Package SPyRO :: Module policies
[hide private]
[frames] | no frames]

Module policies

source code


This module implements a set of predefined sharing policies in SPyRO
The policies are very important in order to keep safe your servers.

Sharing Policies specifies what kind of clients must be allowed to connect
and what resources are capable of use in SPyRO servers and objects.

Policies exists at object granularity and attribute object granularity.
Every client that request objects operations and execution of methods
are granted with the authorization of a guardian object called Authority
that must implements the following methods:

    @every method receives one dictionary (req, the spyro request) with the following keys:
        |objname| The object name (ID in the server)
        |attrname| The name of the requested attribute
        |rettype| The type to return or send objects (REF to send by reference or VAL to send by value)
        |reqtype| The type of the request. It can be ReqBye (BYE), ReqGetAttr (GET),
                  ReqSetAttr (SET), ReqCallMethod (CALL), (ReqDelObj) DEL
        |obj| The requested object (if any), not available to can_follow_objname
        Additionally it could have any of the following keys (if the reqtype applies):
            |local_server| The server of the remote caller (If )
            |value| in the SET reqtype
            In the CALL request:
                |args|. Positional arguments
                |kwargs|. Keyword arguments
            And optionally:
                |extra| Used to send data between calls (as user level routing info)
    
    def can_set(self, req):
        Return True if |auth| is granted to perform a set operation in
        the guarded object (i.e. obj.x = y), False otherwise. 

    def can_get(self, req):
        Return True if |auth| is granted to perform a get operation in
        the guarded object (i.e. obj.x), False otherwise. 

    def can_del(self, req):
        ** TODO & Warning:
            this method must (and will) be renamed to can_unregister and
            and del must be used as del attribute **
        Return True if |auth| is granted to unregister the guarded object.


    def can_call(self, req):
        Return True if |auth| is granted to perform a call in a method
        of the guarded object (i.e. obj.meth()).
        Note that is necesary return True in can_get to use transparent
        mode in SPyRO. In transluced mode is not necesary.

    def can_follow_objname(self, req):
        Return True if |auth| is granted to access using the dot operator
        in the method or attribute name to access attributes of attributes
        (i.e. obj.attr1.attr2[...])

    def can_register(self, req):
        Return True if |auth| is granted to register new objects in server,
        is needed to return objects by reference.


Note: A bunch of predefined authorities are provided in this module, but if
a more specific Authority is needed it must be implemented


Note: auth key can be None, because is the default (no authorization provided from the client side)
      The meaning of None and the effect is responsability of the Authority implementation
Note: If the Policy is None (at server side) all properties are granted, this is the default.



Classes [hide private]
  AuthError
Authentication Error
  MixinCheckDB
Mixin to check against username-password pairs (dictionary like object)
  MixinPublicAuth
  MixinDenyUnderscore
Mixin to deny every attribute starting with underscore '_' character
  MixinDenyAll
Mixin that deny all options, it must be taken as parent class
  MixinAllowAllChecking
Mixin that allows all options, useful as parent class
  MixinAllowCall
Allow call methods, the methods must not start with '_' underscore.
  PublicAllowCall
Allow call methods that does not start with underscore
  PublicAllowAllCall
Allow all call request (even private methods aka.
  PublicAllowAll
Allow all operations
  PublicAllowAllButDenyUnderscore
Allow all operations, but deny attrname starting with underscore '_'
  AuthAllowCall
Allow call methods that does not start with underscore Every request must be qualified by the MixinCheckDB _auth method
  AuthAllowAllCall
Allow all call request (even starting '_') Every request must be qualified by the MixinCheckDB _auth method
  AuthAllowAll
Allow all operations Every request must be qualified by the MixinCheckDB _auth method
  AuthAllowAllButDenyUnderscore
Allow all operations, but deny attrname starting with underscore '_'.
Functions [hide private]
 
_set_booleans() source code
Variables [hide private]
  __doc__ = ...
  warn = warn.Warn("SPyRO.policies")
Variables Details [hide private]

__doc__

Value:
"""
This module implements a set of predefined sharing policies in SPyRO
The policies are very important in order to keep safe your servers.

Sharing Policies specifies what kind of clients must be allowed to con\
nect
and what resources are capable of use in SPyRO servers and objects.

...