magpie.api.management.user.user_views ===================================== .. py:module:: magpie.api.management.user.user_views .. autoapi-nested-parse:: User Views, both for specific user-name provided as request path variable and special keyword for logged session user. Attributes ---------- .. autoapisummary:: magpie.api.management.user.user_views.MAGPIE_CONTEXT_PERMISSION magpie.api.management.user.user_views.MAGPIE_LOGGED_PERMISSION magpie.api.management.user.user_views.LOGGER Classes ------- .. autoapisummary:: magpie.api.management.user.user_views.WebhookAction magpie.api.management.user.user_views.UserGroupStatus magpie.api.management.user.user_views.PermissionType Functions --------- .. autoapisummary:: magpie.api.management.user.user_views.process_webhook_requests magpie.api.management.user.user_views.get_constant magpie.api.management.user.user_views.format_permissions magpie.api.management.user.user_views.get_logger magpie.api.management.user.user_views.get_users_view magpie.api.management.user.user_views.create_user_view magpie.api.management.user.user_views.update_user_view magpie.api.management.user.user_views.get_user_view magpie.api.management.user.user_views.delete_user_view magpie.api.management.user.user_views.get_user_groups_view magpie.api.management.user.user_views.assign_user_group_view magpie.api.management.user.user_views.delete_user_group_view magpie.api.management.user.user_views.get_user_resources_view magpie.api.management.user.user_views.get_user_resource_permissions_view magpie.api.management.user.user_views.create_user_resource_permissions_view magpie.api.management.user.user_views.replace_user_resource_permissions_view magpie.api.management.user.user_views.delete_user_resource_permissions_view magpie.api.management.user.user_views.delete_user_resource_permission_name_view magpie.api.management.user.user_views.get_user_services_view magpie.api.management.user.user_views.get_user_service_permissions_view magpie.api.management.user.user_views.create_user_service_permissions_view magpie.api.management.user.user_views.replace_user_service_permissions_view magpie.api.management.user.user_views.delete_user_service_permissions_view magpie.api.management.user.user_views.delete_user_service_permission_name_view magpie.api.management.user.user_views.get_user_service_resources_view Module Contents --------------- .. py:class:: WebhookAction Bases: :py:obj:`magpie.utils.ExtendedEnum` Supported :term:`Webhook` actions. .. py:attribute:: CREATE_USER :value: 'create_user' Triggered when a new :term:`User` gets successfully created. .. seealso:: :ref:`webhook_user_create` .. py:attribute:: DELETE_USER :value: 'delete_user' Triggered when an existing :term:`User` gets successfully deleted. .. seealso:: :ref:`webhook_user_delete` .. py:attribute:: UPDATE_USER_STATUS :value: 'update_user_status' Triggered when an existing :term:`User` status gets successfully updated. .. seealso:: :ref:`webhook_user_update_status` .. py:attribute:: CREATE_USER_PERMISSION :value: 'create_user_permission' Triggered when a :term:`Permission` onto a :term:`Service` or :term:`Resource` gets created for a :term:`User`. .. seealso:: :ref:`webhook_permission_updates` .. py:attribute:: DELETE_USER_PERMISSION :value: 'delete_user_permission' Triggered when a :term:`Permission` onto a :term:`Service` or :term:`Resource` gets deleted for a :term:`User`. .. seealso:: :ref:`webhook_permission_updates` .. py:attribute:: CREATE_GROUP_PERMISSION :value: 'create_group_permission' Triggered when a :term:`Permission` onto a :term:`Service` or :term:`Resource` gets created for a :term:`Group`. .. seealso:: :ref:`webhook_permission_updates` .. py:attribute:: DELETE_GROUP_PERMISSION :value: 'delete_group_permission' Triggered when a :term:`Permission` onto a :term:`Service` or :term:`Resource` gets deleted for a :term:`Group`. .. seealso:: :ref:`webhook_permission_updates` .. py:function:: process_webhook_requests(action: WebhookAction, params: magpie.typedefs.WebhookTemplateParameters, update_user_status_on_error: bool = False, settings: Optional[magpie.typedefs.AnySettingsContainer] = None) -> None Checks the config for any webhooks that correspond to the input action, and prepares corresponding requests. :param action: tag identifying which webhooks to use in the config :param params: Dictionary containing the required parameters and associated values for the request following the event action. Parameters will replace *templates* found in the ``payload`` definition of the webhook. :param update_user_status_on_error: update the user status or not in case of a webhook error. :param settings: application settings where webhooks configuration can be retrieved. .. py:data:: MAGPIE_CONTEXT_PERMISSION :value: 'MAGPIE_CONTEXT_USER' .. py:data:: MAGPIE_LOGGED_PERMISSION :value: 'MAGPIE_LOGGED_USER' .. py:function:: get_constant(constant_name: magpie.typedefs.Str, settings_container: Optional[magpie.typedefs.AnySettingsContainer] = None, settings_name: Optional[magpie.typedefs.Str] = None, default_value: Optional[magpie.typedefs.SettingValue] = None, raise_not_set: bool = True, raise_missing: bool = True, print_missing: bool = False, empty_missing: bool = False) -> magpie.typedefs.SettingValue Search in order for matched value of :paramref:`constant_name`: 1. search in :py:data:`MAGPIE_CONSTANTS` 2. search in settings if specified 3. search alternative setting names (see below) 4. search in :mod:`magpie.constants` definitions 5. search in environment variables Parameter :paramref:`constant_name` is expected to have the format ``MAGPIE_[VARIABLE_NAME]`` although any value can be passed to retrieve generic settings from all above-mentioned search locations. If :paramref:`settings_name` is provided as alternative name, it is used as is to search for results if :paramref:`constant_name` was not found. Otherwise, ``magpie.[variable_name]`` is used for additional search when the format ``MAGPIE_[VARIABLE_NAME]`` was used for :paramref:`constant_name` (i.e.: ``MAGPIE_ADMIN_USER`` will also search for ``magpie.admin_user`` and so on for corresponding constants). :param constant_name: key to search for a value :param settings_container: WSGI application settings container (if not provided, uses found one in current thread) :param settings_name: alternative name for `settings` if specified :param default_value: default value to be returned if not found anywhere, and exception raises are disabled. :param raise_not_set: raise an exception if the found key is ``None``, search until last case if others are ``None`` :param raise_missing: raise exception if key is not found anywhere :param print_missing: print message if key is not found anywhere, return ``None`` :param empty_missing: consider an empty value for an existing key as if it was missing (i.e.: as if not set). :returns: found value or `default_value` :raises ValueError: if resulting value is invalid based on options (by default raise missing/empty/``None`` value) :raises LookupError: if no appropriate value could be found from all search locations (according to options) .. py:class:: UserGroupStatus Bases: :py:obj:`magpie.utils.FlexibleNameEnum` Supported statuses of user-group relationships. .. py:attribute:: ALL :value: 'all' .. py:attribute:: ACTIVE :value: 'active' .. py:attribute:: PENDING :value: 'pending' .. py:method:: allowed() -> List[magpie.typedefs.Str] :classmethod: Returns all supported representation values that can be mapped to a valid status. .. py:class:: PermissionType Bases: :py:obj:`magpie.utils.ExtendedEnum` Applicable types of :term:`Permission` according to context. .. py:attribute:: ACCESS :value: 'access' .. py:attribute:: ALLOWED :value: 'allowed' .. py:attribute:: APPLIED :value: 'applied' .. py:attribute:: DIRECT :value: 'direct' .. py:attribute:: INHERITED :value: 'inherited' .. py:attribute:: EFFECTIVE :value: 'effective' .. py:attribute:: OWNED :value: 'owned' .. py:function:: format_permissions(permissions: Optional[Collection[magpie.typedefs.AnyPermissionType]], permission_type: Optional[PermissionType] = None, force_unique: bool = True) -> Dict[magpie.typedefs.Str, Union[List[magpie.typedefs.Str], magpie.typedefs.PermissionDict, magpie.typedefs.Str]] Obtains the formatted permission representations after validation that each of their name is a known member of :class:`Permission` enum, and optionally with modifiers as defined by :class:`PermissionSet`. The returned lists are sorted alphabetically by permission *name*, and then in order of resolution priority (from highest to lowest) for each subset or corresponding *name*. The permissions are cleaned from any duplicate entries, unless :paramref:`force_unique` is specified to allow it. If no or empty :paramref:`permissions` is provided, empty lists are returned. .. note:: Field ``permission_names`` provides both the *older* implicit permission names and the *newer* explicit name representation. For this reason, there will be semantically "duplicate" permissions in that list, but there will not be any literal string duplicates. Implicit names are immediately followed by their explicit name, unless implicit names do not apply for the given permission (e.g.: when :attr:`Access.DENY` did not exist). Only detailed and explicit JSON representations are provided in the ``permissions`` list. When :paramref:`permission_type` is equal to :attr:`PermissionType.ALLOWED`, the collection of every applicable :class:`PermissionSet` is automatically generated by expanding all combinations of :class:`Access` and :class:`Scope` with every provided :class:`Permission` name in :paramref:`permissions`. This allows more concise definition of allowed permissions under :class:`magpie.services.Services` and their children :term:`Resource` by only defining :class:`Permission` names without manually listing all variations of :class:`PermissionSet`. For other :paramref:`permission_type` values, which represent :term:`Applied Permission` only explicitly provided :paramref:`permissions` are returned, to effectively return the collection of *active* permissions. :param permissions: multiple permissions of any implementation and type, to be rendered both as names and JSON. :param permission_type: indication of the represented permissions to be formatted, for informative indication. :param force_unique: whether to remove duplicate entries by association of name, access and scope or not. :returns: JSON with the permissions listed as implicit+explicit names, as permission set objects, and their type. .. py:function:: get_logger(name: magpie.typedefs.Str, level: Optional[int] = None, force_stdout: bool = None, message_format: Optional[magpie.typedefs.Str] = None, datetime_format: Optional[magpie.typedefs.Str] = None) -> logging.Logger Immediately sets the logger level to avoid duplicate log outputs from the `root logger` and `this logger` when `level` is ``logging.NOTSET``. .. py:data:: LOGGER .. py:function:: get_users_view(request) List all registered user names or details. .. py:function:: create_user_view(request) Create a new user. .. py:function:: update_user_view(request) Update user information by user name. .. py:function:: get_user_view(request) Get user information by name. .. py:function:: delete_user_view(request) Delete a user by name. .. py:function:: get_user_groups_view(request) List all groups a user belongs to. Groups can be filtered by status depending of input arguments. .. py:function:: assign_user_group_view(request) Assign a user to a group. .. py:function:: delete_user_group_view(request) Removes a user from a group. .. py:function:: get_user_resources_view(request) List all resources a user has permissions on. .. py:function:: get_user_resource_permissions_view(request) List all permissions a user has on a specific resource. .. py:function:: create_user_resource_permissions_view(request) Create a permission on specific resource for a user. .. py:function:: replace_user_resource_permissions_view(request) Create or modify an existing permission on a resource for a user. Can be used to adjust permission modifiers. .. py:function:: delete_user_resource_permissions_view(request) Delete a permission from a specific resource for a user (not including his groups permissions). .. py:function:: delete_user_resource_permission_name_view(request) Delete a permission by name from a resource for a user (not including his groups permissions). .. py:function:: get_user_services_view(request) List all services a user has permissions on. .. py:function:: get_user_service_permissions_view(request) List all permissions a user has on a service. .. py:function:: create_user_service_permissions_view(request) Create a permission on a service for a user. .. py:function:: replace_user_service_permissions_view(request) Create or modify an existing permission on a service for a user. Can be used to adjust permission modifiers. .. py:function:: delete_user_service_permissions_view(request) Delete a permission from a service for a user (not including his groups permissions). .. py:function:: delete_user_service_permission_name_view(request) Delete a permission by name from a service for a user (not including his groups permissions). .. py:function:: get_user_service_resources_view(request) List all resources under a service a user has permission on.