gws.base.auth.user

Source code: gws.base.auth.user

Module Contents

class gws.base.auth.user.AdminUser(provider, roles)

Bases: User

User object.

acl_bit(access, obj)

Get the ACL bit for a specific object.

Parameters:

  • access – Access mode.

  • obj – Requested object.

Returns:

1 or 0 if the user’s permissions have the bit and None otherwise.

class gws.base.auth.user.AuthorizedUser(provider, roles)

Bases: User

User object.

gws.base.auth.user.from_dict(provider: gws.AuthProvider, d: dict) gws.User
gws.base.auth.user.from_record(provider: gws.AuthProvider, user_rec: dict) gws.User

Create a User from a raw record as returned from a provider.

A provider can return an arbitrary dict of values. Entries whose keys are in the _FIELDS list (case-insensitively), are copied to the newly created User object.

Entries roles and attributes are copied as well, other entries are stored in the user’s data dict.

class gws.base.auth.user.GuestUser(provider, roles)

Bases: User

User object.

isGuest = True
class gws.base.auth.user.NobodyUser(provider, roles)

Bases: User

User object.

acl_bit(access, obj)

Get the ACL bit for a specific object.

Parameters:

  • access – Access mode.

  • obj – Requested object.

Returns:

1 or 0 if the user’s permissions have the bit and None otherwise.

class gws.base.auth.user.Props(*args, **kwargs)

Bases: gws.Props

Object properties.

attributes: dict
displayName: str
class gws.base.auth.user.SystemUser(provider, roles)

Bases: User

User object.

acl_bit(access, obj)

Get the ACL bit for a specific object.

Parameters:

  • access – Access mode.

  • obj – Requested object.

Returns:

1 or 0 if the user’s permissions have the bit and None otherwise.

gws.base.auth.user.to_dict(usr) dict
class gws.base.auth.user.User(provider, roles)

Bases: gws.User

User object.

isGuest = False
acl_bit(access, obj)

Get the ACL bit for a specific object.

Parameters:

  • access – Access mode.

  • obj – Requested object.

Returns:

1 or 0 if the user’s permissions have the bit and None otherwise.

acquire(uid=None, classref=None, access=None)

Get a readable object by uid.

Parameters:

  • uid – Object uid.

  • classref – Class reference. If provided, ensures that the object matches the reference.

  • access – Access mode, assumed Access.read if omitted.

Returns:

A readable object or None if the object does not exists or user doesn’t have a permission.

can(access, obj, *context)

Check if the user can access an object.

Parameters:

  • access – Access mode.

  • obj – Requested object.

  • *context – Further objects to check.

Returns:

True is access is granted.

can_create(obj, *context)

Check if the user has “create” permission on an object.

can_delete(obj, *context)

Check if the user has “delete” permission on an object.

can_edit(obj, *context)

Check if the user has “edit” permissions on an object.

can_read(obj, *context)

Check if the user has “read” permission on an object.

can_use(obj, *context)

Check if the user has “read” permission on an object.

can_write(obj, *context)

Check if the user has “write” permission on an object.

has_role(role)
props(user)

Generate a Props struct for this object.

Parameters:

user – The user for which the props should be generated.

require(uid=None, classref=None, access=None)

Get a readable object by uid and fail if not found.

Parameters:

  • uid – Object uid.

  • classref – Class reference. If provided, ensures that the object matches the reference.

  • access – Access mode, assumed Access.read if omitted.

Returns:

A readable object.

Raises:

  • NotFoundError if the object doesn't exist.

  • ForbiddenError if the user cannot read the object.

require_layer(uid=None)

Get a readable Layer object.

Parameters:

uid – Layer uid.

Returns:

A Layer object.

require_project(uid=None)

Get a readable Project object.

Parameters:

uid – Project uid.

Returns:

A Project object.