Home       Trees       Index       Help   

Access Grid Toolkit

Package AccessGrid :: Package Security :: Module AuthorizationManager :: Class AuthorizationManager
[show private | hide private]
[frames | no frames]

Class AuthorizationManager

The Authorization Manager class is the object that is added to objects that want to enable authorization. This provides the encapsulation of the authorization implementation.
Method Summary
  __init__(self)
The constructor, initializes itself.
  __str__(self)
This method converts the object to a string.
  _repr_(self)
This method converts the object to XML.
  AddAction(self, action)
Adds an action to this authorization manager.
  AddActions(self, actionList)
Add a list of actions, uses AddAction internally.
  AddRole(self, role, default)
Add a role to this authorization manager.
  AddRoles(self, roleList)
Add multiple roles to the authorization manager.
  AddRoleToAction(self, actionName, roleName)
Encapsulation method, outside callers should not have to interact with anything but an authorization manager.
  AddSubjectToRole(self, subjectName, roleName)
Encapsulation method, outside callers should not have to interact with anything but an authorization manager.
  ExportPolicy(self)
This method creates a string representation of the Authorization Policy this object implements.
  FindAction(self, name)
Find an action by name.
  FindRole(self, name)
Find a role in this authorization manager.
  GetActions(self, subject, role)
Get a list of actions, perhaps for a subject or a role.
  GetDefaultRoles(self)
Return the list of default roles for this authorization manager.
  GetParent(self)
Get the parent object.
  GetRoles(self, action)
Get the list of Roles, optionally the roles associated with an action.
  GetRolesForSubject(self, subject)
Get all the roles the specified subject is part of.
  GetSubjects(self, role)
Get the subjects known by this authorization manager, possibly for the specified role.
  ImportPolicy(self, policy)
This method takes a string that is an XML representation of an authorization policy.
  IsAuthorized(self, subject, action)
This is the real workhorse of authorization, checking to see if a given subject is authorized for a given action.
  RemoveAction(self, action)
Remove an action from this authorization manager.
  RemoveRole(self, role)
Remove a Role from this authorization manager.
  SetDefaultRoles(self, roles)
Set the default roles for this authorization manager.
  SetParent(self, authMgr)
Set the parent authorization manager of this authorization manager.
  SetRoles(self, action, roles)
Sets the roles for the specified action.
  SetSubjects(self, role, subjects)
Set the subjects for the specified role.
  ToXML(self)
We're going to try a new serialization process, using XML.

Method Details

__init__(self)
(Constructor)

The constructor, initializes itself.

__str__(self)
(Informal representation operator)

This method converts the object to a string.
Returns:
string

_repr_(self)

This method converts the object to XML.

AddAction(self, action)

Adds an action to this authorization manager.
Parameters:
action - the action to add
           (type=an AccessGrid.Security.Action object)
Raises:
ActionAlreadyPresent - if it's already part of this authorization manager.

AddActions(self, actionList)

Add a list of actions, uses AddAction internally.
Parameters:
actionList - a list of actions to add
           (type=a list of AccessGrid.Security.Action objects.)

AddRole(self, role, default=0)

Add a role to this authorization manager.
Parameters:
role - the role to add
           (type=AccessGrid.Security.Role object)
default - a flag indicating if the role is a default role
           (type=integer flag)
Returns:
nothing
Raises:
RoleAlreadyPresent - if the role is already known.

AddRoles(self, roleList)

Add multiple roles to the authorization manager. This calls AddRole for each role in the list.
Parameters:
roleList - the list of roles to add
           (type=list of AccessGrid.Security.Role objects.)
Returns:
nothing

AddRoleToAction(self, actionName, roleName)

Encapsulation method, outside callers should not have to interact with anything but an authorization manager. This method hides the details of adding roles to actions.

AddSubjectToRole(self, subjectName, roleName)

Encapsulation method, outside callers should not have to interact with anything but an authorization manager. This method hides the details of adding subjects to roles.

ExportPolicy(self)

This method creates a string representation of the Authorization Policy this object implements.
Returns:
a string (XML Formatted) representing the policy.

FindAction(self, name)

Find an action by name.
Parameters:
name - the name of the action to find
           (type=string)
Returns:
a matching AccessGrid.Security.Action object or None

FindRole(self, name)

Find a role in this authorization manager.
Parameters:
name - the name of the role to find
           (type=string)
Returns:
the AccessGrid.Security.Role object or None

GetActions(self, subject=None, role=None)

Get a list of actions, perhaps for a subject or a role.
Parameters:
subject - a subject to get the actions for
           (type=AccessGrid.Security.Subject)
role - a role to get actions for
           (type=AccessGrid.Security.Role)
Returns:
a list of AccessGrid.Security.Action objects

GetDefaultRoles(self)

Return the list of default roles for this authorization manager.
Returns:
list of AccessGrid.Security.Role objects.

GetParent(self)

Get the parent object.

The parent authorization manager is used to provide a hierarchy of authorization. Currently, there is only one level allowed, ie, every authorization manager can have a parent, but when traversed (looking for authorization information) the tree is only ascended one level.

GetRoles(self, action=None)

Get the list of Roles, optionally the roles associated with an action.
Parameters:
action - an Action to retrieve roles for
           (type=AccessGrid.Security.Action object.)
Returns:
list of AccessGrid.Security.Role objects

GetRolesForSubject(self, subject)

Get all the roles the specified subject is part of.
Parameters:
subject - the subject that the roles must contain
           (type=AccessGrid.Security.Subject)
Returns:
list of AccessGrid.Security.Role objects

GetSubjects(self, role=None)

Get the subjects known by this authorization manager, possibly for the specified role.
Parameters:
role - the role to retrieve subjects for
           (type=AccessGrid.Security.Role object)
Returns:
a list of AccessGrid.Security.Subject objects

ImportPolicy(self, policy)

This method takes a string that is an XML representation of an authorization policy. This policy is parsed and this object is configured to enforce the specified policy.
Parameters:
policy - the policy as a string
           (type=an XML formatted string)

IsAuthorized(self, subject, action)

This is the real workhorse of authorization, checking to see if a given subject is authorized for a given action.
Parameters:
subject - the subject we're curious about
           (type=an AccessGrid.Security.Subject)
action - the action to check the subject against.
           (type=an AccessGrid.Security.Action)
Returns:
0 if not authorized, 1 if authorized.

RemoveAction(self, action)

Remove an action from this authorization manager.
Parameters:
action - the action to remove
           (type=an AccessGrid.Security.Action object.)
Raises:
ActionNotFound - if the specified action is not found.

RemoveRole(self, role)

Remove a Role from this authorization manager.
Parameters:
role - the role to remove
           (type=AccessGrid.Security.Role object)
Returns:
nothing
Raises:
RoleNotFound - if the role isn't found

SetDefaultRoles(self, roles=[])

Set the default roles for this authorization manager.
Parameters:
roles - the list of roles that should be default
           (type=a list of AccessGrid.Security.Role objects)

SetParent(self, authMgr)

Set the parent authorization manager of this authorization manager.
Parameters:
authMgr - the parent authorization manager
           (type=AccessGrid.Security.AuthorizationManager object)

SetRoles(self, action, roles)

Sets the roles for the specified action.
Parameters:
action - the action to set roles for
           (type=AccessGrid.Security.Action object)
roles - the list of roles to set the action with
           (type=a list of AccessGrid.Security.Role objects)
Raises:
ActionNotFound - when the specified action is not found

SetSubjects(self, role, subjects)

Set the subjects for the specified role.
Parameters:
role - the role to set subjects for
           (type=AccessGrid.Security.Role object)
subjects - the list of subjects for the role
           (type=a list of AccessGrid.Security.Subject objects)
Raises:
RoleNotFound - when the specified role is not found

ToXML(self)

We're going to try a new serialization process, using XML. We create this by creating a document then serializing it.
Returns:
an XML formatted string

   Home       Trees       Index       Help   

Access Grid Toolkit

Generated by Epydoc 2.1 on Thu Apr 14 16:39:30 2005 http://epydoc.sf.net