pyutils.security package
========================
-Right now this package only contains an implementation that allows you to
-define and evaluate Access Control Lists (ACLs) easily. For example::
-
- even = acl.SetBasedACL(
- allow_set=set([2, 4, 6, 8, 10]),
- deny_set=set([1, 3, 5, 7, 9]),
- order_to_check_allow_deny=acl.Order.ALLOW_DENY,
- default_answer=False,
- )
- self.assertTrue(even(2))
- self.assertFalse(even(3))
- self.assertFalse(even(-4))
-
-ACLs can also be defined based on other criteria, for example::
-
- a_or_b = acl.StringWildcardBasedACL(
- allowed_patterns=['a*', 'b*'],
- order_to_check_allow_deny=acl.Order.ALLOW_DENY,
- default_answer=False,
- )
- self.assertTrue(a_or_b('aardvark'))
- self.assertTrue(a_or_b('baboon'))
- self.assertFalse(a_or_b('cheetah'))
-
-Or::
-
- weird = acl.StringREBasedACL(
- denied_regexs=[re.compile('^a.*a$'), re.compile('^b.*b$')],
- order_to_check_allow_deny=acl.Order.DENY_ALLOW,
- default_answer=True,
- )
- self.assertTrue(weird('aardvark'))
- self.assertFalse(weird('anaconda'))
- self.assertFalse(weird('blackneb'))
- self.assertTrue(weird('crow'))
-
-There are implementations for wildcards, sets, regular expressions,
-allow lists, deny lists, sequences of user defined predicates, etc...
-You can also just subclass the base :class:`SimpleACL` interface to
-define your own ACLs easily. Its __call__ method simply needs to
-decide whether an item is allowed or denied.
-
-Once a :class:`SimpleACL` is defined, it can be used in :class:`CompoundACLs`::
-
- a_b_c = acl.StringWildcardBasedACL(
- allowed_patterns=['a*', 'b*', 'c*'],
- order_to_check_allow_deny=acl.Order.ALLOW_DENY,
- default_answer=False,
- )
- c_d_e = acl.StringWildcardBasedACL(
- allowed_patterns=['c*', 'd*', 'e*'],
- order_to_check_allow_deny=acl.Order.ALLOW_DENY,
- default_answer=False,
- )
- conjunction = acl.AllCompoundACL(
- subacls=[a_b_c, c_d_e],
- order_to_check_allow_deny=acl.Order.ALLOW_DENY,
- default_answer=False,
- )
- self.assertFalse(conjunction('aardvark'))
- self.assertTrue(conjunction('caribou'))
- self.assertTrue(conjunction('condor'))
- self.assertFalse(conjunction('eagle'))
- self.assertFalse(conjunction('newt'))
-
-a :class:`CompoundACL` can also be used inside another :class:`CompoundACL`
-so this should be a flexible framework when defining complex access control
-requirements:
-
-There are two flavors of :class:`CompoundACLs`:
-:class:`AllCompoundACL` and :class:`AnyCompoundAcl`. The former only
-admits an item if all of its sub-acls admit it and the latter will
-admit an item if any of its sub-acls admit it.:
-
-
Submodules
----------