# HG changeset patch # User souliane # Date 1380738319 -7200 # Node ID 7d6e5807504aa664ee749f651579bf517ee8afeb # Parent 56f8a9c991944ad8aa7acb63ea7f5a414d8fe6be bridge, memory: added the parameter security_limit to asyncGetParamA so it can be used from libervia. refactorization in memory.py are related to that. diff -r 56f8a9c99194 -r 7d6e5807504a frontends/src/bridge/DBus.py --- a/frontends/src/bridge/DBus.py Wed Oct 02 17:38:29 2013 +0200 +++ b/frontends/src/bridge/DBus.py Wed Oct 02 20:25:19 2013 +0200 @@ -103,8 +103,8 @@ def asyncCreateProfile(self, profile, callback=None, errback=None): return self.db_core_iface.asyncCreateProfile(profile, reply_handler=callback, error_handler=lambda err:errback(err._dbus_error_name[len(const_ERROR_PREFIX)+1:])) - def asyncGetParamA(self, name, category, attribute="value", profile_key="@DEFAULT@", callback=None, errback=None): - return unicode(self.db_core_iface.asyncGetParamA(name, category, attribute, profile_key, reply_handler=callback, error_handler=lambda err:errback(err._dbus_error_name[len(const_ERROR_PREFIX)+1:]))) + def asyncGetParamA(self, name, category, attribute="value", security_limit=-1, profile_key="@DEFAULT@", callback=None, errback=None): + return unicode(self.db_core_iface.asyncGetParamA(name, category, attribute, security_limit, profile_key, reply_handler=callback, error_handler=lambda err:errback(err._dbus_error_name[len(const_ERROR_PREFIX)+1:]))) def callMenu(self, category, name, menu_type, profile_key): return unicode(self.db_core_iface.callMenu(category, name, menu_type, profile_key)) diff -r 56f8a9c99194 -r 7d6e5807504a src/bridge/DBus.py --- a/src/bridge/DBus.py Wed Oct 02 17:38:29 2013 +0200 +++ b/src/bridge/DBus.py Wed Oct 02 20:25:19 2013 +0200 @@ -199,10 +199,10 @@ return self._callback("asyncCreateProfile", unicode(profile), callback=callback, errback=errback) @dbus.service.method(const_INT_PREFIX+const_CORE_SUFFIX, - in_signature='ssss', out_signature='s', + in_signature='sssis', out_signature='s', async_callbacks=('callback', 'errback')) - def asyncGetParamA(self, name, category, attribute="value", profile_key="@DEFAULT@", callback=None, errback=None): - return self._callback("asyncGetParamA", unicode(name), unicode(category), unicode(attribute), unicode(profile_key), callback=callback, errback=errback) + def asyncGetParamA(self, name, category, attribute="value", security_limit=-1, profile_key="@DEFAULT@", callback=None, errback=None): + return self._callback("asyncGetParamA", unicode(name), unicode(category), unicode(attribute), security_limit, unicode(profile_key), callback=callback, errback=errback) @dbus.service.method(const_INT_PREFIX+const_CORE_SUFFIX, in_signature='ssss', out_signature='s', diff -r 56f8a9c99194 -r 7d6e5807504a src/bridge/bridge_constructor/bridge_template.ini --- a/src/bridge/bridge_constructor/bridge_template.ini Wed Oct 02 17:38:29 2013 +0200 +++ b/src/bridge/bridge_constructor/bridge_template.ini Wed Oct 02 20:25:19 2013 +0200 @@ -426,15 +426,17 @@ async= type=method category=core -sig_in=ssss +sig_in=sssis sig_out=s param_2_default="value" -param_3_default="@DEFAULT@" +param_3_default=-1 +param_4_default="@DEFAULT@" doc=Helper method to get a parameter's attribute doc_param_0=name: as for [setParam] doc_param_1=category: as for [setParam] doc_param_2=attribute: Name of the attribute -doc_param_3=%(doc_profile_key)s +doc_param_3=security_limit: -1 means no security then the higher the most secure +doc_param_4=%(doc_profile_key)s [getParamsUI] async= diff -r 56f8a9c99194 -r 7d6e5807504a src/memory/memory.py --- a/src/memory/memory.py Wed Oct 02 17:38:29 2013 +0200 +++ b/src/memory/memory.py Wed Oct 02 20:25:19 2013 +0200 @@ -315,12 +315,12 @@ value = self.__getParam(profile, category, name) return self.__getAttr(node[1], attr, value) - def asyncGetStringParamA(self, name, category, attr="value", profile_key="@NONE@"): - d = self.asyncGetParamA(name, category, attr, profile_key) + def asyncGetStringParamA(self, name, category, attr="value", security_limit=NO_SECURITY_LIMIT, profile_key="@NONE@"): + d = self.asyncGetParamA(name, category, attr, security_limit, profile_key) d.addCallback(self.__type_to_string) return d - def asyncGetParamA(self, name, category, attr="value", profile_key="@NONE@"): + def asyncGetParamA(self, name, category, attr="value", security_limit=NO_SECURITY_LIMIT, profile_key="@NONE@"): """Helper method to get a specific attribute @param name: name of the parameter @param category: category of the parameter @@ -331,6 +331,11 @@ error(_("Requested param [%(name)s] in category [%(category)s] doesn't exist !") % {'name': name, 'category': category}) return None + if not self.checkSecurityLimit(node[1], security_limit): + warning(_("Trying to get parameter '%s' in category '%s' without authorization!!!" + % (name, category))) + return None + if node[0] == 'general': value = self.__getParam(None, category, name, 'general') return defer.succeed(self.__getAttr(node[1], attr, value)) @@ -386,22 +391,6 @@ """ def constructProfile(ignore, profile_cache): - - def filterParam(node): - """Filter with security level. - @return: True is this param must be filtered""" - if security_limit < 0: - return False - if not node.hasAttribute('security'): - #debug("filtered param: %s (no security set)" - # % node.getAttribute("name")) - return True - if int(node.getAttribute('security')) > security_limit: - #debug("filtered param: %s (security level > %i)" - # % (node.getAttribute("name"), security_limit)) - return True - return False - # init the result document prof_xml = minidom.parseString('') cache = {} @@ -421,7 +410,7 @@ for node in dest_cat.childNodes: if node.nodeName != "param": continue - if filterParam(node): + if not self.checkSecurityLimit(node, security_limit): dest_cat.removeChild(node) continue dest_params[node.getAttribute('name')] = node @@ -436,7 +425,7 @@ # we have to merge new params (we are parsing individual parameters, we have to add them # to the previously parsed general ones) name = param_node.getAttribute('name') - if filterParam(param_node): + if not self.checkSecurityLimit(param_node, security_limit): continue if name not in dest_params: # this is reached when a previous category exists @@ -561,15 +550,10 @@ % {'category': category, 'name': name}) return - if security_limit >= 0: - abort = True - if node[1].hasAttribute("security"): - if int(node[1].getAttribute("security")) <= security_limit: - abort = False - if abort: - warning(_("Trying to set parameter '%s' in category '%s' without authorization!!!" + if not self.checkSecurityLimit(node[1], security_limit): + warning(_("Trying to set parameter '%s' in category '%s' without authorization!!!" % (name, category))) - return + return if node[0] == 'general': self.params_gen[(category, name)] = value @@ -593,6 +577,18 @@ self.host.trigger.point("paramUpdateTrigger", name, value, category, node[0], profile) self.storage.setIndParam(category, name, value, profile) + def checkSecurityLimit(self, node, security_limit): + """Check the given node against the given security limit. + The value NO_SECURITY_LIMIT (-1) means that everything is allowed. + @return: True if this node can be accessed with the given security limit. + """ + if security_limit < 0: + return True + if node.hasAttribute("security"): + if int(node.getAttribute("security")) <= security_limit: + return True + return False + class Memory(object): """This class manage all persistent informations""" @@ -828,7 +824,7 @@ """ profile = self.getProfileName(profile_key) if not profile: - raise exceptions.UnknownProfileError(_('Trying to get entity data for a non-existant profile')) + raise exceptions.ProfileUnknownError(_('Trying to get entity data for a non-existant profile')) if not profile in self.entitiesCache: raise exceptions.ProfileNotInCacheError if entity_jid == "@ALL@": @@ -859,7 +855,7 @@ """ profile = self.getProfileName(profile_key) if not profile: - raise exceptions.UnknownProfileError(_('Trying to get entity data for a non-existant profile')) + raise exceptions.ProfileUnknownError(_('Trying to get entity data for a non-existant profile')) if not profile in self.entitiesCache: raise exceptions.ProfileNotInCacheError if not entity_jid.userhost() in self.entitiesCache[profile]: @@ -915,11 +911,11 @@ def getParamA(self, name, category, attr="value", profile_key='@NONE@'): return self.params.getParamA(name, category, attr, profile_key) - def asyncGetParamA(self, name, category, attr="value", profile_key='@NONE@'): - return self.params.asyncGetParamA(name, category, attr, profile_key) + def asyncGetParamA(self, name, category, attr="value", security_limit=NO_SECURITY_LIMIT, profile_key='@NONE@'): + return self.params.asyncGetParamA(name, category, attr, security_limit, profile_key) - def asyncGetStringParamA(self, name, category, attr="value", profile_key='@NONE@'): - return self.params.asyncGetStringParamA(name, category, attr, profile_key) + def asyncGetStringParamA(self, name, category, attr="value", security_limit=NO_SECURITY_LIMIT, profile_key='@NONE@'): + return self.params.asyncGetStringParamA(name, category, attr, security_limit, profile_key) def getParamsUI(self, security_limit=NO_SECURITY_LIMIT, profile_key='@NONE@'): return self.params.getParamsUI(security_limit, profile_key)