Mercurial > libervia-backend

diff src/memory/memory.py @ 641:49587e170f53

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core: added the security_limit to setParam - params with a security greater than security_limit can not be modified - special value: security_limit < 0 disable the check (all params can be modified)
author souliane <souliane@mailoo.org>
date Sat, 07 Sep 2013 02:03:17 +0200
parents 99eee75ec1b7
children e07a03d52321
line wrap: on
line diff
--- a/src/memory/memory.py	Sun Sep 08 19:18:46 2013 +0200
+++ b/src/memory/memory.py	Sat Sep 07 02:03:17 2013 +0200
@@ -392,12 +392,12 @@
                 if security_limit < 0:
                     return False
                 if not node.hasAttribute('security'):
-                    debug("filtered param: %s (no security set)"
-                          % node.getAttribute("name"))
+                    #debug("filtered param: %s (no security set)"
+                    #      % node.getAttribute("name"))
                     return True
                 if int(node.getAttribute('security')) > security_limit:
-                    debug("filtered param: %s (security level > %i)"
-                          % (node.getAttribute("name"), security_limit))
+                    #debug("filtered param: %s (security level > %i)"
+                    #      % (node.getAttribute("name"), security_limit))
                     return True
                 return False
 
@@ -545,7 +545,7 @@
                 categories.append(cat.getAttribute("name"))
         return categories
 
-    def setParam(self, name, value, category, profile_key='@NONE@'):
+    def setParam(self, name, value, category, security_limit=-1, profile_key='@NONE@'):
         """Set a parameter, return None if the parameter is not in param xml"""
         #TODO: use different behaviour depending of the data type (e.g. password encrypted)
         if profile_key != "@NONE@":
@@ -556,9 +556,20 @@
 
         node = self.__getParamNode(name, category, '@ALL@')
         if not node:
-            error(_('Requesting an unknown parameter (%(category)s/%(name)s)') % {'category': category, 'name': name})
+            error(_('Requesting an unknown parameter (%(category)s/%(name)s)')
+                  % {'category': category, 'name': name})
             return
 
+        if security_limit >= 0:
+            abort = True
+            if node[1].hasAttribute("security"):
+                if int(node[1].getAttribute("security")) <= security_limit:
+                    abort = False
+            if abort:
+                warning(_("Trying to set parameter '%s' in category '%s' without authorization!!!"
+                          % (name, category)))
+                return
+
         if node[0] == 'general':
             self.params_gen[(category, name)] = value
             self.storage.setGenParam(category, name, value)
@@ -921,8 +932,8 @@
     def getParamsCategories(self):
         return self.params.getParamsCategories()
 
-    def setParam(self, name, value, category, profile_key):
-        return self.params.setParam(name, value, category, profile_key)
+    def setParam(self, name, value, category, security_limit, profile_key):
+        return self.params.setParam(name, value, category, security_limit, profile_key)
 
     def importParams(self, xml):
         return self.params.importParams(xml)