Ñò ìÿÒXc @s ddkZddkZddkZeideiƒZeideiƒZeideiƒZddgZddd d d d d ddg Z dd!d„ƒYZ e djoXe dƒZ e GHdGHe dƒZ e GHdGHe dƒZ e GHdGHe dƒZ e GHdGHe ƒZ de _ e iddgdƒe idƒe idƒe idƒddd ge _e GHe ƒZde_ eiddgdƒeidƒeidƒeidƒd ddge_eGHe ieƒGHe dƒZ e GHe d ƒZ e GHndS("iÿÿÿÿNs<\(version\s+3.0\s*;\s*acl\s+\"([^\"]*)\"\s*;\s*([^;]*);\s*\)s(\w+)\s*\(([^()]*)\)\s*(.*)s+\(?([a-zA-Z0-9;\.]+)\s*(\!?=)\s*\"(.*)\"\)?tallowtdenytreadtwritetaddtdeletetsearchtcomparet selfwritetproxytalltACIcBsªeZdZdd„Zd„Zd„Zd„Zd„Zd„Z d„Z d„Z d d „Z d d „Z d d „Zd „Zd„Zd„Zd„Zd„ZRS(s¥ Holds the basic data for an ACI entry, as stored in the cn=accounts entry in LDAP. Has methods to parse an ACI string and export to an ACI String. cCsmd|_d|_d|_||_h|_d|_dg|_h|_|dj o|i |ƒndS(NRR( tNonetnamet source_groupt dest_groupt orig_acistrttargettactiont permissionstbindrulet _parse_acistr(tselftacistr((s./usr/lib/python2.6/site-packages/ipalib/aci.pyt__init__/s         cCsS|djo|iS|djo|iS|djo|iStd|ƒ‚dS(s*Fake getting attributes by key for sortingiiisUnknown key value %sN(R RRt TypeError(Rtkey((s./usr/lib/python2.6/site-packages/ipalib/aci.pyt __getitem__;s   cCs |iƒS(sAn alias for export_to_string()(texport_to_string(R((s./usr/lib/python2.6/site-packages/ipalib/aci.pyt__repr__Esc Cs|iƒd}x½|iD]²}|i|d}t|i|dƒttfjoUd}x'|i|dD]}||d}qmW|d }|d|||f}q|d|||i|df}qW|d|i|idi|iƒ|i d |i d|i dfd }|S( s/Output a Directory Server-compatible ACI stringttoperatort expressions || iüÿÿÿs (%s %s "%s")s((version 3.0;acl "%s";%s (%s) %s %s "%s"t,tkeywords;)( tvalidateRttypettupletlistR RtjoinRR(RtacitttopRtl((s./usr/lib/python2.6/site-packages/ipalib/aci.pyRIs  $ &KcCs@|idƒo|d}n|idƒo|d }n|S(Nt"iiÿÿÿÿ(t startswithtendswith(Rts((s./usr/lib/python2.6/site-packages/ipalib/aci.pyt_remove_quotesZs c Cs¯ti|idƒƒ}|id|_g}t}d}xn|D]f}|djoÒ|iƒiƒ}|iƒ}|djoO|djoB||iƒ}|djo!|djotd|ƒ‚qÎn|}|iƒiƒ}|i|ƒ}|iƒ} | djotd| ƒ‚q&n|d joEti d |ƒ} h|i |<||i |d <| |i |d Rt set_bindrule(RRtvstarttacimatcht bindperms((s./usr/lib/python2.6/site-packages/ipalib/aci.pyR†s !!'cCs<t|iƒttfjo td‚nx5|iD]*}|iƒtjotd|‚q3q3W|ip td‚nt|it ƒp td‚nt|i t ƒ pt |i ƒdjo td‚nt|i t ƒp td‚n|i idƒ p(|i id ƒ p|i id ƒ o td ‚ntS( syDo some basic verification that this will produce a valid LDAP ACI. returns True if valid spermissions must be a listsinvalid permission: '%s'sname must be setsname must be a stringis%target must be a non-empty dictionarysbindrule must be a dictionaryRR"R sbindrule is missing a component(R$RR%R&R<tlowert PERMISSIONSR t isinstancet basestringRtdictRIRtgettTrue(Rtp((s./usr/lib/python2.6/site-packages/ipalib/aci.pyR#–s"     *  < R2cCsUh|id<|idƒpd|d}n||idd<||iddsX      Ü