pypicloud.access.base module¶
The access backend object base class
- class pypicloud.access.base.IAccessBackend(request=None, default_read=None, default_write=None, disallow_fallback=(), cache_update=None, allow_overwrite=None, allow_delete=None, pwd_context=None, token_expiration=604800, signing_key=None)[source]¶
Bases:
object
Base class for retrieving user and package permission data
- ROOT_ACL = [('Allow', 'system.Authenticated', 'login'), ('Allow', 'admin', <pyramid.security.AllPermissionsList object>), ('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList object>)][source]¶
- allow_register() bool [source]¶
Check if the backend allows registration
This should only be overridden by mutable backends
- Returns
- allowbool
- allow_register_token() bool [source]¶
Check if the backend allows registration via tokens
This should only be overridden by mutable backends
- Returns
- allowbool
- allowed_permissions(package: str) Dict[str, Tuple[str, ...]] [source]¶
Get all allowed permissions for all principals on a package
- Returns
- permsdict
Mapping of principal to tuple of permissions
- can_overwrite_package() bool [source]¶
Return True if the user has permissions to overwrite existing packages
- check_health() Tuple[bool, str] [source]¶
Check the health of the access backend
- Returns
- (healthy, status)(bool, str)
Tuple that describes the health status and provides an optional status message
- classmethod configure(settings: EnvironSettings) Dict[str, Any] [source]¶
Configure the access backend with app settings
- dump() Dict[str, Any] [source]¶
Dump all of the access control data to a universal format
- Returns
- datadict
- group_members(group: str) List[str] [source]¶
Get a list of users that belong to a group
- Parameters
- groupstr
- Returns
- userslist
List of user names
- group_package_permissions(group: str) List[Dict[str, List[str]]] [source]¶
Get a list of all packages that a group has permissions on
- Parameters
- groupstr
- Returns
- packageslist
List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)
- group_permissions(package: str) Dict[str, List[str]] [source]¶
Get a mapping of all groups to their permissions on a package
- Parameters
- packagestr
The name of a python package
- Returns
- permissionsdict
mapping of group name to a list of permissions (which can contain ‘read’ and/or ‘write’)
- groups(username: Optional[str] = None) List[str] [source]¶
Get a list of all groups
If a username is specified, get all groups that the user belongs to
- Parameters
- usernamestr, optional
- Returns
- groupslist
List of group names
- has_permission(package: str, perm: str) bool [source]¶
Check if this user has a permission for a package
- in_any_group(username: str, groups: List[str]) bool [source]¶
Find out if a user is in any of a set of groups
- Parameters
- usernamestr
Name of user. May be None for the anonymous user.
- groupslist
list of group names. Supports ‘everyone’, ‘authenticated’, and ‘admin’.
- Returns
- memberbool
- in_group(username: Optional[str], group: str) bool [source]¶
Find out if a user is in a group
- Parameters
- usernamestr, None
Name of user. May be None for the anonymous user.
- groupstr
Name of the group. Supports ‘everyone’, ‘authenticated’, and ‘admin’.
- Returns
- memberbool
- is_admin(username: str) bool [source]¶
Check if the user is an admin
- Parameters
- usernamestr
- Returns
- is_adminbool
- load(data)[source]¶
Idempotently load universal access control data.
By default, this does nothing on immutable backends. Backends may override this method to provide an implementation.
This method works by default on mutable backends with no override necessary.
- need_admin() bool [source]¶
Find out if there are any admin users
This should only be overridden by mutable backends
- Returns
- need_adminbool
True if no admin user exists and the backend is mutable, False otherwise
- user_data(username=None)[source]¶
Get a list of all users or data for a single user
For Mutable backends, this MUST exclude all pending users
- Returns
- userslist
Each user is a dict with a ‘username’ str, and ‘admin’ bool
- userdict
If a username is passed in, instead return one user with the fields above plus a ‘groups’ list.
- user_package_permissions(username: str) List[Dict[str, List[str]]] [source]¶
Get a list of all packages that a user has permissions on
- Parameters
- usernamestr
- Returns
- packageslist
List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)
- user_permissions(package: str) Dict[str, List[str]] [source]¶
Get a mapping of all users to their permissions for a package
- Parameters
- packagestr
The name of a python package
- Returns
- permissionsdict
Mapping of username to a list of permissions (which can contain ‘read’ and/or ‘write’)
- class pypicloud.access.base.IMutableAccessBackend(request=None, default_read=None, default_write=None, disallow_fallback=(), cache_update=None, allow_overwrite=None, allow_delete=None, pwd_context=None, token_expiration=604800, signing_key=None)[source]¶
Bases:
IAccessBackend
Base class for access backends that can change user/group permissions
- allow_register()[source]¶
Check if the backend allows registration
This should only be overridden by mutable backends
- Returns
- allowbool
- allow_register_token()[source]¶
Check if the backend allows registration via tokens
This should only be overridden by mutable backends
- Returns
- allowbool
- approve_user(username: str) None [source]¶
Mark a user as approved by the admin
- Parameters
- usernamestr
- edit_group_permission(package_name: str, group: str, perm: Set[str], add: bool) None [source]¶
Grant or revoke a permission for a group on a package
- Parameters
- package_namestr
- groupstr
- perm{‘read’, ‘write’}
- addbool
If True, grant permissions. If False, revoke.
- edit_user_group(username: str, group: str, add: bool) None [source]¶
Add or remove a user to/from a group
- Parameters
- usernamestr
- groupstr
- addbool
If True, add to group. If False, remove.
- edit_user_password(username: str, password: str) None [source]¶
Change a user’s password
- Parameters
- usernamestr
- passwordstr
- edit_user_permission(package_name: str, username: str, perm: Set[str], add: bool) None [source]¶
Grant or revoke a permission for a user on a package
- Parameters
- package_namestr
- usernamestr
- perm{‘read’, ‘write’}
- addbool
If True, grant permissions. If False, revoke.
- get_signup_token(username: str) str [source]¶
Create a signup token
- Parameters
- usernamestr
The username to be created when this token is consumed
- Returns
- tokenstr
- load(data)[source]¶
Idempotently load universal access control data.
By default, this does nothing on immutable backends. Backends may override this method to provide an implementation.
This method works by default on mutable backends with no override necessary.
- need_admin() bool [source]¶
Find out if there are any admin users
This should only be overridden by mutable backends
- Returns
- need_adminbool
True if no admin user exists and the backend is mutable, False otherwise
- pending_users() List[str] [source]¶
Retrieve a list of all users pending admin approval
- Returns
- userslist
List of usernames
- register(username: str, password: str) None [source]¶
Register a new user
The new user should be marked as pending admin approval
- Parameters
- usernamestr
- passwordstr
This should be the plaintext password
- set_allow_register(allow: bool) None [source]¶
Allow or disallow user registration
- Parameters
- allowbool
- pypicloud.access.base.get_pwd_context(preferred_hash: Optional[str] = None, rounds: Optional[int] = None) LazyCryptContext [source]¶
Create a passlib context for hashing passwords