You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

107 lines
3.2 KiB

  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. from keycloak.exceptions import KeycloakAuthorizationConfigError
  18. class Policy:
  19. """
  20. A policy defines the conditions that must be satisfied to grant access to an object.
  21. Unlike permissions, you do not specify the object being protected but rather the conditions
  22. that must be satisfied for access to a given object (for example, resource, scope, or both).
  23. Policies are strongly related to the different access control mechanisms (ACMs) that you can use to
  24. protect your resources. With policies, you can implement strategies for attribute-based access control
  25. (ABAC), role-based access control (RBAC), context-based access control, or any combination of these.
  26. https://keycloak.gitbooks.io/documentation/authorization_services/topics/policy/overview.html
  27. """
  28. def __init__(self, name, type, logic, decision_strategy):
  29. self._name = name
  30. self._type = type
  31. self._logic = logic
  32. self._decision_strategy = decision_strategy
  33. self._roles = []
  34. self._permissions = []
  35. def __repr__(self):
  36. return "<Policy: %s (%s)>" % (self.name, self.type)
  37. def __str__(self):
  38. return "Policy: %s (%s)" % (self.name, self.type)
  39. @property
  40. def name(self):
  41. return self._name
  42. @name.setter
  43. def name(self, value):
  44. self._name = value
  45. @property
  46. def type(self):
  47. return self._type
  48. @type.setter
  49. def type(self, value):
  50. self._type = value
  51. @property
  52. def logic(self):
  53. return self._logic
  54. @logic.setter
  55. def logic(self, value):
  56. self._logic = value
  57. @property
  58. def decision_strategy(self):
  59. return self._decision_strategy
  60. @decision_strategy.setter
  61. def decision_strategy(self, value):
  62. self._decision_strategy = value
  63. @property
  64. def roles(self):
  65. return self._roles
  66. @property
  67. def permissions(self):
  68. return self._permissions
  69. def add_role(self, role):
  70. """
  71. Add keycloak role in policy.
  72. :param role: keycloak role.
  73. :return:
  74. """
  75. if self.type != 'role':
  76. raise KeycloakAuthorizationConfigError(
  77. "Can't add role. Policy type is different of role")
  78. self._roles.append(role)
  79. def add_permission(self, permission):
  80. """
  81. Add keycloak permission in policy.
  82. :param permission: keycloak permission.
  83. :return:
  84. """
  85. self._permissions.append(permission)