vantage6.backend.common.permission.PermissionManagerBase#

class PermissionManagerBase(resources_location, resources, default_roles)#

Bases: ABC

Loads the permissions and syncs rules in database with rules defined in the code

__init__(resources_location, resources, default_roles)#

Methods

__init__(resources_location, resources, ...)

appender(name)

Add a module's rules to the rule collection

assign_rule_to_fixed_role(*args, **kwargs)

Attach a rule to a fixed role (not adjustable by users).

assign_rule_to_root(*args, **kwargs)

Assign a rule to the root role.

check_user_rules(rules)

Check if a user, node or container has all the rules in a list

collection(name)

Get a RuleCollection object.

get_new_collection(name)

Initialize and return a new RuleCollection.

load_rules_from_resources(...)

Collect all permission rules from all registered API resources.

register_rule(*args, **kwargs)

Register a permission rule in the database.

appender(name)#

Add a module’s rules to the rule collection

Parameters:

name (str) – The name of the module whose rules are to be registered

Returns:

A callable register_rule function

Return type:

Callable

abstract assign_rule_to_fixed_role(*args, **kwargs)#

Attach a rule to a fixed role (not adjustable by users).

Parameters:
  • fixedrole (str) – Name of the fixed role that the rule should be added to

  • resource (str) – Resource that the rule applies to

  • operation (Operation) – Operation that the rule applies to

Return type:

None

assign_rule_to_root(*args, **kwargs)#

Assign a rule to the root role.

Parameters:
  • resource (str) – Resource that the rule applies to

  • operation (Operation) – Operation that the rule applies to

  • scope (Scope) – Scope that the rule applies to

Return type:

None

abstract check_user_rules(rules)#

Check if a user, node or container has all the rules in a list

Parameters:

rules (list[RuleInterface]) – List of rules that user is checked to have

Returns:

Dict with a message which rule is missing, else None

Return type:

dict | None

collection(name)#

Get a RuleCollection object. If it doesn’t exist yet, it will be created.

Parameters:

name (str) – Name of the module whose RuleCollection is to be obtained or created

Returns:

The collection of rules belonging to the module name

Return type:

RuleCollectionBase

abstract get_new_collection(name)#

Initialize and return a new RuleCollection. :type name: str :param name: Name of the collection :type name: str

Returns:

New RuleCollection

Return type:

RuleCollectionBase

load_rules_from_resources(resources_location, resources)#

Collect all permission rules from all registered API resources.

Parameters:
  • resources_location (str) – Name of the module where to load the resources from (e.g. vantage6.server.resource).

  • resources (list[str]) – List of the resources to load.

Return type:

None

abstract register_rule(*args, **kwargs)#

Register a permission rule in the database.

Return type:

None