magpie.models

Attributes

_UserType

LOGGER

Base

RESOURCE_TREE_SERVICE

REMOTE_RESOURCE_TREE_SERVICE

RESOURCE_TYPES

RESOURCE_TYPE_DICT

Classes

Group

Mixin for Group model

GroupPermission

Mixin for GroupPermission model

UserGroupStatus

Supported statuses of user-group relationships.

UserGroup

Mixin for UserGroup model

GroupResourcePermission

Mixin for GroupResourcePermission model

Resource

Mixin for Resource model

UserPermission

Mixin for UserPermission model

UserResourcePermission

Mixin for UserResourcePermission model

User

Base mixin for User object representation.

UserPending

Temporary definition of a User pending for approval by an administrator.

UserStatuses

Values applicable to User statues.

UserSearchService

Extends the ziggurat_foundations UserService with additional features provided by Magpie.

ExternalIdentity

Mixin for External Identity model - it represents oAuth(or other) accounts

RootFactory

Used to build base Access Control List (ACL) of the request user.

UserFactory

Used to build base Access Control List (ACL) of the request user.

Service

Resource of service type.

PathBase

File

Resource that represents the leaf node in a file-system-like hierarchy.

Directory

Resource that represents an intermediate directory node within a file-system-like hierarchy.

Layer

Resource that defines multiple corresponding representations of a layer according to the OWS it lies under.

Workspace

Resource employed to contain a group of scoped Layer within a Geoserver instance.

Route

Resource employed to represent a single request path fragment.

Process

Resource that represents a process under an OWS instance servicing a WPS endpoint.

RemoteResource

Basic class that all other classes inherit from that supplies some

RemoteResourcesSyncInfo

Basic class that all other classes inherit from that supplies some

RemoteResourceTreeService

RemoteResourceTreeServicePostgresSQL

This is necessary, because ResourceTreeServicePostgresSQL.model is the Resource class. If we want to change it for a

TokenOperation

Supported operations by the temporary tokens.

TemporaryToken

Model that defines a token for temporary URL completion of a given pending operation.

Functions

get_session_callable(→ sqlalchemy.orm.session.Session)

resource_factory(→ Resource)

find_children_by_name(→ Optional[Resource])

Module Contents

magpie.models._UserType: magpie.typedefs.TypeAlias = 'User'[source]
magpie.models.LOGGER[source]
magpie.models.Base[source]
magpie.models.get_session_callable(request: pyramid.request.Request) sqlalchemy.orm.session.Session[source]
class magpie.models.Group[source]

Bases: ziggurat_foundations.models.group.GroupMixin, Base

Mixin for Group model

_priority = None[source]
get_member_count(db_session: sqlalchemy.orm.session.Session | None = None) int[source]
property discoverable[source]
Indicates if the group is discoverable for users to self-register to it.
property terms[source]
Text containing the terms and conditions.
property priority: magpie.typedefs.GroupPriority[source]

Sorting priority weight of the group for resolving conflicting permissions.

class magpie.models.GroupPermission[source]

Bases: ziggurat_foundations.models.group_permission.GroupPermissionMixin, Base

Mixin for GroupPermission model

class magpie.models.UserGroupStatus[source]

Bases: magpie.utils.FlexibleNameEnum

Supported statuses of user-group relationships.

ALL = 'all'[source]
ACTIVE = 'active'[source]
PENDING = 'pending'[source]
classmethod allowed() List[magpie.typedefs.Str][source]

Returns all supported representation values that can be mapped to a valid status.

class magpie.models.UserGroup[source]

Bases: ziggurat_foundations.models.user_group.UserGroupMixin, Base

Mixin for UserGroup model

class magpie.models.GroupResourcePermission[source]

Bases: ziggurat_foundations.models.group_resource_permission.GroupResourcePermissionMixin, Base

Mixin for GroupResourcePermission model

class magpie.models.Resource[source]

Bases: ziggurat_foundations.models.resource.ResourceMixin, Base

Mixin for Resource model

resource_type_name: magpie.typedefs.Str = None[source]
permissions: List[magpie.permissions.Permission] = [][source]
child_resource_allowed = True[source]
resource_display_name[source]
property root_service_id[source]
property __acl__: magpie.typedefs.AccessControlListType[source]

User or group that owns a resource are granted full access to it.

__str__()[source]
class magpie.models.UserPermission[source]

Bases: ziggurat_foundations.models.user_permission.UserPermissionMixin, Base

Mixin for UserPermission model

class magpie.models.UserResourcePermission[source]

Bases: ziggurat_foundations.models.user_resource_permission.UserResourcePermissionMixin, Base

Mixin for UserResourcePermission model

class magpie.models.User[source]

Bases: ziggurat_foundations.models.user.UserMixin, Base

Base mixin for User object representation. It supplies all the basic functionality from password hash generation and matching to utility methods used for querying database for users and their permissions or resources they have access to. It is meant to be extended with other application specific properties

__str__()[source]
get_groups_by_status(status: UserGroupStatus, db_session: sqlalchemy.orm.session.Session = None) Set[magpie.typedefs.Str][source]

List all groups a user belongs to, filtered by UserGroup status type.

class magpie.models.UserPending[source]

Bases: Base

Temporary definition of a User pending for approval by an administrator.

property __tablename__[source]
property id[source]
Unique identifier of user.
property user_name[source]
Unique user name.
property user_password[source]
Password hash of the user.
property email[source]
Email of the user.
property registered_date[source]
Date of user's registration.
property status[source]
Pending user status is enforced.

Avoid error in case the corresponding attribute of User was accessed.

property groups[source]
Pending user is not a member of any group.

Avoid error in case this field gets accessed when simultaneously handling User and :class`UserPending`.

get_groups_by_status(status: UserGroupStatus, db_session: sqlalchemy.orm.session.Session = None) List[magpie.typedefs.Str][source]

Pending user is not a member of any group.

Avoid error in case this method gets accessed when simultaneously handling User and :class`UserPending`.

upgrade(db_session: sqlalchemy.orm.session.Session | None = None) User[source]

Upgrades this :class`UserPending` instance to a complete and corresponding User definition.

Automatically handles instance updates in the database. All relevant User metadata is transferred from available UserPending details.

All operations that should take place during normal User creation will take effect, including minimal Group membership creation and Webhook triggers.

This current UserPending instance is finally removed and should not be accessed following upgrade.

Parameters:

db_session – Database connection to use, otherwise retrieved from the user pending object.

Returns:

created user instance

property passwordmanager[source]
Employ the same password manager attached to :class:`User` instances from :class:`UserService`.

This allows all functionalities of password generation, encryption and comparison to be directly transferable between this pending user until it eventually gets upgraded to a full User once validated.

class magpie.models.UserStatuses[source]

Bases: enum.IntFlag, magpie.utils.FlexibleNameEnum

Values applicable to User statues.

Provides allowed values for the status search query of User and UserPending entries. Also, defines the possible values of User.status field, omitting UserStatuses.Pending reserved for objects defined by UserPending.

Initialize self. See help(type(self)) for accurate signature.

OK = 1[source]
WebhookError = 2[source]
Pending = 4[source]
classmethod _get_one(status: AnyUserStatus) UserStatuses | None[source]
classmethod get(status: None | int | magpie.typedefs.Str | UserStatuses | Iterable[None, int, magpie.typedefs.Str, UserStatuses], default: UserStatuses | None = None) UserStatuses | None[source]

Obtains the combined flag UserStatuses

classmethod allowed() List[None | int | magpie.typedefs.Str][source]

Returns all supported representation values that can be mapped to a valid status for UserSearchService.

classmethod all() UserStatuses[source]

Representation of all flags combined.

__or__(other: UserStatuses | int) UserStatuses[source]

Return self|value.

__and__(other: UserStatuses | int) UserStatuses[source]

Return self&value.

__xor__(other: UserStatuses | int) UserStatuses[source]

Return self^value.

__iter__() Iterable[UserStatuses][source]
__len__()[source]
class magpie.models.UserSearchService[source]

Bases: ziggurat_foundations.models.services.user.UserService

Extends the ziggurat_foundations UserService with additional features provided by Magpie.

Note

For any search result where parameter status is equal to or contains UserStatuses.Pending combined with any other UserStatuses members, or through the all representation, the returned iterable could be a mix of both User models or only UserPending. Therefore, only fields supported by both of those models should be accessed from the result.

classmethod by_status(status: UserStatuses | None = None, db_session: sqlalchemy.orm.session.Session | None = None) Iterable[AnyUser][source]

Search for appropriate User and/or UserPending according to specified UserStatuses.

When the status is None, normal retrieval of all non-pending User is executed, as if directly using the UserService implementation. Otherwise, a combination of appropriate search criterion is executed based on the status flags.

classmethod by_user_name(user_name: magpie.typedefs.Str, status: UserStatuses | None = None, db_session: sqlalchemy.orm.session.Session | None = None) AnyUser | None[source]

Retrieves the user matching the given name.

Search is always accomplished against User table unless UserStatuses.Pending is provided in the status. If more that one status is provided such that both UserPending and User could yield results, the User is returned first, as there should not be any conflict between those two models.

classmethod by_name_or_email(user_name: magpie.typedefs.Str, email: magpie.typedefs.Str, status: UserStatuses | None = None, db_session: sqlalchemy.orm.session.Session | None = None) AnyUser | None[source]

Retrieves the first matched user by either name or email, whichever comes first.

If the status is provided, search is executed against relevant User and/or :class`UserPending` definitions. The user_name is looked for first across both tables (as needed) and then by email if not previously matched.

See also

by_user_name() by_email() by_email_and_username()

class magpie.models.ExternalIdentity[source]

Bases: ziggurat_foundations.models.external_identity.ExternalIdentityMixin, Base

Mixin for External Identity model - it represents oAuth(or other) accounts attached to your user object

class magpie.models.RootFactory(request: pyramid.request.Request)[source]

Bases: object

Used to build base Access Control List (ACL) of the request user.

All API and UI routes will employ this set of effective principals to determine if the user is authorized to access the pyramid view according to the permission value it was configured with.

Note

Keep in mind that Magpie is configured with default permission magpie.constants.MAGPIE_ADMIN_PERMISSION. Views that require more permissive authorization must be overridden with permission argument.

See also

__name__ = None[source]
__parent__ = ''[source]
request[source]
property __acl__: magpie.typedefs.AccessControlListType[source]

Administrators have all permissions, user/group-specific permissions added if user is logged in.

class magpie.models.UserFactory(request: pyramid.request.Request)[source]

Bases: RootFactory

Used to build base Access Control List (ACL) of the request user.

All API and UI routes will employ this set of effective principals to determine if the user is authorized to access the pyramid view according to the permission value it was configured with.

Note

Keep in mind that Magpie is configured with default permission magpie.constants.MAGPIE_ADMIN_PERMISSION. Views that require more permissive authorization must be overridden with permission argument.

See also

path_user = None[source]
__getitem__(user_name: magpie.typedefs.Str) UserFactory[source]
property __acl__: magpie.typedefs.AccessControlListType[source]

Grant access to Request User according to its relationship to Context User.

If it is the same user (either from explicit name or by magpie.constants.MAGPIE_LOGGED_USER reserved keyword), allow magpie.constants.MAGPIE_LOGGED_PERMISSION for itself to access corresponding views.

If request user is unauthenticated (None), magpie.constants.MAGPIE_LOGGED_USER or itself, also grant magpie.constants.MAGPIE_CONTEXT_PERMISSION to allow access to contextually-available details (e.g.: user can view his own information and public ones).

All ACL permissions from RootFactory are applied on top of user-specific permissions added here.

class magpie.models.Service[source]

Bases: Resource

Resource of service type.

__tablename__ = 'services'[source]
resource_id[source]
resource_type_name = 'service'[source]
__mapper_args__[source]
property permissions[source]
property url[source]
property type[source]
Identifier matching ``magpie.services.ServiceInterface.service_type``.
property sync_type[source]
Identifier matching ``magpie.cli.SyncServiceInterface.sync_type``.
property configuration[source]
Configuration modifiers for parsing access to resources and permissions.
static by_service_name(service_name, db_session)[source]
class magpie.models.PathBase[source]

Bases: object

permissions[source]
class magpie.models.File[source]

Bases: Resource, PathBase

Resource that represents the leaf node in a file-system-like hierarchy.

In the context of THREDDS, this represents the corresponding files exposed by the service. This resource cannot have any children resource under it.

child_resource_allowed = False[source]
resource_type_name = 'file'[source]
__mapper_args__[source]
class magpie.models.Directory[source]

Bases: Resource, PathBase

Resource that represents an intermediate directory node within a file-system-like hierarchy.

In the context of THREDDS, this represents the corresponding directories exposed by the service. Any amount of Directory can be nested under itself to form the tree hierarchy.

resource_type_name = 'directory'[source]
__mapper_args__[source]
class magpie.models.Layer[source]

Bases: Resource

Resource that defines multiple corresponding representations of a layer according to the OWS it lies under.

In the context of WFS, this is the represented collection of features. In the context of WMS, this is the referenced features employed to generate the map.

child_resource_allowed = False[source]
resource_type_name = 'layer'[source]
__mapper_args__[source]
permissions[source]
class magpie.models.Workspace[source]

Bases: Resource

Resource employed to contain a group of scoped Layer within a Geoserver instance.

resource_type_name = 'workspace'[source]
__mapper_args__[source]
permissions[source]
class magpie.models.Route[source]

Bases: Resource

Resource employed to represent a single request path fragment.

resource_type_name = 'route'[source]
__mapper_args__[source]
permissions[source]
class magpie.models.Process[source]

Bases: Resource

Resource that represents a process under an OWS instance servicing a WPS endpoint.

child_resource_allowed = False[source]
resource_type_name = 'process'[source]
__mapper_args__[source]
permissions[source]
class magpie.models.RemoteResource[source]

Bases: ziggurat_foundations.models.base.BaseModel, Base

Basic class that all other classes inherit from that supplies some basic methods useful for interaction with packages like: deform, colander or wtforms

__tablename__ = 'remote_resources'[source]
__possible_permissions__ = ()[source]
_ziggurat_services[source]
resource_id[source]
service_id[source]
parent_id[source]
ordering[source]
resource_name[source]
resource_display_name[source]
resource_type[source]
__repr__()[source]
class magpie.models.RemoteResourcesSyncInfo[source]

Bases: ziggurat_foundations.models.base.BaseModel, Base

Basic class that all other classes inherit from that supplies some basic methods useful for interaction with packages like: deform, colander or wtforms

__tablename__ = 'remote_resources_sync_info'[source]
id[source]
service_id[source]
service[source]
remote_resource_id[source]
last_sync[source]
static by_service_id(service_id, session)[source]
__repr__()[source]
class magpie.models.RemoteResourceTreeService(service_cls)[source]

Bases: ziggurat_foundations.models.services.resource_tree.ResourceTreeService

model[source]
class magpie.models.RemoteResourceTreeServicePostgresSQL(service_cls)[source]

Bases: ziggurat_foundations.models.services.resource_tree_postgres.ResourceTreeServicePostgreSQL

This is necessary, because ResourceTreeServicePostgresSQL.model is the Resource class. If we want to change it for a RemoteResource, we need this class.

The ResourceTreeService.__init__ call sets the model.

model[source]
classmethod build_subtree_strut(result, *args, **kwargs)[source]

Returns a dictionary in form of {node:Resource, children:{node_id: Resource}}.

Parameters:

result

Returns:

class magpie.models.TokenOperation[source]

Bases: magpie.utils.ExtendedEnum

Supported operations by the temporary tokens.

GROUP_ACCEPT_TERMS = 'group-accept-terms'[source]

Temporary token associated to an URL endpoint called by a user that accepts the terms and conditions (T&C) to join a particular group.

USER_PASSWORD_RESET = 'user-password-reset'[source]

Temporary token associated to an URL endpoint to request a user password reset.

USER_REGISTRATION_CONFIRM_EMAIL = 'user-registration-confirm-email'[source]

Temporary token associated to a pending user registration that requires email validation by visiting the link.

USER_REGISTRATION_ADMIN_APPROVE = 'user-registration-admin-approve'[source]

Temporary token associated to a pending user registration that will be approved by an administrator when visited.

USER_REGISTRATION_ADMIN_DECLINE = 'user-registration-admin-decline'[source]

Temporary token associated to a pending user registration that will be declined by an administrator when visited.

WEBHOOK_USER_STATUS_ERROR = 'webhook-user-status-error'[source]

Temporary token employed to provide a callback URL that a registered webhook can call following the triggered event to indicate that the corresponding operation resulted into an invalid user status.

class magpie.models.TemporaryToken(*_, **__)[source]

Bases: ziggurat_foundations.models.base.BaseModel, Base

Model that defines a token for temporary URL completion of a given pending operation.

__tablename__ = 'tmp_tokens'[source]
token[source]
operation[source]
created[source]
user_id[source]
_user[source]
user_pending_id[source]
_pending_user[source]
group_id[source]
group[source]
user() AnyUser[source]
url(settings: magpie.typedefs.AnySettingsContainer = None) magpie.typedefs.Str[source]
expired() bool[source]
static by_token(token: magpie.typedefs.Str | sqlalchemy.dialects.postgresql.UUID, db_session: sqlalchemy.orm.session.Session | None = None) TemporaryToken | None[source]
static by_user(user: AnyUser, db_session: sqlalchemy.orm.session.Session | None = None) sqlalchemy.orm.query.Query | None[source]
json() magpie.typedefs.JSON[source]
magpie.models.RESOURCE_TREE_SERVICE[source]
magpie.models.REMOTE_RESOURCE_TREE_SERVICE[source]
magpie.models.RESOURCE_TYPES[source]
magpie.models.RESOURCE_TYPE_DICT: Dict[magpie.typedefs.Str, Type[Resource]][source]
magpie.models.resource_factory(**kwargs: Any) Resource[source]
magpie.models.find_children_by_name(child_name: magpie.typedefs.Str, parent_id: int | None, db_session: sqlalchemy.orm.session.Session) Resource | None[source]