(roleid, roleid2):
+                    parents[roleid].append(roleid2)

-    def write(self, out_file):
+        for r in parents:
+            for p in parents[r]:
+                for p2 in parents[r]:
+                    if p != p2 and p in parents[p2]:
+                        parents[r].remove(p)
+
+        def nest(p):
+            ret = self.roles_raw[p]
+            ret['subroles'] = {}
+            if len(parents[p]) == 0:
+                return ret
+            else:
+                for i in parents[p]: 
+                    sub = nest(i)
+                    ret['subroles'][i] = sub
+                return ret
+
+        for p in parents.keys():
+            if p in parents:
+                self.roles[p] = nest(p)
+
+    def dump_nest(self):
        """write the nested role hierarchy to a file"""
-        pass
+        return yaml.dump(self.roles, Dumper=CustomDumper)

    def get_roles(self, groups):
        """get list of roles and list of standalone groups"""