Trees | Indices | Help |
---|
|
This module implements a set of predefined sharing policies in SPyRO The policies are very important in order to keep safe your servers. Sharing Policies specifies what kind of clients must be allowed to connect and what resources are capable of use in SPyRO servers and objects. Policies exists at object granularity and attribute object granularity. Every client that request objects operations and execution of methods are granted with the authorization of a guardian object called Authority that must implements the following methods: @every method receives one dictionary (req, the spyro request) with the following keys: |objname| The object name (ID in the server) |attrname| The name of the requested attribute |rettype| The type to return or send objects (REF to send by reference or VAL to send by value) |reqtype| The type of the request. It can be ReqBye (BYE), ReqGetAttr (GET), ReqSetAttr (SET), ReqCallMethod (CALL), (ReqDelObj) DEL |obj| The requested object (if any), not available to can_follow_objname Additionally it could have any of the following keys (if the reqtype applies): |local_server| The server of the remote caller (If ) |value| in the SET reqtype In the CALL request: |args|. Positional arguments |kwargs|. Keyword arguments And optionally: |extra| Used to send data between calls (as user level routing info) def can_set(self, req): Return True if |auth| is granted to perform a set operation in the guarded object (i.e. obj.x = y), False otherwise. def can_get(self, req): Return True if |auth| is granted to perform a get operation in the guarded object (i.e. obj.x), False otherwise. def can_del(self, req): ** TODO & Warning: this method must (and will) be renamed to can_unregister and and del must be used as del attribute ** Return True if |auth| is granted to unregister the guarded object. def can_call(self, req): Return True if |auth| is granted to perform a call in a method of the guarded object (i.e. obj.meth()). Note that is necesary return True in can_get to use transparent mode in SPyRO. In transluced mode is not necesary. def can_follow_objname(self, req): Return True if |auth| is granted to access using the dot operator in the method or attribute name to access attributes of attributes (i.e. obj.attr1.attr2[...]) def can_register(self, req): Return True if |auth| is granted to register new objects in server, is needed to return objects by reference. Note: A bunch of predefined authorities are provided in this module, but if a more specific Authority is needed it must be implemented Note: auth key can be None, because is the default (no authorization provided from the client side) The meaning of None and the effect is responsability of the Authority implementation Note: If the Policy is None (at server side) all properties are granted, this is the default.
|
|||
AuthError Authentication Error |
|||
MixinCheckDB Mixin to check against username-password pairs (dictionary like object) |
|||
MixinPublicAuth | |||
MixinDenyUnderscore Mixin to deny every attribute starting with underscore '_' character |
|||
MixinDenyAll Mixin that deny all options, it must be taken as parent class |
|||
MixinAllowAllChecking Mixin that allows all options, useful as parent class |
|||
MixinAllowCall Allow call methods, the methods must not start with '_' underscore. |
|||
PublicAllowCall Allow call methods that does not start with underscore |
|||
PublicAllowAllCall Allow all call request (even private methods aka. |
|||
PublicAllowAll Allow all operations |
|||
PublicAllowAllButDenyUnderscore Allow all operations, but deny attrname starting with underscore '_' |
|||
AuthAllowCall Allow call methods that does not start with underscore Every request must be qualified by the MixinCheckDB _auth method |
|||
AuthAllowAllCall Allow all call request (even starting '_') Every request must be qualified by the MixinCheckDB _auth method |
|||
AuthAllowAll Allow all operations Every request must be qualified by the MixinCheckDB _auth method |
|||
AuthAllowAllButDenyUnderscore Allow all operations, but deny attrname starting with underscore '_'. |
|
|||
|
|
|||
__doc__ =
|
|||
warn = warn.Warn("SPyRO.policies")
|
|
__doc__
|
Trees | Indices | Help |
---|
Generated by Epydoc 3.0beta1 on Thu Jan 31 08:15:46 2008 | http://epydoc.sourceforge.net |