You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

89 lines
3.2 KiB

7 years ago
  1. # -*- coding: utf-8 -*-
  2. #
  3. # Copyright (C) 2017 Marcos Pereira <marcospereira.mpj@gmail.com>
  4. #
  5. # This program is free software: you can redistribute it and/or modify
  6. # it under the terms of the GNU Lesser General Public License as published by
  7. # the Free Software Foundation, either version 3 of the License, or
  8. # (at your option) any later version.
  9. #
  10. # This program is distributed in the hope that it will be useful,
  11. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. # GNU Lesser General Public License for more details.
  14. #
  15. # You should have received a copy of the GNU Lesser General Public License
  16. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. import ast
  18. import json
  19. from .permission import Permission
  20. from .policy import Policy
  21. from .role import Role
  22. class Authorization:
  23. """
  24. Keycloak Authorization (policies, roles, scopes and resources).
  25. https://keycloak.gitbooks.io/documentation/authorization_services/index.html
  26. """
  27. def __init__(self):
  28. self._policies = {}
  29. @property
  30. def policies(self):
  31. return self._policies
  32. @policies.setter
  33. def policies(self, value):
  34. self._policies = value
  35. def load_config(self, data):
  36. """
  37. Load policies, roles and permissions (scope/resources).
  38. :param data: keycloak authorization data (dict)
  39. :return:
  40. """
  41. for pol in data['policies']:
  42. if pol['type'] == 'role':
  43. policy = Policy(name=pol['name'],
  44. type=pol['type'],
  45. logic=pol['logic'],
  46. decision_strategy=pol['decisionStrategy'])
  47. config_roles = json.loads(pol['config']['roles'])
  48. for role in config_roles:
  49. policy.add_role(Role(name=role['id'],
  50. required=role['required']))
  51. self.policies[policy.name] = policy
  52. if pol['type'] == 'scope':
  53. permission = Permission(name=pol['name'],
  54. type=pol['type'],
  55. logic=pol['logic'],
  56. decision_strategy=pol['decisionStrategy'])
  57. permission.scopes = ast.literal_eval(pol['config']['scopes'])
  58. for policy_name in ast.literal_eval(pol['config']['applyPolicies']):
  59. self.policies[policy_name].add_permission(permission)
  60. if pol['type'] == 'resource':
  61. from pprint import pprint
  62. permission = Permission(name=pol['name'],
  63. type=pol['type'],
  64. logic=pol['logic'],
  65. decision_strategy=pol['decisionStrategy'])
  66. permission.resources = ast.literal_eval(pol['config'].get('resources', "[]"))
  67. for policy_name in ast.literal_eval(pol['config']['applyPolicies']):
  68. if self.policies.get(policy_name) is not None:
  69. self.policies[policy_name].add_permission(permission)