added Privilege and Service classes

stedolan · Jan 3, 2010 · cc3c311 · cc3c311
1 parent ce28d8c
commit cc3c311
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 3 deletions.
diff --git a/nd.py b/nd.py
@@ -281,8 +281,16 @@ class Privilege(Group):
     '''Groups controlling access to specific services, for instance webspace or
     filestorage'''
     rdn_attr = 'cn'
+    def check(self):
+        assert 'tcdnetsoc-privilege' in self.objectClass
 
 
+class Service(NDObject):
+    rdn_attr = 'cn'
+    def get_password(self):
+        return self.get_attribute("userPassword")
+
+
 class IDNumber(NDObject):
     """Allocator for new ID numbers such as UID and GID.
     The next ID is stored in the allocator object, and when a new one is requested
@@ -328,7 +336,11 @@ def check(self):
 Attribute('gidNumber', int)
 Attribute('homeDirectory', str)
 Attribute('cn', str)
+Attribute('userPassword', str)
+Attribute('mail', str)
+Attribute('tcdnetsoc_admin_comment', [str])
 Attribute('member', [User])
 Attribute('memberOf', [Group], backlink='member')
-
+Attribute('tcdnetsoc_service_granted', [Service])
+Attribute('tcdnetsoc_granted_by_privilege', [Privilege], backlink='tcdnetsoc_service_granted')
 
diff --git a/schema b/schema
@@ -37,6 +37,17 @@ attributetype ( na:4
  DESC 'Comment'
  EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX directoryString )
 
+
+attributetype ( na:5
+ NAME 'tcdnetsoc-service-granted'
+ DESC 'Service that a privilege grants access to'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX distinguishedName )
+
+attributetype ( na:6
+ NAME 'tcdnetsoc-granted-by-privilege'
+ DESC 'Privilege sufficient to grant access to a service'
+ EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX distinguishedName )
+
 # A member or user of Netsoc
 # This covers every person in the database. Those who are currently paid-up members
 # will have a tcdnetsoc-membership-year attribute storing the current year.
@@ -69,10 +80,26 @@ objectclass ( no:2
  MUST ( gidNumber )
  MAY ( member ) )
 
-
 objectclass ( no:3
  NAME 'tcdnetsoc-idnum'
  DESC 'Object to hold an ID number'
  SUP top
  STRUCTURAL
- MUST ( cn $ serialNumber ) )
+ MUST ( cn $ serialNumber ) )
+
+
+objectclass ( no:4
+ NAME 'tcdnetsoc-privilege'
+ DESC 'Privilege granting access for some users to some services'
+ SUP tcdnetsoc-group
+ STRUCTURAL
+ MAY ( tcdnetsoc-service-granted ) )
+
+# Services also have tcdnetsoc-granted-by-privilege attributes
+# they're not here as they're automatically generated by OpenLDAP
+objectclass ( no:5
+ NAME 'tcdnetsoc-service'
+ DESC 'Service accessible by Netsoc users with the right privileges'
+ STRUCTURAL
+ MUST ( cn ) )
+