Skip to content

Commit

Permalink
Merge pull request #558 from tcmitchell/557-ncsa
Browse files Browse the repository at this point in the history 
Add support for swapping identities to support IdP changes
  • Loading branch information
@tcmitchell
tcmitchell authored Mar 1, 2017
2 parents 2bceeb9 + 76c2753 commit 4254bca
Show file tree
Hide file tree
Showing 7 changed files with 222 additions and 94 deletions.
2 changes: 2 additions & 0 deletions CHANGES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

* Fix authorization for get_requests_for_context
([#536](https://github.com/GENI-NSF/geni-ch/issues/536))
* Add support for swapping identities to support IdP changes
([#557](https://github.com/GENI-NSF/geni-ch/issues/557))

## Installation Notes

Expand Down
40 changes: 25 additions & 15 deletions etc/member_authority_policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF",
"ME.MAY_$METHOD_$MEMBER<-ME.SHARES_PROJECT_$MEMBER",
"ME.MAY_$METHOD<-ME.IS_PROJECT_LEAD_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_PROJECT_ADMIN_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_PROJECT_LEAD_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_PROJECT_ADMIN_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_SEARCHING_FOR_PROJECT_LEAD_BY_UID",
"ME.MAY_$METHOD<-ME.HAS_PENDING_REQUEST_TO_MEMBER",
"ME.MAY_$METHOD<-ME.HAS_PENDING_REQUEST_FROM_MEMBER"
Expand All @@ -58,11 +58,11 @@
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF",
"ME.MAY_$METHOD_$MEMBER<-ME.SHARES_PROJECT_$MEMBER",
"ME.MAY_$METHOD<-ME.IS_PROJECT_LEAD_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_PROJECT_ADMIN_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_PROJECT_LEAD_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_PROJECT_ADMIN_AND_SEARCHING_BY_EMAIL",
"ME.MAY_$METHOD<-ME.IS_SEARCHING_FOR_PROJECT_LEAD_BY_UID",
"ME.MAY_$METHOD<-ME.HAS_PENDING_REQUEST_TO_MEMBER",
"ME.MAY_$METHOD<-ME.HAS_PENDING_REQUEST_FROM_MEMBER"
Expand All @@ -75,8 +75,8 @@
"ME.INVOKING_ON_$MEMBER<-CALLER"
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF"
]
},
Expand All @@ -87,8 +87,8 @@
"ME.INVOKING_ON_$MEMBER<-CALLER"
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF"
]
},
Expand All @@ -99,8 +99,8 @@
"ME.INVOKING_ON_$MEMBER<-CALLER"
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF"
]
},
Expand All @@ -111,7 +111,7 @@
"ME.INVOKING_ON_$MEMBER<-CALLER"
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF"
]
},
Expand Down Expand Up @@ -218,15 +218,15 @@
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR"
]
]
},

"revoke_member_privilege" : {
"__DOC__" : "Only operators/autorities can revoke member privilege",
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY",
"ME.MAY_$METHOD<-ME.IS_OPERATOR"
]
]
},

"add_member_attribute" : {
Expand All @@ -251,5 +251,15 @@
"ME.MAY_$METHOD<-ME.IS_OPERATOR",
"ME.MAY_$METHOD<-ME.INVOKING_ON_$SELF"
]
},

"swap_identities" : {
"__DOC__" : "self",
"assertions" : [
"ME.INVOKING_ON_$MEMBER<-CALLER"
],
"policies" : [
"ME.MAY_$METHOD<-ME.IS_AUTHORITY"
]
}
}
Loading

0 comments on commit 4254bca

Please sign in to comment.