magpie.models¶
Attributes¶
Classes¶
Mixin for Group model |
|
Mixin for GroupPermission model |
|
Supported statuses of user-group relationships. |
|
Mixin for UserGroup model |
|
Mixin for GroupResourcePermission model |
|
Mixin for Resource model |
|
Mixin for UserPermission model |
|
Mixin for UserResourcePermission model |
|
Base mixin for User object representation. |
|
Temporary definition of a |
|
Values applicable to User statues. |
|
Extends the |
|
Mixin for External Identity model - it represents oAuth(or other) accounts |
|
Used to build base Access Control List (ACL) of the request user. |
|
Used to build base Access Control List (ACL) of the request user. |
|
Resource of service type. |
|
Resource that represents the leaf node in a file-system-like hierarchy. |
|
Resource that represents an intermediate directory node within a file-system-like hierarchy. |
|
Resource that defines multiple corresponding representations of a layer according to the OWS it lies under. |
|
Resource employed to contain a group of scoped |
|
Resource employed to represent a single request path fragment. |
|
Resource that represents a process under an OWS instance servicing a WPS endpoint. |
|
Basic class that all other classes inherit from that supplies some |
|
Basic class that all other classes inherit from that supplies some |
|
This is necessary, because ResourceTreeServicePostgresSQL.model is the Resource class. If we want to change it for a |
|
Supported operations by the temporary tokens. |
|
Model that defines a token for temporary URL completion of a given pending operation. |
Functions¶
|
|
|
|
|
Module Contents¶
- magpie.models.get_session_callable(request: pyramid.request.Request) sqlalchemy.orm.session.Session [source]¶
- class magpie.models.Group[source]¶
Bases:
ziggurat_foundations.models.group.GroupMixin
,Base
Mixin for Group model
- class magpie.models.GroupPermission[source]¶
Bases:
ziggurat_foundations.models.group_permission.GroupPermissionMixin
,Base
Mixin for GroupPermission model
- class magpie.models.UserGroupStatus[source]¶
Bases:
magpie.utils.FlexibleNameEnum
Supported statuses of user-group relationships.
- class magpie.models.UserGroup[source]¶
Bases:
ziggurat_foundations.models.user_group.UserGroupMixin
,Base
Mixin for UserGroup model
- class magpie.models.GroupResourcePermission[source]¶
Bases:
ziggurat_foundations.models.group_resource_permission.GroupResourcePermissionMixin
,Base
Mixin for GroupResourcePermission model
- class magpie.models.Resource[source]¶
Bases:
ziggurat_foundations.models.resource.ResourceMixin
,Base
Mixin for Resource model
- permissions: List[magpie.permissions.Permission] = [][source]¶
- class magpie.models.UserPermission[source]¶
Bases:
ziggurat_foundations.models.user_permission.UserPermissionMixin
,Base
Mixin for UserPermission model
- class magpie.models.UserResourcePermission[source]¶
Bases:
ziggurat_foundations.models.user_resource_permission.UserResourcePermissionMixin
,Base
Mixin for UserResourcePermission model
- class magpie.models.User[source]¶
Bases:
ziggurat_foundations.models.user.UserMixin
,Base
Base mixin for User object representation. It supplies all the basic functionality from password hash generation and matching to utility methods used for querying database for users and their permissions or resources they have access to. It is meant to be extended with other application specific properties
- get_groups_by_status(status: UserGroupStatus, db_session: sqlalchemy.orm.session.Session = None) Set[magpie.typedefs.Str] [source]¶
List all groups a user belongs to, filtered by UserGroup status type.
- class magpie.models.UserPending[source]¶
Bases:
Base
Temporary definition of a
User
pending for approval by an administrator.- property status[source]¶
- Pending user status is enforced.
Avoid error in case the corresponding attribute of
User
was accessed.
- property groups[source]¶
- Pending user is not a member of any group.
Avoid error in case this field gets accessed when simultaneously handling
User
and :class`UserPending`.
- get_groups_by_status(status: UserGroupStatus, db_session: sqlalchemy.orm.session.Session = None) List[magpie.typedefs.Str] [source]¶
Pending user is not a member of any group.
Avoid error in case this method gets accessed when simultaneously handling
User
and :class`UserPending`.
- upgrade(db_session: sqlalchemy.orm.session.Session | None = None) User [source]¶
Upgrades this :class`UserPending` instance to a complete and corresponding
User
definition.Automatically handles instance updates in the database. All relevant
User
metadata is transferred from availableUserPending
details.All operations that should take place during normal
User
creation will take effect, including minimalGroup
membership creation and Webhook triggers.This current
UserPending
instance is finally removed and should not be accessed following upgrade.- Parameters:
db_session – Database connection to use, otherwise retrieved from the user pending object.
- Returns:
created user instance
- property passwordmanager[source]¶
- Employ the same password manager attached to :class:`User` instances from :class:`UserService`.
This allows all functionalities of password generation, encryption and comparison to be directly transferable between this pending user until it eventually gets upgraded to a full
User
once validated.
- class magpie.models.UserStatuses[source]¶
Bases:
enum.IntFlag
,magpie.utils.FlexibleNameEnum
Values applicable to User statues.
Provides allowed values for the
status
search query ofUser
andUserPending
entries. Also, defines the possible values ofUser.status
field, omittingUserStatuses.Pending
reserved for objects defined byUserPending
.Initialize self. See help(type(self)) for accurate signature.
- classmethod _get_one(status: AnyUserStatus) UserStatuses | None [source]¶
- classmethod get(status: None | int | magpie.typedefs.Str | UserStatuses | Iterable[None, int, magpie.typedefs.Str, UserStatuses], default: UserStatuses | None = None) UserStatuses | None [source]¶
Obtains the combined flag
UserStatuses
- classmethod allowed() List[None | int | magpie.typedefs.Str] [source]¶
Returns all supported representation values that can be mapped to a valid status for
UserSearchService
.
- classmethod all() UserStatuses [source]¶
Representation of all flags combined.
- __or__(other: UserStatuses | int) UserStatuses [source]¶
Return self|value.
- __and__(other: UserStatuses | int) UserStatuses [source]¶
Return self&value.
- __xor__(other: UserStatuses | int) UserStatuses [source]¶
Return self^value.
- __iter__() Iterable[UserStatuses] [source]¶
- class magpie.models.UserSearchService[source]¶
Bases:
ziggurat_foundations.models.services.user.UserService
Extends the
ziggurat_foundations
UserService
with additional features provided by Magpie.Note
For any search result where parameter
status
is equal to or containsUserStatuses.Pending
combined with any otherUserStatuses
members, or through the all representation, the returned iterable could be a mix of both User models or onlyUserPending
. Therefore, only fields supported by both of those models should be accessed from the result.- classmethod by_status(status: UserStatuses | None = None, db_session: sqlalchemy.orm.session.Session | None = None) Iterable[AnyUser] [source]¶
Search for appropriate
User
and/orUserPending
according to specifiedUserStatuses
.When the
status
isNone
, normal retrieval of all non-pendingUser
is executed, as if directly using theUserService
implementation. Otherwise, a combination of appropriate search criterion is executed based on thestatus
flags.
- classmethod by_user_name(user_name: magpie.typedefs.Str, status: UserStatuses | None = None, db_session: sqlalchemy.orm.session.Session | None = None) AnyUser | None [source]¶
Retrieves the user matching the given name.
Search is always accomplished against
User
table unlessUserStatuses.Pending
is provided in thestatus
. If more that one status is provided such that bothUserPending
andUser
could yield results, theUser
is returned first, as there should not be any conflict between those two models.
- classmethod by_name_or_email(user_name: magpie.typedefs.Str, email: magpie.typedefs.Str, status: UserStatuses | None = None, db_session: sqlalchemy.orm.session.Session | None = None) AnyUser | None [source]¶
Retrieves the first matched user by either name or email, whichever comes first.
If the
status
is provided, search is executed against relevantUser
and/or :class`UserPending` definitions. Theuser_name
is looked for first across both tables (as needed) and then byemail
if not previously matched.See also
by_user_name()
by_email()
by_email_and_username()
- class magpie.models.ExternalIdentity[source]¶
Bases:
ziggurat_foundations.models.external_identity.ExternalIdentityMixin
,Base
Mixin for External Identity model - it represents oAuth(or other) accounts attached to your user object
- class magpie.models.RootFactory(request: pyramid.request.Request)[source]¶
Bases:
object
Used to build base Access Control List (ACL) of the request user.
All API and UI routes will employ this set of effective principals to determine if the user is authorized to access the pyramid view according to the
permission
value it was configured with.Note
Keep in mind that Magpie is configured with default permission
magpie.constants.MAGPIE_ADMIN_PERMISSION
. Views that require more permissive authorization must be overridden withpermission
argument.See also
set_default_permission
withinmagpie.includeme()
initialization steps
- class magpie.models.UserFactory(request: pyramid.request.Request)[source]¶
Bases:
RootFactory
Used to build base Access Control List (ACL) of the request user.
All API and UI routes will employ this set of effective principals to determine if the user is authorized to access the pyramid view according to the
permission
value it was configured with.Note
Keep in mind that Magpie is configured with default permission
magpie.constants.MAGPIE_ADMIN_PERMISSION
. Views that require more permissive authorization must be overridden withpermission
argument.See also
set_default_permission
withinmagpie.includeme()
initialization steps
- __getitem__(user_name: magpie.typedefs.Str) UserFactory [source]¶
- property __acl__: magpie.typedefs.AccessControlListType[source]¶
Grant access to Request User according to its relationship to Context User.
If it is the same user (either from explicit name or by
magpie.constants.MAGPIE_LOGGED_USER
reserved keyword), allowmagpie.constants.MAGPIE_LOGGED_PERMISSION
for itself to access corresponding views.If request user is unauthenticated (
None
),magpie.constants.MAGPIE_LOGGED_USER
or itself, also grantmagpie.constants.MAGPIE_CONTEXT_PERMISSION
to allow access to contextually-available details (e.g.: user can view his own information and public ones).All ACL permissions from
RootFactory
are applied on top of user-specific permissions added here.
- class magpie.models.Service[source]¶
Bases:
Resource
Resource of service type.
- class magpie.models.File[source]¶
-
Resource that represents the leaf node in a file-system-like hierarchy.
In the context of THREDDS, this represents the corresponding files exposed by the service. This resource cannot have any children resource under it.
- class magpie.models.Directory[source]¶
-
Resource that represents an intermediate directory node within a file-system-like hierarchy.
In the context of THREDDS, this represents the corresponding directories exposed by the service. Any amount of
Directory
can be nested under itself to form the tree hierarchy.
- class magpie.models.Layer[source]¶
Bases:
Resource
Resource that defines multiple corresponding representations of a layer according to the OWS it lies under.
In the context of WFS, this is the represented collection of features. In the context of WMS, this is the referenced features employed to generate the map.
- class magpie.models.Workspace[source]¶
Bases:
Resource
Resource employed to contain a group of scoped
Layer
within a Geoserver instance.
- class magpie.models.Route[source]¶
Bases:
Resource
Resource employed to represent a single request path fragment.
- class magpie.models.Process[source]¶
Bases:
Resource
Resource that represents a process under an OWS instance servicing a WPS endpoint.
- class magpie.models.RemoteResource[source]¶
Bases:
ziggurat_foundations.models.base.BaseModel
,Base
Basic class that all other classes inherit from that supplies some basic methods useful for interaction with packages like: deform, colander or wtforms
- class magpie.models.RemoteResourcesSyncInfo[source]¶
Bases:
ziggurat_foundations.models.base.BaseModel
,Base
Basic class that all other classes inherit from that supplies some basic methods useful for interaction with packages like: deform, colander or wtforms
- class magpie.models.RemoteResourceTreeService(service_cls)[source]¶
Bases:
ziggurat_foundations.models.services.resource_tree.ResourceTreeService
- class magpie.models.RemoteResourceTreeServicePostgresSQL(service_cls)[source]¶
Bases:
ziggurat_foundations.models.services.resource_tree_postgres.ResourceTreeServicePostgreSQL
This is necessary, because ResourceTreeServicePostgresSQL.model is the Resource class. If we want to change it for a RemoteResource, we need this class.
The ResourceTreeService.__init__ call sets the model.
- class magpie.models.TokenOperation[source]¶
Bases:
magpie.utils.ExtendedEnum
Supported operations by the temporary tokens.
- GROUP_ACCEPT_TERMS = 'group-accept-terms'[source]¶
Temporary token associated to an URL endpoint called by a user that accepts the terms and conditions (T&C) to join a particular group.
- USER_PASSWORD_RESET = 'user-password-reset'[source]¶
Temporary token associated to an URL endpoint to request a user password reset.
- USER_REGISTRATION_CONFIRM_EMAIL = 'user-registration-confirm-email'[source]¶
Temporary token associated to a pending user registration that requires email validation by visiting the link.
- USER_REGISTRATION_ADMIN_APPROVE = 'user-registration-admin-approve'[source]¶
Temporary token associated to a pending user registration that will be approved by an administrator when visited.
- class magpie.models.TemporaryToken(*_, **__)[source]¶
Bases:
ziggurat_foundations.models.base.BaseModel
,Base
Model that defines a token for temporary URL completion of a given pending operation.
- static by_token(token: magpie.typedefs.Str | sqlalchemy.dialects.postgresql.UUID, db_session: sqlalchemy.orm.session.Session | None = None) TemporaryToken | None [source]¶