From 1c6d5a29621ef9ba44cf6672927360f6f323f00a Mon Sep 17 00:00:00 2001
From: Sinisa Veseli <sveseli@aps.anl.gov>
Date: Thu, 5 Jan 2017 21:39:54 +0000
Subject: [PATCH] merge common code from auth framework branch
---
src/python/dm/common/constants/dmRole.py | 20 +++++++++-
.../allowedExperimentStationExperimentType.py | 11 ++++++
.../common/objects/authorizationPrincipal.py | 21 ++++++++--
src/python/dm/common/objects/dataFolder.py | 17 ++++++++
src/python/dm/common/objects/endpoint.py | 17 ++++++++
src/python/dm/common/objects/experiment.py | 2 +-
.../dm/common/objects/experimentRoleType.py | 11 ++++++
.../dm/common/objects/experimentStation.py | 17 ++++++++
.../dm/common/objects/experimentType.py | 2 +-
src/python/dm/common/objects/storage.py | 17 ++++++++
.../dm/common/objects/systemRoleType.py | 11 ++++++
.../dm/common/objects/userExperimentRole.py | 2 +-
.../dm/common/objects/userSystemRole.py | 2 +-
.../auth/authorizationPrincipalManager.py | 4 --
.../auth/authorizationPrincipalRetriever.py | 20 ++++------
.../service/auth/dbPrincipalRetriever.py | 6 +--
.../service/auth/noOpPrincipalRetriever.py | 4 +-
.../dm/common/service/dmRestWebServiceBase.py | 2 +-
.../dm/common/service/dmSessionController.py | 39 ++++++++++++++++++-
.../dm/common/service/loginController.py | 23 ++++++-----
.../dm/common/utility/configurationManager.py | 37 ++++++++++++++++++
21 files changed, 242 insertions(+), 43 deletions(-)
create mode 100755 src/python/dm/common/objects/allowedExperimentStationExperimentType.py
create mode 100755 src/python/dm/common/objects/dataFolder.py
create mode 100755 src/python/dm/common/objects/endpoint.py
create mode 100755 src/python/dm/common/objects/experimentRoleType.py
create mode 100755 src/python/dm/common/objects/experimentStation.py
create mode 100755 src/python/dm/common/objects/storage.py
create mode 100755 src/python/dm/common/objects/systemRoleType.py
diff --git a/src/python/dm/common/constants/dmRole.py b/src/python/dm/common/constants/dmRole.py
index 6904e8a0..a9a18889 100755
--- a/src/python/dm/common/constants/dmRole.py
+++ b/src/python/dm/common/constants/dmRole.py
@@ -2,7 +2,23 @@
#######################################################################
-DM_ADMIN_ROLE = 'Administrator'
-DM_USER_ROLE = 'User'
+# Sessions can have either admin or user role
+DM_ADMIN_SESSION_ROLE = 'Admin'
+DM_USER_SESSION_ROLE = 'User'
+
+# System and experiment roles are used for fine grained authorization
+# - "DM ADMIN" system role corresponds to "DM ADMIN" session role
+# - all other system/experiment roles correspond to "DM USER" session role
+DM_ADMIN_SYSTEM_ROLE = 'Administrator'
+DM_ADMIN_SYSTEM_ROLE_ID = 1
+
+DM_MANAGER_SYSTEM_ROLE = 'Manager'
+DM_MANAGER_SYSTEM_ROLE_ID = 2
+
+DM_PI_EXPERIMENT_ROLE = 'PI'
+DM_PI_EXPERIMENT_ROLE_ID = 1
+
+DM_USER_EXPERIMENT_ROLE = 'User'
+DM_USER_EXPERIMENT_ROLE_ID = 2
diff --git a/src/python/dm/common/objects/allowedExperimentStationExperimentType.py b/src/python/dm/common/objects/allowedExperimentStationExperimentType.py
new file mode 100755
index 00000000..c9be5803
--- /dev/null
+++ b/src/python/dm/common/objects/allowedExperimentStationExperimentType.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+from dmObject import DmObject
+
+class AllowedExperimentStationExperimentType(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'experimentStationId', 'experimentTypeId' ]
+
+ def __init__(self, dict):
+ DmObject.__init__(self, dict)
+
diff --git a/src/python/dm/common/objects/authorizationPrincipal.py b/src/python/dm/common/objects/authorizationPrincipal.py
index 566ac160..e944ab18 100755
--- a/src/python/dm/common/objects/authorizationPrincipal.py
+++ b/src/python/dm/common/objects/authorizationPrincipal.py
@@ -22,14 +22,27 @@ class AuthorizationPrincipal(DmObject):
def getToken(self):
return self.get('token')
- def setRole(self, role):
- self['role'] = role
+ def setSessionRole(self, role):
+ self['sessionRole'] = role
- def getRole(self):
- return self.get('role')
+ def getSessionRole(self):
+ return self.get('sessionRole')
def setUserInfo(self, userInfo):
self['userInfo'] = userInfo
def getUserInfo(self):
return self.get('userInfo')
+
+ def setUserSystemRoleDict(self, userSystemRoleDict):
+ self['userSystemRoleDict'] = userSystemRoleDict
+
+ def getUserSystemRoleDict(self):
+ return self.get('userSystemRoleDict')
+
+ def setUserExperimentRoleDict(self, userExperimentRoleDict):
+ self['userExperimentRoleDict'] = userExperimentRoleDict
+
+ def getUserExperimentRoleDict(self):
+ return self.get('userExperimentRoleDict')
+
diff --git a/src/python/dm/common/objects/dataFolder.py b/src/python/dm/common/objects/dataFolder.py
new file mode 100755
index 00000000..231a20c6
--- /dev/null
+++ b/src/python/dm/common/objects/dataFolder.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class DataFolder(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description', 'storageId', 'experimentId', 'dataPath' ]
+
+ def __init__(self, dict={}):
+ DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+ pass
+
diff --git a/src/python/dm/common/objects/endpoint.py b/src/python/dm/common/objects/endpoint.py
new file mode 100755
index 00000000..2db45ef3
--- /dev/null
+++ b/src/python/dm/common/objects/endpoint.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class Endpoint(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description', 'storageId', 'accessUrl' ]
+
+ def __init__(self, dict={}):
+ DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+ pass
+
diff --git a/src/python/dm/common/objects/experiment.py b/src/python/dm/common/objects/experiment.py
index b83ecc9c..23aa3c81 100755
--- a/src/python/dm/common/objects/experiment.py
+++ b/src/python/dm/common/objects/experiment.py
@@ -5,7 +5,7 @@ from dmObject import DmObject
class Experiment(DmObject):
- DEFAULT_KEY_LIST = [ 'id', 'name', 'dataDirectory', 'startDate', 'endDate', 'daqStartTime', 'daqEndTime' ]
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'experimentTypeId', 'experimentStationId', 'dataDirectory', 'startDate', 'endDate', 'daqStartTime', 'daqEndTime' ]
def __init__(self, dict={}):
DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/objects/experimentRoleType.py b/src/python/dm/common/objects/experimentRoleType.py
new file mode 100755
index 00000000..b7f15f53
--- /dev/null
+++ b/src/python/dm/common/objects/experimentRoleType.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+from dmObject import DmObject
+
+class ExperimentRoleType(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
+
+ def __init__(self, dict):
+ DmObject.__init__(self, dict)
+
diff --git a/src/python/dm/common/objects/experimentStation.py b/src/python/dm/common/objects/experimentStation.py
new file mode 100755
index 00000000..3244d794
--- /dev/null
+++ b/src/python/dm/common/objects/experimentStation.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class ExperimentStation(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
+
+ def __init__(self, dict={}):
+ DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+ pass
+
diff --git a/src/python/dm/common/objects/experimentType.py b/src/python/dm/common/objects/experimentType.py
index 20369b17..460dda73 100755
--- a/src/python/dm/common/objects/experimentType.py
+++ b/src/python/dm/common/objects/experimentType.py
@@ -5,7 +5,7 @@ from dmObject import DmObject
class ExperimentType(DmObject):
- DEFAULT_KEY_LIST = [ 'id', 'name', 'description`', 'rootDataPath' ]
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
def __init__(self, dict={}):
DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/objects/storage.py b/src/python/dm/common/objects/storage.py
new file mode 100755
index 00000000..017fe6cc
--- /dev/null
+++ b/src/python/dm/common/objects/storage.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+
+import time
+from dmObject import DmObject
+
+class Storage(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description', 'defaultScheme' ]
+
+ def __init__(self, dict={}):
+ DmObject.__init__(self, dict)
+
+####################################################################
+# Testing
+if __name__ == '__main__':
+ pass
+
diff --git a/src/python/dm/common/objects/systemRoleType.py b/src/python/dm/common/objects/systemRoleType.py
new file mode 100755
index 00000000..05259eda
--- /dev/null
+++ b/src/python/dm/common/objects/systemRoleType.py
@@ -0,0 +1,11 @@
+#!/usr/bin/env python
+
+from dmObject import DmObject
+
+class SystemRoleType(DmObject):
+
+ DEFAULT_KEY_LIST = [ 'id', 'name', 'description' ]
+
+ def __init__(self, dict):
+ DmObject.__init__(self, dict)
+
diff --git a/src/python/dm/common/objects/userExperimentRole.py b/src/python/dm/common/objects/userExperimentRole.py
index a73b773f..05c358e0 100755
--- a/src/python/dm/common/objects/userExperimentRole.py
+++ b/src/python/dm/common/objects/userExperimentRole.py
@@ -4,7 +4,7 @@ from dmObject import DmObject
class UserExperimentRole(DmObject):
- DEFAULT_KEY_LIST = [ 'user_id', 'experiment_id', 'role_type_id' ]
+ DEFAULT_KEY_LIST = [ 'userId', 'experimentId', 'roleTypeId' ]
def __init__(self, dict):
DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/objects/userSystemRole.py b/src/python/dm/common/objects/userSystemRole.py
index 270fc74f..b21e9812 100755
--- a/src/python/dm/common/objects/userSystemRole.py
+++ b/src/python/dm/common/objects/userSystemRole.py
@@ -4,7 +4,7 @@ from dmObject import DmObject
class UserSystemRole(DmObject):
- DEFAULT_KEY_LIST = [ 'user_id', 'role_type_id' ]
+ DEFAULT_KEY_LIST = [ 'userId', 'experimentStationId', 'roleTypeId' ]
def __init__(self, dict):
DmObject.__init__(self, dict)
diff --git a/src/python/dm/common/service/auth/authorizationPrincipalManager.py b/src/python/dm/common/service/auth/authorizationPrincipalManager.py
index 6dc313f1..7e508341 100755
--- a/src/python/dm/common/service/auth/authorizationPrincipalManager.py
+++ b/src/python/dm/common/service/auth/authorizationPrincipalManager.py
@@ -16,7 +16,6 @@ class AuthorizationPrincipalManager(DmObjectManager, Singleton):
DEFAULT_CACHE_OBJECT_LIFETIME = 3600 # seconds
CONFIG_SECTION_NAME = 'AuthorizationPrincipalManager'
- ADMIN_ROLE_NAME_KEY = 'adminrolename'
PRINCIPAL_RETRIEVER_KEY = 'principalretriever'
PRINCIPAL_AUTHENTICATOR_KEY = 'principalauthenticator'
@@ -45,15 +44,12 @@ class AuthorizationPrincipalManager(DmObjectManager, Singleton):
def configure(self):
configItems = self.configurationManager.getConfigItems(AuthorizationPrincipalManager.CONFIG_SECTION_NAME)
self.logger.debug('Got config items: %s' % configItems)
- adminRoleName = self.configurationManager.getConfigOption(AuthorizationPrincipalManager.CONFIG_SECTION_NAME, AuthorizationPrincipalManager.ADMIN_ROLE_NAME_KEY)
# Create principal retriever
principalRetriever = self.configurationManager.getConfigOption(AuthorizationPrincipalManager.CONFIG_SECTION_NAME, AuthorizationPrincipalManager.PRINCIPAL_RETRIEVER_KEY)
(moduleName,className,constructor) = self.configurationManager.getModuleClassConstructorTuple(principalRetriever, AuthorizationPrincipalManager)
self.logger.debug('Creating principal retriever class: %s' % className)
self.principalRetriever = ObjectUtility.createObjectInstance(moduleName, className, constructor)
- if adminRoleName is not None:
- self.principalRetriever.setAdminRoleName(adminRoleName)
self.logger.debug('Authorization principal retriever: %s' % (self.principalRetriever))
# Create principal authenticators
diff --git a/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py b/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py
index 139a02d8..479d1a1f 100755
--- a/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py
+++ b/src/python/dm/common/service/auth/authorizationPrincipalRetriever.py
@@ -6,28 +6,24 @@ from dm.common.utility.loggingManager import LoggingManager
class AuthorizationPrincipalRetriever:
def __init__(self, name=None):
- self.adminRoleName = dmRole.DM_ADMIN_ROLE
self.name = name
self.logger = LoggingManager.getInstance().getLogger(self.__class__.__name__)
def getName(self):
return self.name
- def setAdminRoleName(self, adminRoleName):
- self.adminRoleName = adminRoleName
-
def getAuthorizationPrincipal(self, username):
return None
- def checkAutorizationPrincipalRole(self, principal):
- if principal is None or self.adminRoleName is None:
- return
- userInfo = principal.getUserInfo()
- if userInfo is None:
+ def setAuthorizationPrincipalSessionRole(self, principal):
+ if principal is None:
return
- for userSystemRoleName in userInfo.get('userSystemRoleNameList', []):
- if userSystemRoleName == self.adminRoleName:
- principal.setRole(dmRole.DM_ADMIN_ROLE)
+ for userSystemRoleId in principal.get('userSystemRoleDict', {}).keys():
+ if userSystemRoleId == dmRole.DM_ADMIN_SYSTEM_ROLE_ID:
+ principal.setSessionRole(dmRole.DM_ADMIN_SESSION_ROLE)
+ return
+ principal.setSessionRole(dmRole.DM_USER_SESSION_ROLE)
+
#######################################################################
# Testing.
diff --git a/src/python/dm/common/service/auth/dbPrincipalRetriever.py b/src/python/dm/common/service/auth/dbPrincipalRetriever.py
index 4450f6e1..8db10d36 100755
--- a/src/python/dm/common/service/auth/dbPrincipalRetriever.py
+++ b/src/python/dm/common/service/auth/dbPrincipalRetriever.py
@@ -16,9 +16,9 @@ class DbPrincipalRetriever(AuthorizationPrincipalRetriever):
try:
user = self.dbApi.getUserWithPasswordByUsername(username)
principal = AuthorizationPrincipal(name=username, token=user.get('password'))
- principal.setRole(dmRole.DM_USER_ROLE)
- principal.setUserInfo(user)
- self.checkAutorizationPrincipalRole(principal)
+ principal.setUserSystemRoleDict(user.get('userSystemRoleDict', {}))
+ principal.setUserExperimentRoleDict(user.get('userExperimentRoleDict', {}))
+ self.setAuthorizationPrincipalSessionRole(principal)
except Exception, ex:
self.logger.debug(ex)
return principal
diff --git a/src/python/dm/common/service/auth/noOpPrincipalRetriever.py b/src/python/dm/common/service/auth/noOpPrincipalRetriever.py
index d285e6ee..d5066644 100755
--- a/src/python/dm/common/service/auth/noOpPrincipalRetriever.py
+++ b/src/python/dm/common/service/auth/noOpPrincipalRetriever.py
@@ -14,9 +14,7 @@ class NoOpPrincipalRetriever(AuthorizationPrincipalRetriever):
# Set password to be the same as username
noOpPassword = CryptUtility.cryptPasswordWithPbkdf2(username)
principal = AuthorizationPrincipal(name=username, token=noOpPassword)
- principal.setRole(dmRole.DM_USER_ROLE)
- if self.adminRoleName is not None:
- principal.setRole(dmRole.DM_ADMIN_ROLE)
+ self.setAuthorizationPrincipalSessionRole(principal)
return principal
#######################################################################
diff --git a/src/python/dm/common/service/dmRestWebServiceBase.py b/src/python/dm/common/service/dmRestWebServiceBase.py
index 4014d2c9..cec09990 100755
--- a/src/python/dm/common/service/dmRestWebServiceBase.py
+++ b/src/python/dm/common/service/dmRestWebServiceBase.py
@@ -25,7 +25,7 @@ class DmRestWebServiceBase:
DEFAULT_SERVER_SOCKET_TIMEOUT = 30
CONFIG_SECTION_NAME = 'WebService'
CONFIG_OPTION_NAME_LIST = [ 'serviceHost', 'servicePort',
- 'sslCertFile', 'sslKeyFile', 'sslCaCertFile' ]
+ 'sslCertFile', 'sslKeyFile', 'sslCaCertFile', 'stationName' ]
class SignalHandler:
def __init__(self, signal, oldSignalHandler):
diff --git a/src/python/dm/common/service/dmSessionController.py b/src/python/dm/common/service/dmSessionController.py
index 1216a504..d14d4ab8 100755
--- a/src/python/dm/common/service/dmSessionController.py
+++ b/src/python/dm/common/service/dmSessionController.py
@@ -6,6 +6,7 @@
import cherrypy
from dm.common.constants import dmRole
+from dm.common.utility.configurationManager import ConfigurationManager
from dm.common.service.dmController import DmController
from dm.common.service.loginController import LoginController
@@ -72,7 +73,43 @@ class DmSessionController(DmController):
@classmethod
def isAdministrator(cls):
def userIsAdministrator():
- result = (cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None) == dmRole.DM_ADMIN_ROLE)
+ result = (cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None) == dmRole.DM_ADMIN_SESSION_ROLE)
return result
return userIsAdministrator
+ @classmethod
+ def hasAdministratorRole(cls):
+ sessionRole = cherrypy.session.get(LoginController.SESSION_ROLE_KEY, None)
+ return (sessionRole == dmRole.DM_ADMIN_SESSION_ROLE)
+
+ @classmethod
+ def hasManagerRole(cls, experimentStationIdOrName):
+ systemRoleDict = cherrypy.session.get(LoginController.SESSION_SYSTEM_ROLE_DICT_KEY, None)
+ experimentStationIdOrNameList = systemRoleDict.get(dmRole.DM_MANAGER_SYSTEM_ROLE_ID, [])
+ if not experimentStationIdOrNameList:
+ # Remote sessions may come with string key
+ experimentStationIdOrNameList = systemRoleDict.get(str(dmRole.DM_MANAGER_SYSTEM_ROLE_ID), [])
+ return (experimentStationIdOrNameList.count(experimentStationIdOrName) > 0)
+
+ @classmethod
+ def hasPiRole(cls, experimentIdOrName):
+ experimentRoleDict = cherrypy.session.get(LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY, None)
+ experimentIdOrNameList = experimentRoleDict.get(dmRole.DM_PI_EXPERIMENT_ROLE_ID, [])
+ return (experimentIdOrNameList.count(experimentIdOrName) > 0)
+
+ @classmethod
+ def hasUserRole(cls, experimentIdOrName):
+ experimentRoleDict = cherrypy.session.get(LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY, None)
+ experimentIdOrNameList = experimentRoleDict.get(dmRole.DM_USER_EXPERIMENT_ROLE_ID, [])
+ return (experimentIdOrNameList.count(experimentIdOrName) > 0)
+
+ @classmethod
+ def canManageStation(cls):
+ def userCanManageStation():
+ if cls.hasAdministratorRole():
+ return True
+ stationName = ConfigurationManager.getInstance().getStationName()
+ return cls.hasManagerRole(stationName)
+ return userCanManageStation
+
+
diff --git a/src/python/dm/common/service/loginController.py b/src/python/dm/common/service/loginController.py
index 8226be02..1b6759d0 100755
--- a/src/python/dm/common/service/loginController.py
+++ b/src/python/dm/common/service/loginController.py
@@ -21,8 +21,9 @@ class LoginController(DmController):
""" Controller to provide login and logout actions. """
SESSION_USERNAME_KEY = '_cp_username'
- SESSION_USER_KEY = 'user'
- SESSION_ROLE_KEY = 'role'
+ SESSION_ROLE_KEY = 'sessionRole'
+ SESSION_SYSTEM_ROLE_DICT_KEY = 'systemRoleDict'
+ SESSION_EXPERIMENT_ROLE_DICT_KEY = 'experimentRoleDict'
ORIGINAL_SESSION_ID_KEY = 'originalid'
INVALID_SESSION_KEY = 'invalidSession'
@@ -96,16 +97,19 @@ class LoginController(DmController):
#logger.debug('Checking credential for User: %s, Password: %s' % (username, password))
logger.debug('Session id: %s' % cherrypy.serving.session.id)
principal = AuthorizationPrincipalManager.getInstance().getAuthenticatedAuthorizationPrincipal(username, password)
- #logger.debug('Principal: %s' % (principal))
+ logger.debug('Principal: %s' % (principal))
if principal:
- cherrypy.session[LoginController.SESSION_ROLE_KEY] = principal.getRole()
- logger.debug('Successful login from user: %s (role: %s)' % (username, principal.getRole()))
+ cherrypy.session[LoginController.SESSION_ROLE_KEY] = principal.getSessionRole()
+ cherrypy.session[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] = principal['userSystemRoleDict']
+ cherrypy.session[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] = principal['userExperimentRoleDict']
+ logger.debug('Successful login from user: %s (role: %s)' % (username, principal.getSessionRole()))
# Try adding to SingleSignOnManager
sessionId = cherrypy.serving.session.id
sessionCache = cherrypy.session.cache
- sessionInfo = {LoginController.SESSION_ROLE_KEY : principal.getRole()}
- sessionInfo[LoginController.SESSION_USER_KEY] = principal.getUserInfo()
+ sessionInfo = {LoginController.SESSION_ROLE_KEY : principal.getSessionRole()}
sessionInfo[LoginController.SESSION_USERNAME_KEY] = username
+ sessionInfo[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] = principal.get('userSystemRoleDict', {})
+ sessionInfo[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] = principal.get('userExperimentRoleDict', {})
ssoManager = SingleSignOnManager.getInstance()
ssoManager.addSession(sessionId, sessionInfo)
else:
@@ -115,7 +119,6 @@ class LoginController(DmController):
cherrypy.request.login = None
cherrypy.session[LoginController.INVALID_DM_SESSION_KEY] = True
raise AuthorizationError('Incorrect username or password.')
- cherrypy.session[LoginController.SESSION_USER_KEY] = principal.getUserInfo()
return principal
@classmethod
@@ -176,6 +179,8 @@ class LoginController(DmController):
raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', InvalidSession(errorMsg))
cherrypy.session[LoginController.SESSION_ROLE_KEY] = sessionInfo[LoginController.SESSION_ROLE_KEY]
+ cherrypy.session[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY] = sessionInfo[LoginController.SESSION_SYSTEM_ROLE_DICT_KEY]
+ cherrypy.session[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY] = sessionInfo[LoginController.SESSION_EXPERIMENT_ROLE_DICT_KEY]
logger.debug('Session id %s is valid (username: %s)' % (sessionId, username))
cherrypy.request.login = username
for condition in conditions:
@@ -205,7 +210,7 @@ class LoginController(DmController):
# Authorization worked.
cherrypy.session[LoginController.SESSION_USERNAME_KEY] = cherrypy.request.login = username
self.onLogin(username)
- self.addDmSessionRoleHeaders(principal.getRole())
+ self.addDmSessionRoleHeaders(principal.getSessionRole())
self.addDmResponseHeaders()
@cherrypy.expose
diff --git a/src/python/dm/common/utility/configurationManager.py b/src/python/dm/common/utility/configurationManager.py
index 07456577..45c3d2dc 100755
--- a/src/python/dm/common/utility/configurationManager.py
+++ b/src/python/dm/common/utility/configurationManager.py
@@ -73,6 +73,12 @@ DEFAULT_DM_SSL_KEY_FILE = None
# Login (user|password) file
DEFAULT_DM_LOGIN_FILE = None
+# Station name
+DEFAULT_DM_STATION_NAME = None
+
+# Allowed experiment types
+DEFAULT_DM_ALLOWED_EXPERIMENT_TYPES = None
+
class ConfigurationManager(UserDict.UserDict):
"""
Singleton class used for keeping system configuration data. The class
@@ -155,6 +161,10 @@ class ConfigurationManager(UserDict.UserDict):
self['defaultLoginFile'] = DEFAULT_DM_LOGIN_FILE
+ self['defaultStationName'] = DEFAULT_DM_STATION_NAME
+
+ self['defaultAllowedExperimentTypes'] = DEFAULT_DM_ALLOWED_EXPERIMENT_TYPES
+
# Settings that might come from environment variables.
self.__setFromEnvVar('logFile', 'DM_LOG_FILE')
self.__setFromEnvVar('consoleLogLevel', 'DM_CONSOLE_LOG_LEVEL')
@@ -190,6 +200,9 @@ class ConfigurationManager(UserDict.UserDict):
self.__setFromEnvVar('dbPasswordFile', 'DM_DB_PASSWORD_FILE')
self.__setFromEnvVar('loginFile', 'DM_LOGIN_FILE')
+ self.__setFromEnvVar('stationName', 'DM_STATION_NAME')
+ self.__setFromEnvVar('allowedExperimentTypes', 'DM_ALLOWED_EXPERIMENT_TYPES')
+
# Settings that might come from file.
self.__setFromVarFile('dbPassword', self.getDbPasswordFile())
@@ -810,6 +823,30 @@ class ConfigurationManager(UserDict.UserDict):
def hasLoginFile(self):
return self.has_key('loginFile')
+ def getDefaultStationName(self):
+ return self['defaultStationName']
+
+ def getStationName(self, default='__dm_default__'):
+ return self.__getKeyValue('stationName', default)
+
+ def setStationName(self, f):
+ self['stationName'] = f
+
+ def hasStationName(self):
+ return self.has_key('stationName')
+
+ def getDefaultAllowedExperimentTypes(self):
+ return self['defaultAllowedExperimentTypes']
+
+ def getAllowedExperimentTypes(self, default='__dm_default__'):
+ return self.__getKeyValue('allowedExperimentTypes', default)
+
+ def setAllowedExperimentTypes(self, f):
+ self['allowedExperimentTypes'] = f
+
+ def hasAllowedExperimentTypes(self):
+ return self.has_key('allowedExperimentTypes')
+
#######################################################################
# Testing.
--
GitLab