magpie.api.management.user.user_views

User Views, both for specific user-name provided as request path variable and special keyword for logged session user.

Attributes

MAGPIE_CONTEXT_PERMISSION
MAGPIE_LOGGED_PERMISSION
LOGGER

Classes

WebhookAction	Supported Webhook actions.
UserGroupStatus	Supported statuses of user-group relationships.
PermissionType	Applicable types of Permission according to context.

Functions

process_webhook_requests(→ None)	Checks the config for any webhooks that correspond to the input action, and prepares corresponding requests.
get_constant(→ magpie.typedefs.SettingValue)	Search in order for matched value of constant_name:
format_permissions(→ Dict[magpie.typedefs.Str, ...)	Obtains the formatted permission representations after validation that each of their name is a known member of
get_logger(→ logging.Logger)	Immediately sets the logger level to avoid duplicate log outputs from the root logger and this logger when
get_users_view(request)	List all registered user names or details.
create_user_view(request)	Create a new user.
update_user_view(request)	Update user information by user name.
get_user_view(request)	Get user information by name.
delete_user_view(request)	Delete a user by name.
get_user_groups_view(request)	List all groups a user belongs to.
assign_user_group_view(request)	Assign a user to a group.
delete_user_group_view(request)	Removes a user from a group.
get_user_resources_view(request)	List all resources a user has permissions on.
get_user_resource_permissions_view(request)	List all permissions a user has on a specific resource.
create_user_resource_permissions_view(request)	Create a permission on specific resource for a user.
replace_user_resource_permissions_view(request)	Create or modify an existing permission on a resource for a user.
delete_user_resource_permissions_view(request)	Delete a permission from a specific resource for a user (not including his groups permissions).
delete_user_resource_permission_name_view(request)	Delete a permission by name from a resource for a user (not including his groups permissions).
get_user_services_view(request)	List all services a user has permissions on.
get_user_service_permissions_view(request)	List all permissions a user has on a service.
create_user_service_permissions_view(request)	Create a permission on a service for a user.
replace_user_service_permissions_view(request)	Create or modify an existing permission on a service for a user.
delete_user_service_permissions_view(request)	Delete a permission from a service for a user (not including his groups permissions).
delete_user_service_permission_name_view(request)	Delete a permission by name from a service for a user (not including his groups permissions).
get_user_service_resources_view(request)	List all resources under a service a user has permission on.

Module Contents

class magpie.api.management.user.user_views.WebhookAction

Bases: magpie.utils.ExtendedEnum

Supported Webhook actions.

CREATE_USER = 'create_user'

Triggered when a new User gets successfully created.

See also

User Creation

DELETE_USER = 'delete_user'

Triggered when an existing User gets successfully deleted.

See also

User Deletion

UPDATE_USER_STATUS = 'update_user_status'

Triggered when an existing User status gets successfully updated.

See also

User Status Update

CREATE_USER_PERMISSION = 'create_user_permission'

Triggered when a Permission onto a Service or Resource gets created for a User.

See also

Permission Updates

DELETE_USER_PERMISSION = 'delete_user_permission'

Triggered when a Permission onto a Service or Resource gets deleted for a User.

See also

Permission Updates

CREATE_GROUP_PERMISSION = 'create_group_permission'

Triggered when a Permission onto a Service or Resource gets created for a Group.

See also

Permission Updates

DELETE_GROUP_PERMISSION = 'delete_group_permission'

Triggered when a Permission onto a Service or Resource gets deleted for a Group.

See also

Permission Updates

magpie.api.management.user.user_views.process_webhook_requests(action: WebhookAction, params: magpie.typedefs.WebhookTemplateParameters, update_user_status_on_error: bool = False, settings: magpie.typedefs.AnySettingsContainer | None = None) → None

Checks the config for any webhooks that correspond to the input action, and prepares corresponding requests.

Parameters:

• action – tag identifying which webhooks to use in the config

• params – Dictionary containing the required parameters and associated values for the request following the event action. Parameters will replace templates found in the payload definition of the webhook.

• update_user_status_on_error – update the user status or not in case of a webhook error.

• settings – application settings where webhooks configuration can be retrieved.

magpie.api.management.user.user_views.MAGPIE_CONTEXT_PERMISSION = 'MAGPIE_CONTEXT_USER'

magpie.api.management.user.user_views.MAGPIE_LOGGED_PERMISSION = 'MAGPIE_LOGGED_USER'

magpie.api.management.user.user_views.get_constant(constant_name: magpie.typedefs.Str, settings_container: magpie.typedefs.AnySettingsContainer | None = None, settings_name: magpie.typedefs.Str | None = None, default_value: magpie.typedefs.SettingValue | None = None, raise_not_set: bool = True, raise_missing: bool = True, print_missing: bool = False, empty_missing: bool = False) → magpie.typedefs.SettingValue

Search in order for matched value of constant_name:

1. search in MAGPIE_CONSTANTS

2. search in settings if specified

3. search alternative setting names (see below)

4. search in magpie.constants definitions

5. search in environment variables

Parameter constant_name is expected to have the format MAGPIE_[VARIABLE_NAME] although any value can be passed to retrieve generic settings from all above-mentioned search locations.

If settings_name is provided as alternative name, it is used as is to search for results if constant_name was not found. Otherwise, magpie.[variable_name] is used for additional search when the format MAGPIE_[VARIABLE_NAME] was used for constant_name (i.e.: MAGPIE_ADMIN_USER will also search for magpie.admin_user and so on for corresponding constants).

Parameters:

• constant_name – key to search for a value

• settings_container – WSGI application settings container (if not provided, uses found one in current thread)

• settings_name – alternative name for settings if specified

• default_value – default value to be returned if not found anywhere, and exception raises are disabled.

• raise_not_set – raise an exception if the found key is None, search until last case if others are None

• raise_missing – raise exception if key is not found anywhere

• print_missing – print message if key is not found anywhere, return None

• empty_missing – consider an empty value for an existing key as if it was missing (i.e.: as if not set).

Returns:

found value or default_value

Raises:

• ValueError – if resulting value is invalid based on options (by default raise missing/empty/None value)

• LookupError – if no appropriate value could be found from all search locations (according to options)

class magpie.api.management.user.user_views.UserGroupStatus

Bases: magpie.utils.FlexibleNameEnum

Supported statuses of user-group relationships.

ALL = 'all'

ACTIVE = 'active'

PENDING = 'pending'

classmethod allowed() → List[magpie.typedefs.Str]

Returns all supported representation values that can be mapped to a valid status.

class magpie.api.management.user.user_views.PermissionType

Bases: magpie.utils.ExtendedEnum

Applicable types of Permission according to context.

ACCESS = 'access'

ALLOWED = 'allowed'

APPLIED = 'applied'

DIRECT = 'direct'

INHERITED = 'inherited'

EFFECTIVE = 'effective'

OWNED = 'owned'

magpie.api.management.user.user_views.format_permissions(permissions: Collection[magpie.typedefs.AnyPermissionType] | None, permission_type: PermissionType | None = None, force_unique: bool = True) → Dict[magpie.typedefs.Str, List[magpie.typedefs.Str] | magpie.typedefs.PermissionDict | magpie.typedefs.Str]

Obtains the formatted permission representations after validation that each of their name is a known member of Permission enum, and optionally with modifiers as defined by PermissionSet.

The returned lists are sorted alphabetically by permission name, and then in order of resolution priority (from highest to lowest) for each subset or corresponding name.

The permissions are cleaned from any duplicate entries, unless force_unique is specified to allow it. If no or empty permissions is provided, empty lists are returned.

Note

Field permission_names provides both the older implicit permission names and the newer explicit name representation. For this reason, there will be semantically “duplicate” permissions in that list, but there will not be any literal string duplicates. Implicit names are immediately followed by their explicit name, unless implicit names do not apply for the given permission (e.g.: when Access.DENY did not exist). Only detailed and explicit JSON representations are provided in the permissions list.

When permission_type is equal to PermissionType.ALLOWED, the collection of every applicable PermissionSet is automatically generated by expanding all combinations of Access and Scope with every provided Permission name in permissions. This allows more concise definition of allowed permissions under magpie.services.Services and their children Resource by only defining Permission names without manually listing all variations of PermissionSet.

For other permission_type values, which represent Applied Permission only explicitly provided permissions are returned, to effectively return the collection of active permissions.

Parameters:

• permissions – multiple permissions of any implementation and type, to be rendered both as names and JSON.

• permission_type – indication of the represented permissions to be formatted, for informative indication.

• force_unique – whether to remove duplicate entries by association of name, access and scope or not.

Returns:

JSON with the permissions listed as implicit+explicit names, as permission set objects, and their type.

magpie.api.management.user.user_views.get_logger(name: magpie.typedefs.Str, level: int | None = None, force_stdout: bool = None, message_format: magpie.typedefs.Str | None = None, datetime_format: magpie.typedefs.Str | None = None) → logging.Logger

Immediately sets the logger level to avoid duplicate log outputs from the root logger and this logger when level is logging.NOTSET.

magpie.api.management.user.user_views.LOGGER

magpie.api.management.user.user_views.get_users_view(request)

List all registered user names or details.

magpie.api.management.user.user_views.create_user_view(request)

Create a new user.

magpie.api.management.user.user_views.update_user_view(request)

Update user information by user name.

magpie.api.management.user.user_views.get_user_view(request)

Get user information by name.

magpie.api.management.user.user_views.delete_user_view(request)

Delete a user by name.

magpie.api.management.user.user_views.get_user_groups_view(request)

List all groups a user belongs to.

Groups can be filtered by status depending of input arguments.

magpie.api.management.user.user_views.assign_user_group_view(request)

Assign a user to a group.

magpie.api.management.user.user_views.delete_user_group_view(request)

Removes a user from a group.

magpie.api.management.user.user_views.get_user_resources_view(request)

List all resources a user has permissions on.

magpie.api.management.user.user_views.get_user_resource_permissions_view(request)

List all permissions a user has on a specific resource.

magpie.api.management.user.user_views.create_user_resource_permissions_view(request)

Create a permission on specific resource for a user.

magpie.api.management.user.user_views.replace_user_resource_permissions_view(request)

Create or modify an existing permission on a resource for a user.

Can be used to adjust permission modifiers.

magpie.api.management.user.user_views.delete_user_resource_permissions_view(request)

Delete a permission from a specific resource for a user (not including his groups permissions).

magpie.api.management.user.user_views.delete_user_resource_permission_name_view(request)

Delete a permission by name from a resource for a user (not including his groups permissions).

magpie.api.management.user.user_views.get_user_services_view(request)

List all services a user has permissions on.

magpie.api.management.user.user_views.get_user_service_permissions_view(request)

List all permissions a user has on a service.

magpie.api.management.user.user_views.create_user_service_permissions_view(request)

Create a permission on a service for a user.

magpie.api.management.user.user_views.replace_user_service_permissions_view(request)

Create or modify an existing permission on a service for a user.

Can be used to adjust permission modifiers.

magpie.api.management.user.user_views.delete_user_service_permissions_view(request)

Delete a permission from a service for a user (not including his groups permissions).

magpie.api.management.user.user_views.delete_user_service_permission_name_view(request)

Delete a permission by name from a service for a user (not including his groups permissions).

magpie.api.management.user.user_views.get_user_service_resources_view(request)

List all resources under a service a user has permission on.