bsfs/graph/ac/base.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

"""

Part of the BlackStar filesystem (bsfs) module.
A copy of the license is provided with the project.
Author: Matthias Baumgartner, 2022
"""
# imports
import abc
import typing

# bsfs imports
from bsfs import schema
from bsfs.query import ast
from bsfs.triple_store import TripleStoreBase
from bsfs.utils import URI, typename

# exports
__all__: typing.Sequence[str] = (
    'AccessControlBase',
    )


## code ##

class AccessControlBase(abc.ABC):
    """Defines the interface for access control policies.

    An access control policy governs which actions a user may take to query
    or to manipulate a graph.

    """

    # The triple store backend.
    _backend: TripleStoreBase

    # The current user.
    _user: URI

    def __init__(
            self,
            backend: TripleStoreBase,
            user: URI,
            ):
        self._backend = backend
        self._user = URI(user)

    def __str__(self) -> str:
        return f'{typename(self)}({self._user})'

    def __repr__(self) -> str:
        return f'{typename(self)}({self._user})'

    def __eq__(self, other: typing.Any) -> bool:
        return isinstance(other, type(self)) \
           and self._backend == other._backend \
           and self._user == other._user

    def __hash__(self) -> int:
        return hash((type(self), self._backend, self._user))

    @abc.abstractmethod
    def is_protected_predicate(self, pred: schema.Predicate) -> bool:
        """Return True if a predicate cannot be modified manually."""

    @abc.abstractmethod
    def create(self, node_type: schema.Node, guids: typing.Iterable[URI]):
        """Perform post-creation operations on nodes, e.g. ownership information."""

    @abc.abstractmethod
    def link_from_node(self, node_type: schema.Node, guids: typing.Iterable[URI]) -> typing.Iterable[URI]:
        """Return nodes for which outbound links can be written."""

    @abc.abstractmethod
    def link_to_node(self, node_type: schema.Node, guids: typing.Iterable[URI]) -> typing.Iterable[URI]:
        """Return nodes for which inbound links can be written."""

    @abc.abstractmethod
    def write_literal(self, node_type: schema.Node, guids: typing.Iterable[URI]) -> typing.Iterable[URI]:
        """Return nodes to which literals can be attached."""

    @abc.abstractmethod
    def createable(self, node_type: schema.Node, guids: typing.Iterable[URI]) -> typing.Iterable[URI]:
        """Return nodes that are allowed to be created."""

    @abc.abstractmethod
    def filter_read(
            self,
            node_type: schema.Node,
            query: typing.Optional[ast.filter.FilterExpression],
            ) -> typing.Optional[ast.filter.FilterExpression]:
        """Re-write a filter *query* to get (i.e., read) *node_type* nodes."""

    @abc.abstractmethod
    def fetch_read(self, node_type: schema.Node, query: ast.fetch.FetchExpression) -> ast.fetch.FetchExpression:
        """Re-write a fetch *query* to get (i.e, read) values for *node_type* nodes."""

## EOF ##