pypicloud.access.base module¶
The access backend object base class
-
class
pypicloud.access.base.
IAccessBackend
(request=None, default_read=None, default_write=None, disallow_fallback=(), cache_update=None, pwd_context=None, token_expiration=604800, signing_key=None)[source]¶ Bases:
object
Base class for retrieving user and package permission data
-
ROOT_ACL
= [('Allow', 'system.Authenticated', 'login'), ('Allow', 'admin', <pyramid.security.AllPermissionsList object>), ('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList object>)][source]¶
-
allow_register
() → bool[source]¶ Check if the backend allows registration
This should only be overridden by mutable backends
Returns: - allow : bool
-
allow_register_token
() → bool[source]¶ Check if the backend allows registration via tokens
This should only be overridden by mutable backends
Returns: - allow : bool
-
allowed_permissions
(package: str) → Dict[str, Tuple[str, ...]][source]¶ Get all allowed permissions for all principals on a package
Returns: - perms : dict
Mapping of principal to tuple of permissions
-
check_health
() → Tuple[bool, str][source]¶ Check the health of the access backend
Returns: - (healthy, status) : (bool, str)
Tuple that describes the health status and provides an optional status message
-
classmethod
configure
(settings: pypicloud.util.EnvironSettings) → Dict[str, Any][source]¶ Configure the access backend with app settings
-
dump
() → Dict[str, Any][source]¶ Dump all of the access control data to a universal format
Returns: - data : dict
-
group_members
(group: str) → List[str][source]¶ Get a list of users that belong to a group
Parameters: - group : str
Returns: - users : list
List of user names
-
group_package_permissions
(group: str) → List[Dict[str, List[str]]][source]¶ Get a list of all packages that a group has permissions on
Parameters: - group : str
Returns: - packages : list
List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)
-
group_permissions
(package: str) → Dict[str, List[str]][source]¶ Get a mapping of all groups to their permissions on a package
Parameters: - package : str
The name of a python package
Returns: - permissions : dict
mapping of group name to a list of permissions (which can contain ‘read’ and/or ‘write’)
-
groups
(username: Optional[str] = None) → List[str][source]¶ Get a list of all groups
If a username is specified, get all groups that the user belongs to
Parameters: - username : str, optional
Returns: - groups : list
List of group names
-
has_permission
(package: str, perm: str) → bool[source]¶ Check if this user has a permission for a package
-
in_any_group
(username: str, groups: List[str]) → bool[source]¶ Find out if a user is in any of a set of groups
Parameters: - username : str
Name of user. May be None for the anonymous user.
- groups : list
list of group names. Supports ‘everyone’, ‘authenticated’, and ‘admin’.
Returns: - member : bool
-
in_group
(username: Optional[str], group: str) → bool[source]¶ Find out if a user is in a group
Parameters: - username : str, None
Name of user. May be None for the anonymous user.
- group : str
Name of the group. Supports ‘everyone’, ‘authenticated’, and ‘admin’.
Returns: - member : bool
-
is_admin
(username: str) → bool[source]¶ Check if the user is an admin
Parameters: - username : str
Returns: - is_admin : bool
-
load
(data)[source]¶ Idempotently load universal access control data.
By default, this does nothing on immutable backends. Backends may override this method to provide an implementation.
This method works by default on mutable backends with no override necessary.
-
need_admin
() → bool[source]¶ Find out if there are any admin users
This should only be overridden by mutable backends
Returns: - need_admin : bool
True if no admin user exists and the backend is mutable, False otherwise
-
user_data
(username=None)[source]¶ Get a list of all users or data for a single user
For Mutable backends, this MUST exclude all pending users
Returns: - users : list
Each user is a dict with a ‘username’ str, and ‘admin’ bool
- user : dict
If a username is passed in, instead return one user with the fields above plus a ‘groups’ list.
-
user_package_permissions
(username: str) → List[Dict[str, List[str]]][source]¶ Get a list of all packages that a user has permissions on
Parameters: - username : str
Returns: - packages : list
List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)
-
user_permissions
(package: str) → Dict[str, List[str]][source]¶ Get a mapping of all users to their permissions for a package
Parameters: - package : str
The name of a python package
Returns: - permissions : dict
Mapping of username to a list of permissions (which can contain ‘read’ and/or ‘write’)
-
-
class
pypicloud.access.base.
IMutableAccessBackend
(request=None, default_read=None, default_write=None, disallow_fallback=(), cache_update=None, pwd_context=None, token_expiration=604800, signing_key=None)[source]¶ Bases:
pypicloud.access.base.IAccessBackend
Base class for access backends that can change user/group permissions
-
allow_register
()[source]¶ Check if the backend allows registration
This should only be overridden by mutable backends
Returns: - allow : bool
-
allow_register_token
()[source]¶ Check if the backend allows registration via tokens
This should only be overridden by mutable backends
Returns: - allow : bool
-
approve_user
(username: str) → None[source]¶ Mark a user as approved by the admin
Parameters: - username : str
-
edit_group_permission
(package: str, group: str, perm: Set[str], add: bool) → None[source]¶ Grant or revoke a permission for a group on a package
Parameters: - package : str
- group : str
- perm : {‘read’, ‘write’}
- add : bool
If True, grant permissions. If False, revoke.
-
edit_user_group
(username: str, group: str, add: bool) → None[source]¶ Add or remove a user to/from a group
Parameters: - username : str
- group : str
- add : bool
If True, add to group. If False, remove.
-
edit_user_password
(username: str, password: str) → None[source]¶ Change a user’s password
Parameters: - username : str
- password : str
-
edit_user_permission
(package: str, username: str, perm: Set[str], add: bool) → None[source]¶ Grant or revoke a permission for a user on a package
Parameters: - package : str
- username : str
- perm : {‘read’, ‘write’}
- add : bool
If True, grant permissions. If False, revoke.
-
get_signup_token
(username: str) → str[source]¶ Create a signup token
Parameters: - username : str
The username to be created when this token is consumed
Returns: - token : str
-
load
(data)[source]¶ Idempotently load universal access control data.
By default, this does nothing on immutable backends. Backends may override this method to provide an implementation.
This method works by default on mutable backends with no override necessary.
-
need_admin
() → bool[source]¶ Find out if there are any admin users
This should only be overridden by mutable backends
Returns: - need_admin : bool
True if no admin user exists and the backend is mutable, False otherwise
-
pending_users
() → List[str][source]¶ Retrieve a list of all users pending admin approval
Returns: - users : list
List of usernames
-
register
(username: str, password: str) → None[source]¶ Register a new user
The new user should be marked as pending admin approval
Parameters: - username : str
- password : str
This should be the plaintext password
-
set_allow_register
(allow: bool) → None[source]¶ Allow or disallow user registration
Parameters: - allow : bool
-
-
pypicloud.access.base.
get_pwd_context
(preferred_hash: Optional[str] = None, rounds: Optional[int] = None) → passlib.context.LazyCryptContext[source]¶ Create a passlib context for hashing passwords