auth/__init__.py

1. """
2. addons/source-python/_libs/auth/__init__.py
3.  
4. GENERAL INFO
5.  
6. This module is intended to be the glue between auth providers and auth
7. customers. This means it will turn specific authentification (auth provider
8. part) into a streamlined auth model (this api) so user-created scripts have a
9. common interface for querying access.
10.  
11. The corressponding discussion thread can be found here:
12. http://www.sourcepython.com/forums/showthread.php?46-Auth-API&p=254#post254
13.  
14. HOW PERMISSIONS/FLAGS/GROUPS ARE SUPPOSED TO WORK
15.  
16. Generally, permissions are all positive, as long the user gets access
17. somewhere from any auth provider, the permission is granted. The same
18. is true for groups and flags.
19.  
20. However, if any auth provider puts a deny permission on, the user will
21. have his permissions or group denied regardless whether anywhere else
22. this setting is granted.
23.  
24. ABOUT DEFAULTS
25.  
26. I define a few groups by default. Some of them behave in a special way:
27.  
28. root       - this flag and group equals 'all permissions'
29. admin      - just the default admin flag & group
30. restricted - all permissions / flags denied
31.  
32.  
33. API USAGE - AUTH PROVIDERS
34.  
35. TODO
36.  
37.  
38. API USAGE - AUTH CONSUMERS
39.  
40. TODO
41.  
42.  
43. API TODO:
44.  
45. Search for TODO -> minor changes
46. """
47.  
48. # =============================================================================
49. # >> IMPORTS
50. # =============================================================================
51. # Python Imports
52.  
53. # =====================
54. # Source Python Imports
55.  
56. # =====================
57. # Auth imports
58. from auth.provider import _auth_providers
59. from auth.consumer import _cache
60.  
61. # =============================================================================
62. # >> INTERNAL (PRIVATE) CLASSES
63. # =============================================================================
64.  
65. class _Flags(dict):
66.     def __missing__(self, key):
67.         f = Flag(key)
68.         self[key] = f
69.        
70.         # By default this flag is also added to the deny everything group
71.         group['restricted'].dflags.append(f)
72.        
73.         return f
74.        
75. class _Groups(dict):
76.     def __missing__(self, key):
77.         self[key] = Group(key)
78.         return self[key]
79.  
80. class _Permissions(dict):
81.     def __missing__(self, key):
82.         p = Permission(key)
83.         self[key] = p
84.        
85.         # This permission is new, so it get's added automatically to the deny
86.         # everything group as well as the flag
87.         flag['restricted'].dpermissions.append(p)
88.         group['restricted'].dpermissions.append(p)
89.        
90.         return p
91.  
92. # =============================================================================
93. # >> EXTERNAL (PUBLIC) CLASSES
94. # =============================================================================
95.  
96. class Permission(object):
97.     """
98.    The Permission Class.
99.    
100.    The purpose of this class is to present an authenficication object for
101.    a single permission. It does not include any inherited information, only
102.    information specific to the permission.
103.    
104.    Attributes:
105.    name   - Name of the permission
106.    flags  - List of flag objects
107.    dflags - List of denied flag objects
108.    groups - List of groups
109.    """
110.     def __init__(self, name):
111.         self.name = name
112.         self.flags = []
113.         self.dflags = []
114.         self.groups = []
115.  
116.  
117. class Flag(object):
118.     """
119.    The Flag Class.
120.    
121.    The purpose of this class is to present an authenficication object for
122.    a single flag. It does not include any inherited information, only
123.    information specific to the flag.
124.    
125.    Attributes:
126.    name         - Name of the flags
127.    permissions  - List of permissions
128.    dpermissions - List of denied permissions
129.    """
130.     def __init__(self, name):
131.         self.name = name
132.         self.permissions = []
133.         self.dpermissions = []
134.  
135. class Group(object):
136.     """
137.    The Group Class.
138.    
139.    The purpsoe of this class is to present an authenficication object for
140.    a single group. It does not include any inherited information, only
141.    information specific to the group.
142.    
143.    Attributes:
144.    name         - Name of the permission
145.    flags        - List of flag objects
146.    dflags       - List of denied flag objects
147.    permissions  - List of permissions
148.    dpermissions - List of denied permissions
149.    immunity     - Immunity level granted by this group
150.    """
151.     def __init__(self, name):
152.         self.name = name
153.         self.flags = []
154.         self.dflags = []
155.         self.permissions = []
156.         self.dpermissions = []
157.         self.immunity = 100
158.  
159. class Player(object):
160.     """
161.    The Player Class.
162.    
163.    The purpsoe of this class is to present an authenficication object for
164.    a single player. It does not include any inherited information, only
165.    information specific to the player.
166.    
167.    Attributes:
168.    flags        - List of flag objects
169.    dflags       - List of denied flag objects
170.    permissions  - List of permissions
171.    dpermissions - List of denied permissions
172.    groups       - List of groups
173.    immunity     - Immunity level
174.    """
175.     def __init__(self):        
176.         self.flags = []
177.         self.dflags = []
178.         self.permissions = []
179.         self.dpermissions = []
180.         self.groups = []
181.         self.immunity = 100
182.        
183.  
184. class PlayerCached(Player):
185.     """
186.    The PlayerCached Class.
187.    
188.    This class inherits from Player, as such, all the Player attributes are
189.    available. In addition, the following may be used:
190.    
191.    Attributes:
192.    cflags       - List of combined flags (denied flags removed)
193.    cpermissions - List of combined permissions (denied permissions removed)
194.    """
195.     def __init__(self):
196.         super(Player, self).__init__()
197.         # Combined flags & permissions
198.         self.cflags = []
199.         self.cpermissions = []
200.  
201. # =============================================================================
202. # >> FUNCTIONS
203. # =============================================================================
204.  
205. def Refresh():
206.     for auth_provider in _auth_providers:
207.         auth_provider.Refresh()
208.     _cache._Rebuild()
209.        
210. # =============================================================================
211. # >> INITIALIZE / STARTUP STUFF
212. # =============================================================================
213.  
214. flags = _Flags()
215. permissions = _Permissions()
216. groups = _Groups()
217.  
218. # Call these once so they get added (also in that order because of dependencies)
219. groups['restricted']
220. flags['restricted']
221. # Manually add the root flags
222. groups['admin'].flags.append(flags['admin'])
223. groups['root'].flags.append(flags['root'])