magpie.api.management.user.user_utils

Module Contents

Functions

create_user(user_name: Str, password: Optional[Str], email: Str, group_name: Optional[Str], db_session: Session) → HTTPException

Creates a user if it is permitted and not conflicting. Password must be set to None if using external identity.

create_user_resource_permission_response(user: models.User, resource: ServiceOrResourceType, permission: Permission, db_session: Session) → HTTPException

Creates a permission on a user/resource combination if it is permitted and not conflicting.

delete_user_group(user: models.User, group: models.Group, db_session: Session) → None

Deletes a user-group relationship (user membership to a group).

delete_user_resource_permission_response(user: models.User, resource: ServiceOrResourceType, permission: Permission, db_session: Session) → HTTPException

Get validated response on deleted user resource permission.

filter_user_permission(resource_permission_list: List[ResourcePermissionType], user: models.User) → Iterable[ResourcePermissionType]

Retrieves only direct user permissions on resources amongst a list of user/group resource/service permissions.

get_user_resource_permissions_response(user: models.User, resource: ServiceOrResourceType, request: Request, inherit_groups_permissions: bool = True, effective_permissions: bool = False) → HTTPException

Retrieves user resource permissions with or without inherited group permissions. Alternatively retrieves the

get_user_services(user: models.User, request: Request, cascade_resources: bool = False, inherit_groups_permissions: bool = False, format_as_list: bool = False) → UserServicesType

Returns services by type with corresponding services by name containing sub-dict information.

get_user_service_permissions(user: models.User, service: models.Service, request: Request, inherit_groups_permissions: bool = True) → List[Permission]

get_user_resources_permissions_dict(user: models.User, request: Request, resource_types: Optional[List[Str]] = None, resource_ids: Optional[List[int]] = None, inherit_groups_permissions: bool = True) → Dict[Str, AnyPermissionType]

Creates a dictionary of resources by id with corresponding permissions of the user.

get_user_service_resources_permissions_dict(user: models.User, service: models.Service, request: Request, inherit_groups_permissions: bool = True) → ResourcePermissionMap

Retrieves all permissions the user has for all resources nested under the service.

check_user_info(user_name: Str = None, email: Str = None, password: Str = None, group_name: Str = None, check_name: bool = True, check_email: bool = True, check_password: bool = True, check_group: bool = True) → None

Validates provided user information to ensure they are adequate for user creation.

get_user_groups_checked(user: models.User, db_session: Session) → List[Str]

Obtains the validated list of group names from a pre-validated user.
magpie.api.management.user.user_utils.create_user(user_name: Str, password: Optional[Str], email: Str, group_name: Optional[Str], db_session: Session) → HTTPException[source]

Creates a user if it is permitted and not conflicting. Password must be set to None if using external identity.

Created user will immediately assigned membership to the group matching group_name (can be MAGPIE_ANONYMOUS_GROUP for minimal access). If no group is provided, this anonymous group will be applied by default, creating a user effectively without any permissions other than ones set directly for him.

Furthermore, the user will also always be associated with MAGPIE_ANONYMOUS_GROUP (if not already explicitly or implicitly requested with group_name) to allow access to resources with public permission. Argument group_name MUST be an existing group if provided.

Returns

valid HTTP response on successful operation.

magpie.api.management.user.user_utils.create_user_resource_permission_response(user: models.User, resource: ServiceOrResourceType, permission: Permission, db_session: Session) → HTTPException[source]

Creates a permission on a user/resource combination if it is permitted and not conflicting.

Returns

valid HTTP response on successful operation.

magpie.api.management.user.user_utils.delete_user_group(user: models.User, group: models.Group, db_session: Session) → None[source]

Deletes a user-group relationship (user membership to a group).

Returns

nothing - user-group is deleted.

Raises

HTTPNotFound – if the combination cannot be found.

magpie.api.management.user.user_utils.delete_user_resource_permission_response(user: models.User, resource: ServiceOrResourceType, permission: Permission, db_session: Session) → HTTPException[source]

Get validated response on deleted user resource permission.

Returns

valid HTTP response on successful operations.

Raises

HTTPException – error HTTP response of corresponding situation.

magpie.api.management.user.user_utils.filter_user_permission(resource_permission_list: List[ResourcePermissionType], user: models.User) → Iterable[ResourcePermissionType][source]

Retrieves only direct user permissions on resources amongst a list of user/group resource/service permissions.

magpie.api.management.user.user_utils.get_user_resource_permissions_response(user: models.User, resource: ServiceOrResourceType, request: Request, inherit_groups_permissions: bool = True, effective_permissions: bool = False) → HTTPException[source]

Retrieves user resource permissions with or without inherited group permissions. Alternatively retrieves the effective user resource permissions, where group permissions are implied as True.

Returns

valid HTTP response on successful operations.

Raises

HTTPException – error HTTP response of corresponding situation.

magpie.api.management.user.user_utils.get_user_services(user: models.User, request: Request, cascade_resources: bool = False, inherit_groups_permissions: bool = False, format_as_list: bool = False) → UserServicesType[source]

Returns services by type with corresponding services by name containing sub-dict information.

Parameters

  • user – user for which to find services

  • request – request with database session connection

  • cascade_resources – If False, return only services which the User has Immediate Permissions on specialized top-level resources corresponding to services. Otherwise, return every service that has at least one sub-resource with permissions (children at any-level). In both cases, the permissions looked for consider either only Direct Permissions or any Inherited Permissions according to the value of inherit_groups_permissions.

  • inherit_groups_permissions – If False, return only user-specific service/sub-resources Direct Permissions. Otherwise, resolve Inherited Permissions using all groups the user is member of.

  • format_as_list – returns as list of service dict information (not grouped by type and by name)

Returns

Only services which the user as Direct Permissions or considering all tree hierarchy, and for each case, either considering only user permissions or every Inherited Permissions, according to provided options.

Return type

Dict of services by type with corresponding services by name containing sub-dict information, unless format_as_list is True

magpie.api.management.user.user_utils.get_user_service_permissions(user: models.User, service: models.Service, request: Request, inherit_groups_permissions: bool = True) → List[Permission][source]
magpie.api.management.user.user_utils.get_user_resources_permissions_dict(user: models.User, request: Request, resource_types: Optional[List[Str]] = None, resource_ids: Optional[List[int]] = None, inherit_groups_permissions: bool = True) → Dict[Str, AnyPermissionType][source]

Creates a dictionary of resources by id with corresponding permissions of the user.

Parameters

  • user – user for which to find services

  • request – request with database session connection

  • resource_types – filter the search query with specified resource types

  • resource_ids – filter the search query with specified resource ids

  • inherit_groups_permissions – If False, return only user-specific resource permissions. Otherwise, resolve inherited permissions using all groups the user is member of.

Returns

Only services which the user as permissions on, or including all Inherited Permissions, according to inherit_groups_permissions argument.

magpie.api.management.user.user_utils.get_user_service_resources_permissions_dict(user: models.User, service: models.Service, request: Request, inherit_groups_permissions: bool = True) → ResourcePermissionMap[source]

Retrieves all permissions the user has for all resources nested under the service.

The retrieved permissions can either include only direct permissions or also include inherited group permissions.

Returns

dictionary of resource IDs with corresponding permissions.

magpie.api.management.user.user_utils.check_user_info(user_name: Str = None, email: Str = None, password: Str = None, group_name: Str = None, check_name: bool = True, check_email: bool = True, check_password: bool = True, check_group: bool = True) → None[source]

Validates provided user information to ensure they are adequate for user creation.

Using check_ prefixed arguments, individual field checks can be disabled (check all by default).

Raises

HTTPException – appropriate error for the invalid field value or format that was checked as applicable.

Returns

nothing if all enabled checks are successful.

magpie.api.management.user.user_utils.get_user_groups_checked(user: models.User, db_session: Session) → List[Str][source]

Obtains the validated list of group names from a pre-validated user.