magpie.api.management.user.user_utils
¶
Module Contents¶
Functions¶
|
Creates a user if it is permitted and not conflicting. Password must be set to |
|
Creates a permission on a user/resource combination if it is permitted and not conflicting. |
|
Deletes a user-group relationship (user membership to a group). |
|
Get validated response on deleted user resource permission. |
|
Retrieves only direct user permissions on resources amongst a list of user/group resource/service permissions. |
|
Retrieves user resource permissions with or without inherited group permissions. Alternatively retrieves the |
|
Returns services by type with corresponding services by name containing sub-dict information. |
|
|
|
Creates a dictionary of resources by id with corresponding permissions of the user. |
|
Retrieves all permissions the user has for all resources nested under the service. |
|
Validates provided user information to ensure they are adequate for user creation. |
|
Obtains the validated list of group names from a pre-validated user. |
-
magpie.api.management.user.user_utils.
create_user
(user_name: Str, password: Optional[Str], email: Str, group_name: Optional[Str], db_session: Session) → HTTPException[source]¶ Creates a user if it is permitted and not conflicting. Password must be set to
None
if using external identity.Created user will immediately assigned membership to the group matching
group_name
(can beMAGPIE_ANONYMOUS_GROUP
for minimal access). If no group is provided, this anonymous group will be applied by default, creating a user effectively without any permissions other than ones set directly for him.Furthermore, the user will also always be associated with
MAGPIE_ANONYMOUS_GROUP
(if not already explicitly or implicitly requested withgroup_name
) to allow access to resources with public permission. Argumentgroup_name
MUST be an existing group if provided.- Returns
valid HTTP response on successful operation.
-
magpie.api.management.user.user_utils.
create_user_resource_permission_response
(user: models.User, resource: ServiceOrResourceType, permission: Permission, db_session: Session) → HTTPException[source]¶ Creates a permission on a user/resource combination if it is permitted and not conflicting.
- Returns
valid HTTP response on successful operation.
-
magpie.api.management.user.user_utils.
delete_user_group
(user: models.User, group: models.Group, db_session: Session) → None[source]¶ Deletes a user-group relationship (user membership to a group).
- Returns
nothing - user-group is deleted.
- Raises
HTTPNotFound – if the combination cannot be found.
-
magpie.api.management.user.user_utils.
delete_user_resource_permission_response
(user: models.User, resource: ServiceOrResourceType, permission: Permission, db_session: Session) → HTTPException[source]¶ Get validated response on deleted user resource permission.
- Returns
valid HTTP response on successful operations.
- Raises
HTTPException – error HTTP response of corresponding situation.
-
magpie.api.management.user.user_utils.
filter_user_permission
(resource_permission_list: List[ResourcePermissionType], user: models.User) → Iterable[ResourcePermissionType][source]¶ Retrieves only direct user permissions on resources amongst a list of user/group resource/service permissions.
-
magpie.api.management.user.user_utils.
get_user_resource_permissions_response
(user: models.User, resource: ServiceOrResourceType, request: Request, inherit_groups_permissions: bool = True, effective_permissions: bool = False) → HTTPException[source]¶ Retrieves user resource permissions with or without inherited group permissions. Alternatively retrieves the effective user resource permissions, where group permissions are implied as True.
- Returns
valid HTTP response on successful operations.
- Raises
HTTPException – error HTTP response of corresponding situation.
-
magpie.api.management.user.user_utils.
get_user_services
(user: models.User, request: Request, cascade_resources: bool = False, inherit_groups_permissions: bool = False, format_as_list: bool = False) → UserServicesType[source]¶ Returns services by type with corresponding services by name containing sub-dict information.
- Parameters
user – user for which to find services
request – request with database session connection
cascade_resources – If
False
, return only services which the User has Immediate Permissions on specialized top-level resources corresponding to services. Otherwise, return every service that has at least one sub-resource with permissions (children at any-level). In both cases, the permissions looked for consider either only Direct Permissions or any Inherited Permissions according to the value ofinherit_groups_permissions
.inherit_groups_permissions – If
False
, return only user-specific service/sub-resources Direct Permissions. Otherwise, resolve Inherited Permissions using all groups the user is member of.format_as_list – returns as list of service dict information (not grouped by type and by name)
- Returns
Only services which the user as Direct Permissions or considering all tree hierarchy, and for each case, either considering only user permissions or every Inherited Permissions, according to provided options.
- Return type
Dict of services by type with corresponding services by name containing sub-dict information, unless
format_as_list
isTrue
-
magpie.api.management.user.user_utils.
get_user_service_permissions
(user: models.User, service: models.Service, request: Request, inherit_groups_permissions: bool = True) → List[Permission][source]¶
-
magpie.api.management.user.user_utils.
get_user_resources_permissions_dict
(user: models.User, request: Request, resource_types: Optional[List[Str]] = None, resource_ids: Optional[List[int]] = None, inherit_groups_permissions: bool = True) → Dict[Str, AnyPermissionType][source]¶ Creates a dictionary of resources by id with corresponding permissions of the user.
- Parameters
user – user for which to find services
request – request with database session connection
resource_types – filter the search query with specified resource types
resource_ids – filter the search query with specified resource ids
inherit_groups_permissions – If
False
, return only user-specific resource permissions. Otherwise, resolve inherited permissions using all groups the user is member of.
- Returns
Only services which the user as permissions on, or including all Inherited Permissions, according to
inherit_groups_permissions
argument.
-
magpie.api.management.user.user_utils.
get_user_service_resources_permissions_dict
(user: models.User, service: models.Service, request: Request, inherit_groups_permissions: bool = True) → ResourcePermissionMap[source]¶ Retrieves all permissions the user has for all resources nested under the service.
The retrieved permissions can either include only direct permissions or also include inherited group permissions.
- Returns
dictionary of resource IDs with corresponding permissions.
-
magpie.api.management.user.user_utils.
check_user_info
(user_name: Str = None, email: Str = None, password: Str = None, group_name: Str = None, check_name: bool = True, check_email: bool = True, check_password: bool = True, check_group: bool = True) → None[source]¶ Validates provided user information to ensure they are adequate for user creation.
Using
check_
prefixed arguments, individual field checks can be disabled (check all by default).- Raises
HTTPException – appropriate error for the invalid field value or format that was checked as applicable.
- Returns
nothing if all enabled checks are successful.