David Gwilliam
e4b143ff36
This commit implements the Sideline/Mainline split with a clean plugin architecture: ## Core Changes ### Sideline Framework (New Directory) - Created directory containing the reusable pipeline framework - Moved pipeline core, controllers, adapters, and registry to - Moved display system to - Moved effects system to - Created plugin system with security and compatibility management in - Created preset pack system with ASCII art encoding in - Added default font (Corptic) to - Added terminal ANSI constants to ### Mainline Application (Updated) - Created for Mainline stage component registration - Updated to register Mainline stages at startup - Updated as a compatibility shim re-exporting from sideline ### Terminology Consistency - : Base class for all pipeline components (sources, effects, displays, cameras) - : Base class for distributable plugin packages (was ) - : Base class for visual effects (was ) - Backward compatibility aliases maintained for existing code ## Key Features - Plugin discovery via entry points and explicit registration - Security permissions system for plugins - Compatibility management with semantic version constraints - Preset pack system for distributable configurations - Default font bundled with Sideline (Corptic.otf) ## Testing - Updated tests to register Mainline stages before discovery - All StageRegistry tests passing Note: This is a major refactoring that separates the framework (Sideline) from the application (Mainline), enabling Sideline to be used by other applications.
93 lines
2.9 KiB
Python
93 lines
2.9 KiB
Python
"""
|
|
Security system for Sideline plugins.
|
|
|
|
Provides permission-based security model for plugin execution.
|
|
"""
|
|
|
|
from enum import Enum, auto
|
|
from typing import Set
|
|
|
|
|
|
class SecurityCapability(Enum):
|
|
"""Security capability/permission definitions."""
|
|
|
|
READ = auto() # Read access to buffer/data
|
|
WRITE = auto() # Write access to buffer
|
|
NETWORK = auto() # Network access
|
|
FILESYSTEM = auto() # File system access
|
|
SYSTEM = auto() # System information access
|
|
|
|
def __str__(self) -> str:
|
|
return f"security.{self.name.lower()}"
|
|
|
|
@classmethod
|
|
def from_string(cls, permission: str) -> "SecurityCapability":
|
|
"""Parse security capability from string."""
|
|
if permission.startswith("security."):
|
|
permission = permission[9:] # Remove "security." prefix
|
|
try:
|
|
return cls[permission.upper()]
|
|
except KeyError:
|
|
raise ValueError(f"Unknown security capability: {permission}")
|
|
|
|
|
|
class SecurityManager:
|
|
"""Manages security permissions for plugin execution."""
|
|
|
|
def __init__(self):
|
|
self._granted_permissions: Set[str] = set()
|
|
|
|
def grant(self, permission: SecurityCapability | str) -> None:
|
|
"""Grant a security permission."""
|
|
if isinstance(permission, SecurityCapability):
|
|
permission = str(permission)
|
|
self._granted_permissions.add(permission)
|
|
|
|
def revoke(self, permission: SecurityCapability | str) -> None:
|
|
"""Revoke a security permission."""
|
|
if isinstance(permission, SecurityCapability):
|
|
permission = str(permission)
|
|
self._granted_permissions.discard(permission)
|
|
|
|
def has(self, permission: SecurityCapability | str) -> bool:
|
|
"""Check if a permission is granted."""
|
|
if isinstance(permission, SecurityCapability):
|
|
permission = str(permission)
|
|
return permission in self._granted_permissions
|
|
|
|
def has_all(self, permissions: Set[str]) -> bool:
|
|
"""Check if all permissions are granted."""
|
|
return all(self.has(p) for p in permissions)
|
|
|
|
def get_granted(self) -> Set[str]:
|
|
"""Get all granted permissions."""
|
|
return self._granted_permissions.copy()
|
|
|
|
def reset(self) -> None:
|
|
"""Reset all permissions."""
|
|
self._granted_permissions.clear()
|
|
|
|
|
|
# Global security manager instance
|
|
_global_security = SecurityManager()
|
|
|
|
|
|
def get_global_security() -> SecurityManager:
|
|
"""Get the global security manager instance."""
|
|
return _global_security
|
|
|
|
|
|
def grant(permission: SecurityCapability | str) -> None:
|
|
"""Grant a global security permission."""
|
|
_global_security.grant(permission)
|
|
|
|
|
|
def revoke(permission: SecurityCapability | str) -> None:
|
|
"""Revoke a global security permission."""
|
|
_global_security.revoke(permission)
|
|
|
|
|
|
def has(permission: SecurityCapability | str) -> bool:
|
|
"""Check if a global permission is granted."""
|
|
return _global_security.has(permission)
|