-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaccessrules.py
executable file
·45 lines (31 loc) · 1.51 KB
/
accessrules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/python
class AccessRules:
def __init__(self, system):
self.system = system
def isEnabled(self, user):
data = self.system.getUser(user)
return data != None and data["enabled"] == "Y"
def isAdmin(self, user):
data = self.system.getUser(user)
return data != None and data["admin"] == "Y"
def canAuthenticateWithPassword(self, user):
data = self.system.getUser(user)
return data != None and data["passwordAuth"] == "Y"
def canGrantAdmin(self, user):
return self.isEnabled(user) and self.isAdmin(user)
def canCreateUser(self, user):
return self.isEnabled(user) and self.isAdmin(user)
def canUpdateUserProfile(self, ruser, auser):
return self.isEnabled(ruser) and (ruser == auser or self.isAdmin(ruser))
def canChangeUserKeys(self, ruser, auser):
return self.isEnabled(ruser) and (ruser == auser or self.isAdmin(ruser))
def canUserExportPublicKey(self, ruser, auser):
return self.isEnabled(ruser)
def canUserExportPrivateKey(self, ruser, auser):
return self.isEnabled(ruser) and (ruser == auser or self.isAdmin(ruser))
def canUserSeeAttributes(self, ruser, auser):
return self.isEnabled(ruser) and (ruser == auser or self.isAdmin(ruser))
def canUserEnableUser(self, ruser, auser):
return self.isEnabled(ruser) and self.isAdmin(ruser)
def canUserDisableUser(self, ruser, auser):
return self.isEnabled(ruser) and (ruser == auser or self.isAdmin(ruser))