anyblok_pyramid.bloks.auth.
Auth
(registry)Bases: anyblok.blok.Blok
author
= 'Jean-Sébastien Suzanne'conditional_by
= []conflicting_by
= []import_declaration_module
()Do the python import for the Declaration of the model or other
name
= 'auth'optional_by
= []pyramid_load_config
(config)reload_declaration_module
(reload)required
= ['anyblok-core']required_by
= ['auth-password', 'authorization']version
= '0.1.0'This blok defined User and the base of the Authentication / Authorization.
Alone this Blok is useless because no credential and autorization are defined
You can:
Create an user:
user = registry.User.insert(
login='jssuzanne',
first_name='Jean-Sébastien',
last_name='Suzanne'
)
user.name # Jean-Sébastien SUZANNE
Add a role at this user:
role = registry.User.Role.insert(
name='admin',
label='Administrator'
)
user.roles.append(role)
check a permission for a user to use a resource:
from anyblok_pyramid.security import AnyBlokResourceFactory
@view_config(
route_name='my_view',
factory=AnyBlokResourceFactory('my_resource')
permission='my_permission'
)
def my_view(request):
return Response('Ok I have the permission')
Warning
The have to define credential behaviours, to login and logout
anyblok_pyramid.bloks.auth.user.
User
Bases: object
User declaration need for Auth
AnyBlok registration:
Fields | |
---|---|
last_name |
|
login |
|
first_name |
|
name |
|
check_login
(login=None, password=None, **kwargs)Check login / password
This method raise an exception, because any credential is stored in this bloks
Warning
This method must be overwriting by anycredential blok
Parameters: |
|
---|
first_name
= <anyblok.column.String object>format_login_params
(request)Return the login and password from query
By default the query come from json_body and are named login and password
If the entries come from another place, this method must be overwrite :param request: the request from the controllers
get_acl
(login, resource, params=None)Retun the ACL for a ressource and a user
Auth, does not implement any rule to compute ACL, This method allow all user to use the resource ask by controllers.
For other configuration, this method must be overwrite
Parameters: |
|
---|
get_login_location_to
(login, request)Return the default path after the login
get_logout_location_to
(request)Return the default path after the logout
get_name
()Return the name of the user
get_roles
(login)Return the roles of an user
Parameters: | login – str, login attribute of the user |
---|---|
Return type: | list of str (name of the roles) |
last_name
= <anyblok.column.String object>login
= <anyblok.column.String object>name
= <anyblok.field.Function object>anyblok_pyramid.bloks.auth.role.
Role
Bases: object
Role, allow to group some authorization for an user
AnyBlok registration:
Fields | |
---|---|
roles_name |
|
children |
|
name |
|
label |
|
users |
|
before_update_orm_event
(mapper, connection, target)Check if the role has not any cyclical dependencies
children
= <anyblok.relationship.Many2Many object>get_all_roles_name
()Return all the name of the roles self and dependencies
label
= <anyblok.column.String object>name
= <anyblok.column.String object>roles_name
= <anyblok.field.Function object>users
= <anyblok.relationship.Many2Many object>Give the views forlogin and logout, this views, is not applied by default You must declare the route to use them
anyblok_pyramid.bloks.auth.views.
login
(request)¶Default view to login one user
anyblok_pyramid.bloks.auth.views.
logout
(request)¶Default view to logout one user
Define the authentification / authorization policies, This depend of the options passed on the global configuration
anyblok_pyramid.bloks.auth.pyramid.
getAuthenticationPolicy
()¶Return the authentication policy in function method in configuration
anyblok_pyramid.bloks.auth.pyramid.
getAuthTktAuthenticationPolicy
()¶Define the authentication policy for Tkt
anyblok_pyramid.bloks.auth.pyramid.
getRemoteUserAuthenticationPolicy
()¶Define the authentication policy for remote user server
anyblok_pyramid.bloks.auth.pyramid.
getSessionAuthenticationPolicy
()¶Define the authentication policy for a session
anyblok_pyramid.bloks.auth.pyramid.
getBasicAuthAuthenticationPolicy
()¶Define the authentication policy for a basic auth
anyblok_pyramid.bloks.password.
Password
(registry)Bases: anyblok.blok.Blok
author
= 'Jean-Sébastien Suzanne'conditional_by
= []conflicting_by
= []import_declaration_module
()Do the python import for the Declaration of the model or other
name
= 'auth-password'optional_by
= []reload_declaration_module
(reload)required
= ['auth']required_by
= []version
= '0.1.0'This Blok define credential from an existing user. You can not add credential for an unexisting user because one foreign key constraint is defined between both.
You must have an user:
user = registry.User.insert(
login='jssuzanne',
first_name='Jean-Sébastien',
last_name='Suzanne'
)
Define the credential:
registry.User.CredentialStore.insert(
login=user.login,
password='secret password',
)
Note
The password use the Password column, the value is crypted is table and can not be get during the execution of the application, You only compare it
anyblok_pyramid.bloks.password.user.
CredentialStore
Bases: object
Save in table login / password
AnyBlok registration:
Fields | |
---|---|
password |
|
login |
|
login
= <anyblok.column.String object>password
= <anyblok.column.Password object>anyblok_pyramid.bloks.password.user.
User
Bases: object
AnyBlok registration:
check_login
(login=None, password=None, **kwargs)Overwrite the method to check if the user exist and the password gave is the same sa the password stored
Parameters: |
|
---|---|
Exception: | HTTPUnauthorized |
anyblok_pyramid.bloks.authorization.
Authorization
(registry)Bases: anyblok.blok.Blok
author
= 'Jean-Sébastien Suzanne'conditional_by
= []conflicting_by
= []import_declaration_module
()Do the python import for the Declaration of the model or other
name
= 'authorization'optional_by
= []reload_declaration_module
(reload)required
= ['auth']required_by
= []version
= '0.1.0'This blok defined authorization for User or Role on a resource or model.
Create an user:
user = registry.User.insert(
login='jssuzanne',
first_name='Jean-Sébastien',
last_name='Suzanne'
)
user.name # Jean-Sébastien SUZANNE
Add an autorization:
user.roles.append(role)
registry.User.Authorization.insert(
resource='something',
user=user,
perm_create=dict(matched=True),
perm_read=dict(matched=True),
perm_update=dict(matched=True),
perm_delete=dict(matched=True)
)
registry.User.Authorization.get_acl('jssuzanne', 'something')
# [
# (Allow, 'jssuzanne', ['create', 'delete', 'read', 'update']),
# (Deny, 'jssuzanne', ALL_PERMISSIONS),
# ]
The permissiosn is stored in the Json column, the permission can be the CRUD and also any another permission.
Each permission can defined three keys:
Query.filter_condition
, if the empty then the condition is marked as Truematched
and unmatched
can have three values:
anyblok_pyramid.bloks.authorization.user.
User
Bases: object
AnyBlok registration:
get_acl
(login, resource, params=None)Overwrite the method to return the ACL for the resource and user
Parameters: |
|
---|
anyblok_pyramid.bloks.authorization.authorization.
Authorization
Bases: object
Store the autorization rules
AnyBlok registration:
Fields | |
---|---|
perm_create |
|
login |
|
order |
|
primary_keys |
|
id |
|
model |
|
user |
|
perm_update |
|
perms |
|
resource |
|
perm_read |
|
perm_delete |
|
filter |
|
role |
|
before_insert_orm_event
(mapper, connection, target)before_update_orm_event
(mapper, connection, target)check_validity
()Check at the insert or update that all rule match
Exception: | AuthorizationValidationException |
---|
filter
= <anyblok.column.Json object>get_acl
(login, resource, params=None)Return the Pyramid ACL in function of the resource and user
Parameters: |
|
---|
get_acl_filter_model
()Return the Model to use to check the permission
id
= <anyblok.column.Integer object>login
= <anyblok.column.String object>model
= <anyblok.column.String object>order
= <anyblok.column.Integer object>perm_create
= <anyblok.field.JsonRelated object>perm_delete
= <anyblok.field.JsonRelated object>perm_read
= <anyblok.field.JsonRelated object>perm_update
= <anyblok.field.JsonRelated object>perms
= <anyblok.column.Json object>primary_keys
= <anyblok.column.Json object>resource
= <anyblok.column.String object>role
= <anyblok.relationship.Many2One object>user
= <anyblok.relationship.Many2One object>anyblok_pyramid.bloks.authorization.exceptions.
AuthorizationValidationException
Bases: Exception
Simple exception when Authorization entry is wrong