vantage6.backend.common.permission.PermissionManagerBase#
- class PermissionManagerBase(resources_location, resources, default_roles)#
Bases:
ABC
Loads the permissions and syncs rules in database with rules defined in the code
- __init__(resources_location, resources, default_roles)#
Methods
__init__
(resources_location, resources, ...)appender
(name)Add a module's rules to the rule collection
assign_rule_to_fixed_role
(*args, **kwargs)Attach a rule to a fixed role (not adjustable by users).
assign_rule_to_root
(*args, **kwargs)Assign a rule to the root role.
check_user_rules
(rules)Check if a user, node or container has all the rules in a list
collection
(name)Get a RuleCollection object.
get_new_collection
(name)Initialize and return a new RuleCollection.
Collect all permission rules from all registered API resources.
register_rule
(*args, **kwargs)Register a permission rule in the database.
- appender(name)#
Add a module’s rules to the rule collection
- Parameters:
name (str) – The name of the module whose rules are to be registered
- Returns:
A callable
register_rule
function- Return type:
Callable
- abstract assign_rule_to_fixed_role(*args, **kwargs)#
Attach a rule to a fixed role (not adjustable by users).
- Parameters:
fixedrole (str) – Name of the fixed role that the rule should be added to
resource (str) – Resource that the rule applies to
operation (Operation) – Operation that the rule applies to
- Return type:
None
- assign_rule_to_root(*args, **kwargs)#
Assign a rule to the root role.
- Parameters:
resource (str) – Resource that the rule applies to
operation (Operation) – Operation that the rule applies to
scope (Scope) – Scope that the rule applies to
- Return type:
None
- abstract check_user_rules(rules)#
Check if a user, node or container has all the rules in a list
- Parameters:
rules (list[RuleInterface]) – List of rules that user is checked to have
- Returns:
Dict with a message which rule is missing, else None
- Return type:
dict | None
- collection(name)#
Get a RuleCollection object. If it doesn’t exist yet, it will be created.
- Parameters:
name (str) – Name of the module whose RuleCollection is to be obtained or created
- Returns:
The collection of rules belonging to the module name
- Return type:
- abstract get_new_collection(name)#
Initialize and return a new RuleCollection. :type name:
str
:param name: Name of the collection :type name: str- Returns:
New RuleCollection
- Return type:
- load_rules_from_resources(resources_location, resources)#
Collect all permission rules from all registered API resources.
- Parameters:
resources_location (str) – Name of the module where to load the resources from (e.g. vantage6.server.resource).
resources (list[str]) – List of the resources to load.
- Return type:
None
- abstract register_rule(*args, **kwargs)#
Register a permission rule in the database.
- Return type:
None