search

paulscherrerinstitute / pcaspy

Portable Channel Access Server in Python
BSD 3-Clause "New" or "Revised" License
32 stars 24 forks source link

Re-load access security file? #66

Closed kasemir closed 4 years ago

kasemir commented 4 years ago

server.initAccessSecurityFile(filename) allows setting an access security file. This must be called before createPV().

IOCs do allow re-loading the access security configuration file at runtime, to support changing the settings without rebooting the IOC. It is possible to support this in the API, i.e. add a reload type call?

It would be up to the user to figure out how/when to call this, for example one could add a PV which, when written, calls that reload API.

xiaoqiangwang commented 4 years ago

If the access groups names don't change, the server.initAccessSecurityFile(filename) can be called multiple times. The following is based on the access_control.py example.

pvdb = {
    ...
    'ASG': {'type', 'str'}
}

class myDriver(Driver):
    def write(self, reason, value):
        if reason == 'ASG':
            tid = threading.Thread(target=self.reload_asg, args=(value,))
            tid.start()

        self.setParam(reason, value)
        return True

    def reload_asg(self, asg):
        cas.asCaStop()
        server.initAccessSecurityFile(asg, P=prefix)
        cas.asCaStart()

The asg file can be changed by writing to MTEST:ASG, e.g.

caput MTEST:ASG test2.as
kasemir commented 4 years ago

if .. group names don't change ..

Excellent, I think that's sufficient for what we need. The required change is usually limited to adding/removing users to/from existing user groups.