The branch, statusflag has been updated via efadd7bc9a73ae99a0a537ec308a074666a085a0 (commit) from 96019c8aaf5c5cf2d6587314232411b523dc73fd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: x2gobroker/brokers/base_broker.py | 60 ++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 27 deletions(-) The diff of changes is: diff --git a/x2gobroker/brokers/base_broker.py b/x2gobroker/brokers/base_broker.py index 4ab60c8..caaf85c 100644 --- a/x2gobroker/brokers/base_broker.py +++ b/x2gobroker/brokers/base_broker.py @@ -196,15 +196,14 @@ class X2GoBroker(object): _acls = self.get_acl_defaults() _acls.update(acls) - _order = {} - _order['users'] = _order['groups'] = _order['clients'] = _acls['acl-any-order'] + _order[u'users'] = _order[u'groups'] = _order[u'clients'] = _acls[u'acl-any-order'] - try: _order['users'] = _acls['acl-users-order'] + try: _order[u'users'] = _acls[u'acl-users-order'] except KeyError: pass - try: _order['groups'] = _acls['acl-groups-order'] + try: _order[u'groups'] = _acls[u'acl-groups-order'] except KeyError: pass - try: _order['clients'] = _acls['acl-clients-order'] + try: _order[u'clients'] = _acls[u'acl-clients-order'] except KeyError: pass # to pass an ACL test, all three keys in the dict below have to be set to True @@ -225,62 +224,62 @@ class X2GoBroker(object): ### clients access is granted first, if that fails then we return False here... # FIXME: provide code for client based access control - if not _grant_availability['by_client']: + if not _grant_availability[u'by_client']: return False ### no user/group ACLs are in use, allow access then... - if len(_acls['acl-users-allow'] + _acls['acl-users-deny'] + _acls['acl-groups-allow'] + _acls['acl-groups-deny']) == 0: + if len(_acls[u'acl-users-allow'] + _acls[u'acl-users-deny'] + _acls[u'acl-groups-allow'] + _acls[u'acl-groups-deny']) == 0: return True ### CHECKING on a per-user basis... _allow_user_override = False _explicitly_deny_user = False - if len( _acls['acl-users-allow'] + _acls['acl-users-deny'] ) > 0: + if len( _acls[u'acl-users-allow'] + _acls[u'acl-users-deny'] ) > 0: _allow_user = False _deny_user = False - if username in _acls['acl-users-allow'] or 'ALL' in _acls['acl-users-allow']: + if username in _acls[u'acl-users-allow'] or u'ALL' in _acls[u'acl-users-allow']: _allow_user_override = True _allow_user = True - if username in _acls['acl-users-deny']: + if username in _acls[u'acl-users-deny']: _explicitly_deny_user = True - if _explicitly_deny_user or ('ALL' in _acls['acl-users-deny']): + if _explicitly_deny_user or (u'ALL' in _acls[u'acl-users-deny']): _deny_user = True - if _order['users'] == 'allow-deny': - _grant_availability['by_user'] = (_allow_user or _deny_user) and (_allow_user and (not _deny_user)) + if _order[u'users'] == 'allow-deny': + _grant_availability[u'by_user'] = (_allow_user or _deny_user) and (_allow_user and (not _deny_user)) else: - _grant_availability['by_user'] = (_allow_user or _deny_user) and ((not _deny_user) or _allow_user) + _grant_availability[u'by_user'] = (_allow_user or _deny_user) and ((not _deny_user) or _allow_user) # if a user has been granted access directly, then the corresponding session profile(s) # will be provided to him/her, it does not matter what the group acl will have to say to this... - if _grant_availability['by_user']: + if _grant_availability[u'by_user']: return True ### CHECKING on a per-group basis... - if len(_acls['acl-groups-allow'] + _acls['acl-groups-deny']) > 0: + if len(_acls[u'acl-groups-allow'] + _acls[u'acl-groups-deny']) > 0: _allow_group = False _deny_group = False - _user_groups = ['ALL'] + self.get_user_groups(username, primary_groups=True) + _user_groups = [u'ALL'] + self.get_user_groups(username, primary_groups=True) - _allow_group = bool(len(set(_user_groups).intersection( set(_acls['acl-groups-allow']) ))) - _deny_group = bool(len(set(_user_groups).intersection( set(_acls['acl-groups-deny']) ))) + _allow_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-allow']) ))) + _deny_group = bool(len(set(_user_groups).intersection( set(_acls[u'acl-groups-deny']) ))) - if _order['groups'] == 'allow-deny': - _grant_availability['by_group'] = (_allow_group or _deny_group) and (_allow_group and (not _deny_group)) + if _order[u'groups'] == 'allow-deny': + _grant_availability[u'by_group'] = (_allow_group or _deny_group) and (_allow_group and (not _deny_group)) else: - _grant_availability['by_group'] = (_allow_group or _deny_group) and (not _deny_group) or _allow_group + _grant_availability[u'by_group'] = (_allow_group or _deny_group) and (not _deny_group) or _allow_group # if a group has been granted access, with one exception: if the thread model for users is # allow-deny, then we presume that the acl-users-deny entry has precendence over # acl-groups-allow/acl-groups-deny. - if (_grant_availability['by_group'] and not _explicitly_deny_user) or _allow_user_override: + if (_grant_availability[u'by_group'] and not _explicitly_deny_user) or _allow_user_override: return True return False @@ -583,18 +582,25 @@ class X2GoBroker(object): return list_of_profiles - def select_profile(self, profile_name='DEFAULT'): + def select_session(self, profile_id): """\ Start/resume a session by selecting a profile name offered by the X2Go client. The X2Go server that the session is launched on is selected automatically by the X2Go session broker. - @param profile_name: a dictionary object containing information on a selected session profile - @type profile_name: C{dict} + @param profile_id: the selected profile ID. This matches one of the dictionary keys offered by the C{list_profiles} method + @type profile_id: C{dict} """ - return {} + profile = self.get_profile(profile_id) + + selected_session = { + 'server': profile[u'host'], + 'port': profile[u'sshport'], + } + + return selected_session def change_password(self, new='', old=''): """\ hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).