X-Git-Url: https://wannabe.guru.org/gitweb/?a=blobdiff_plain;f=acl.py;fp=acl.py;h=adec643d56bfd085f4ef5c30485bfa09d857d77b;hb=36fea7f15ed17150691b5b3ead75450e575229ef;hp=2b347673af1b14dbb144ca9179d115a5eba642b0;hpb=a0c6b6c28214e0f5167bc25690ada5d83d933086;p=python_utils.git diff --git a/acl.py b/acl.py index 2b34767..adec643 100644 --- a/acl.py +++ b/acl.py @@ -19,6 +19,7 @@ class Order(enum.Enum): """A helper to express the order of evaluation for allows/denies in an Access Control List. """ + UNDEFINED = 0 ALLOW_DENY = 1 DENY_ALLOW = 2 @@ -28,17 +29,16 @@ class SimpleACL(ABC): """A simple Access Control List interface.""" def __init__( - self, - *, - order_to_check_allow_deny: Order, - default_answer: bool + self, *, order_to_check_allow_deny: Order, default_answer: bool ): if order_to_check_allow_deny not in ( - Order.ALLOW_DENY, Order.DENY_ALLOW + Order.ALLOW_DENY, + Order.DENY_ALLOW, ): raise Exception( - 'order_to_check_allow_deny must be Order.ALLOW_DENY or ' + - 'Order.DENY_ALLOW') + 'order_to_check_allow_deny must be Order.ALLOW_DENY or ' + + 'Order.DENY_ALLOW' + ) self.order_to_check_allow_deny = order_to_check_allow_deny self.default_answer = default_answer @@ -64,8 +64,8 @@ class SimpleACL(ABC): return True logger.debug( - f'{x} was not explicitly allowed or denied; ' + - f'using default answer ({self.default_answer})' + f'{x} was not explicitly allowed or denied; ' + + f'using default answer ({self.default_answer})' ) return self.default_answer @@ -82,15 +82,18 @@ class SimpleACL(ABC): class SetBasedACL(SimpleACL): """An ACL that allows or denies based on membership in a set.""" - def __init__(self, - *, - allow_set: Optional[Set[Any]] = None, - deny_set: Optional[Set[Any]] = None, - order_to_check_allow_deny: Order, - default_answer: bool) -> None: + + def __init__( + self, + *, + allow_set: Optional[Set[Any]] = None, + deny_set: Optional[Set[Any]] = None, + order_to_check_allow_deny: Order, + default_answer: bool, + ) -> None: super().__init__( order_to_check_allow_deny=order_to_check_allow_deny, - default_answer=default_answer + default_answer=default_answer, ) self.allow_set = allow_set self.deny_set = deny_set @@ -112,52 +115,55 @@ class AllowListACL(SetBasedACL): """Convenience subclass for a list that only allows known items. i.e. a 'allowlist' """ - def __init__(self, - *, - allow_set: Optional[Set[Any]]) -> None: + + def __init__(self, *, allow_set: Optional[Set[Any]]) -> None: super().__init__( - allow_set = allow_set, - order_to_check_allow_deny = Order.ALLOW_DENY, - default_answer = False) + allow_set=allow_set, + order_to_check_allow_deny=Order.ALLOW_DENY, + default_answer=False, + ) class DenyListACL(SetBasedACL): """Convenience subclass for a list that only disallows known items. i.e. a 'blocklist' """ - def __init__(self, - *, - deny_set: Optional[Set[Any]]) -> None: + + def __init__(self, *, deny_set: Optional[Set[Any]]) -> None: super().__init__( - deny_set = deny_set, - order_to_check_allow_deny = Order.ALLOW_DENY, - default_answer = True) + deny_set=deny_set, + order_to_check_allow_deny=Order.ALLOW_DENY, + default_answer=True, + ) class BlockListACL(SetBasedACL): """Convenience subclass for a list that only disallows known items. i.e. a 'blocklist' """ - def __init__(self, - *, - deny_set: Optional[Set[Any]]) -> None: + + def __init__(self, *, deny_set: Optional[Set[Any]]) -> None: super().__init__( - deny_set = deny_set, - order_to_check_allow_deny = Order.ALLOW_DENY, - default_answer = True) + deny_set=deny_set, + order_to_check_allow_deny=Order.ALLOW_DENY, + default_answer=True, + ) class PredicateListBasedACL(SimpleACL): """An ACL that allows or denies by applying predicates.""" - def __init__(self, - *, - allow_predicate_list: Sequence[Callable[[Any], bool]] = None, - deny_predicate_list: Sequence[Callable[[Any], bool]] = None, - order_to_check_allow_deny: Order, - default_answer: bool) -> None: + + def __init__( + self, + *, + allow_predicate_list: Sequence[Callable[[Any], bool]] = None, + deny_predicate_list: Sequence[Callable[[Any], bool]] = None, + order_to_check_allow_deny: Order, + default_answer: bool, + ) -> None: super().__init__( order_to_check_allow_deny=order_to_check_allow_deny, - default_answer=default_answer + default_answer=default_answer, ) self.allow_predicate_list = allow_predicate_list self.deny_predicate_list = deny_predicate_list @@ -177,12 +183,15 @@ class PredicateListBasedACL(SimpleACL): class StringWildcardBasedACL(PredicateListBasedACL): """An ACL that allows or denies based on string glob (*, ?) patterns.""" - def __init__(self, - *, - allowed_patterns: Optional[List[str]] = None, - denied_patterns: Optional[List[str]] = None, - order_to_check_allow_deny: Order, - default_answer: bool) -> None: + + def __init__( + self, + *, + allowed_patterns: Optional[List[str]] = None, + denied_patterns: Optional[List[str]] = None, + order_to_check_allow_deny: Order, + default_answer: bool, + ) -> None: allow_predicates = [] if allowed_patterns is not None: for pattern in allowed_patterns: @@ -207,12 +216,15 @@ class StringWildcardBasedACL(PredicateListBasedACL): class StringREBasedACL(PredicateListBasedACL): """An ACL that allows or denies by applying regexps.""" - def __init__(self, - *, - allowed_regexs: Optional[List[re.Pattern]] = None, - denied_regexs: Optional[List[re.Pattern]] = None, - order_to_check_allow_deny: Order, - default_answer: bool) -> None: + + def __init__( + self, + *, + allowed_regexs: Optional[List[re.Pattern]] = None, + denied_regexs: Optional[List[re.Pattern]] = None, + order_to_check_allow_deny: Order, + default_answer: bool, + ) -> None: allow_predicates = None if allowed_regexs is not None: allow_predicates = [] @@ -237,14 +249,17 @@ class StringREBasedACL(PredicateListBasedACL): class AnyCompoundACL(SimpleACL): """An ACL that allows if any of its subacls allow.""" - def __init__(self, - *, - subacls: Optional[List[SimpleACL]] = None, - order_to_check_allow_deny: Order, - default_answer: bool) -> None: + + def __init__( + self, + *, + subacls: Optional[List[SimpleACL]] = None, + order_to_check_allow_deny: Order, + default_answer: bool, + ) -> None: super().__init__( - order_to_check_allow_deny = order_to_check_allow_deny, - default_answer = default_answer + order_to_check_allow_deny=order_to_check_allow_deny, + default_answer=default_answer, ) self.subacls = subacls @@ -263,14 +278,17 @@ class AnyCompoundACL(SimpleACL): class AllCompoundACL(SimpleACL): """An ACL that allows if all of its subacls allow.""" - def __init__(self, - *, - subacls: Optional[List[SimpleACL]] = None, - order_to_check_allow_deny: Order, - default_answer: bool) -> None: + + def __init__( + self, + *, + subacls: Optional[List[SimpleACL]] = None, + order_to_check_allow_deny: Order, + default_answer: bool, + ) -> None: super().__init__( - order_to_check_allow_deny = order_to_check_allow_deny, - default_answer = default_answer + order_to_check_allow_deny=order_to_check_allow_deny, + default_answer=default_answer, ) self.subacls = subacls