pypicloud.access.base module

The access backend object base class

class pypicloud.access.base.IAccessBackend(request=None, default_read=None, default_write=None, disallow_fallback=(), cache_update=None, allow_overwrite=None, allow_delete=None, pwd_context=None, token_expiration=604800, signing_key=None)

Bases: object

Base class for retrieving user and package permission data

ROOT_ACL = [('Allow', 'system.Authenticated', 'login'), ('Allow', 'admin', <pyramid.security.AllPermissionsList object>), ('Deny', 'system.Everyone', <pyramid.security.AllPermissionsList object>)]

allow_register() → bool

Check if the backend allows registration

This should only be overridden by mutable backends

Returns

allowbool

allow_register_token() → bool

Check if the backend allows registration via tokens

This should only be overridden by mutable backends

Returns

allowbool

allowed_permissions(package: str) → Dict[str, Tuple[str, ...]]

Get all allowed permissions for all principals on a package

Returns

permsdict

Mapping of principal to tuple of permissions

can_delete_package() → bool

Return True if the user has permissions to delete packages

can_overwrite_package() → bool

Return True if the user has permissions to overwrite existing packages

can_update_cache() → bool

Return True if the user has permissions to update the pypi cache

check_health() → Tuple[bool, str]

Check the health of the access backend

Returns

(healthy, status)(bool, str)

Tuple that describes the health status and provides an optional status message

classmethod configure(settings: EnvironSettings) → Dict[str, Any]

Configure the access backend with app settings

dump() → Dict[str, Any]

Dump all of the access control data to a universal format

Returns

datadict

get_acl(package: str) → List[Tuple[str, str, str]]

Construct an ACL for a package

group_members(group: str) → List[str]

Get a list of users that belong to a group

Parameters

groupstr

Returns

userslist

List of user names

group_package_permissions(group: str) → List[Dict[str, List[str]]]

Get a list of all packages that a group has permissions on

Parameters

groupstr

Returns

packageslist

List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)

group_permissions(package: str) → Dict[str, List[str]]

Get a mapping of all groups to their permissions on a package

Parameters

packagestr

The name of a python package

Returns

permissionsdict

mapping of group name to a list of permissions (which can contain ‘read’ and/or ‘write’)

groups(username: Optional[str] = None) → List[str]

Get a list of all groups

If a username is specified, get all groups that the user belongs to

Parameters

usernamestr, optional

Returns

groupslist

List of group names

has_permission(package: str, perm: str) → bool

Check if this user has a permission for a package

in_any_group(username: str, groups: List[str]) → bool

Find out if a user is in any of a set of groups

Parameters

usernamestr

Name of user. May be None for the anonymous user.

groupslist

list of group names. Supports ‘everyone’, ‘authenticated’, and ‘admin’.

Returns

memberbool

in_group(username: Optional[str], group: str) → bool

Find out if a user is in a group

Parameters

usernamestr, None

Name of user. May be None for the anonymous user.

groupstr

Name of the group. Supports ‘everyone’, ‘authenticated’, and ‘admin’.

Returns

memberbool

is_admin(username: str) → bool

Check if the user is an admin

Parameters

usernamestr

Returns

is_adminbool

load(data)

Idempotently load universal access control data.

By default, this does nothing on immutable backends. Backends may override this method to provide an implementation.

This method works by default on mutable backends with no override necessary.

mutable = False

need_admin() → bool

Find out if there are any admin users

This should only be overridden by mutable backends

Returns

need_adminbool

True if no admin user exists and the backend is mutable, False otherwise

classmethod postfork(**kwargs)

This method will be called after uWSGI forks

user_data(username=None)

Get a list of all users or data for a single user

For Mutable backends, this MUST exclude all pending users

Returns

userslist

Each user is a dict with a ‘username’ str, and ‘admin’ bool

userdict

If a username is passed in, instead return one user with the fields above plus a ‘groups’ list.

user_package_permissions(username: str) → List[Dict[str, List[str]]]

Get a list of all packages that a user has permissions on

Parameters

usernamestr

Returns

packageslist

List of dicts. Each dict contains ‘package’ (str) and ‘permissions’ (list)

user_permissions(package: str) → Dict[str, List[str]]

Get a mapping of all users to their permissions for a package

Parameters

packagestr

The name of a python package

Returns

permissionsdict

Mapping of username to a list of permissions (which can contain ‘read’ and/or ‘write’)

user_principals(username: Optional[str]) → List[str]

Get a list of principals for a user

Parameters

usernamestr

Returns

principalslist

verify_user(username: str, password: str) → bool

Check the login credentials of a user

For Mutable backends, pending users should fail to verify

Parameters

usernamestr

passwordstr

Returns

validbool

True if user credentials are valid, false otherwise

class pypicloud.access.base.IMutableAccessBackend(request=None, default_read=None, default_write=None, disallow_fallback=(), cache_update=None, allow_overwrite=None, allow_delete=None, pwd_context=None, token_expiration=604800, signing_key=None)

Bases: IAccessBackend

Base class for access backends that can change user/group permissions

allow_register()

Check if the backend allows registration

This should only be overridden by mutable backends

Returns

allowbool

allow_register_token()

Check if the backend allows registration via tokens

This should only be overridden by mutable backends

Returns

allowbool

approve_user(username: str) → None

Mark a user as approved by the admin

Parameters

usernamestr

create_group(group: str) → None

Create a new group

Parameters

groupstr

delete_group(group: str) → None

Delete a group

Parameters

groupstr

delete_user(username: str) → None

Delete a user

Parameters

usernamestr

dump()

Dump all of the access control data to a universal format

Returns

datadict

edit_group_permission(package_name: str, group: str, perm: Set[str], add: bool) → None

Grant or revoke a permission for a group on a package

Parameters

package_namestr

groupstr

perm{‘read’, ‘write’}

addbool

If True, grant permissions. If False, revoke.

edit_user_group(username: str, group: str, add: bool) → None

Add or remove a user to/from a group

Parameters

usernamestr

groupstr

addbool

If True, add to group. If False, remove.

edit_user_password(username: str, password: str) → None

Change a user’s password

Parameters

usernamestr

passwordstr

edit_user_permission(package_name: str, username: str, perm: Set[str], add: bool) → None

Grant or revoke a permission for a user on a package

Parameters

package_namestr

usernamestr

perm{‘read’, ‘write’}

addbool

If True, grant permissions. If False, revoke.

get_signup_token(username: str) → str

Create a signup token

Parameters

usernamestr

The username to be created when this token is consumed

Returns

tokenstr

load(data)

Idempotently load universal access control data.

By default, this does nothing on immutable backends. Backends may override this method to provide an implementation.

This method works by default on mutable backends with no override necessary.

mutable = True

need_admin() → bool

Find out if there are any admin users

This should only be overridden by mutable backends

Returns

need_adminbool

True if no admin user exists and the backend is mutable, False otherwise

pending_users() → List[str]

Retrieve a list of all users pending admin approval

Returns

userslist

List of usernames

register(username: str, password: str) → None

Register a new user

The new user should be marked as pending admin approval

Parameters

usernamestr

passwordstr

This should be the plaintext password

set_allow_register(allow: bool) → None

Allow or disallow user registration

Parameters

allowbool

set_user_admin(username: str, admin: bool) → None

Grant or revoke admin permissions for a user

Parameters

usernamestr

adminbool

If True, grant permissions. If False, revoke.

validate_signup_token(token: str) → Optional[str]

Validate a signup token

Parameters

tokenstr

Returns

usernamestr or None

This will be None if the validation fails

pypicloud.access.base.get_pwd_context(preferred_hash: Optional[str] = None, rounds: Optional[int] = None) → LazyCryptContext

Create a passlib context for hashing passwords

pypicloud.access.base.group_to_principal(group: str) → str

Convert a group to its corresponding principal

pypicloud.access.base.groups_to_principals(groups: List[str]) → List[str]

Convert a list of groups to a list of principals