tardis.tardis_portal.auth package¶
Submodules¶
tardis.tardis_portal.auth.authentication module¶
A module containing helper methods for the manage_auth_methods function in views.py.
- tardis.tardis_portal.auth.authentication.add_auth_method(request)¶
Add a new authentication method to request.user’s existing list of authentication methods. This method will ask for a confirmation if the user wants to merge two accounts if the authentication method he provided already exists as a method for another user.
- Parameters
request (Request) – the HTTP request object
- Returns
The HttpResponse which contains request.user’s new list of authentication methods
- Return type
HttpResponse
- tardis.tardis_portal.auth.authentication.edit_auth_method(request)¶
Change the local DB (Django) password for request.user.
- tardis.tardis_portal.auth.authentication.list_auth_methods(request)¶
Generate a list of authentication methods that request.user uses to authenticate to the system and send it back in a HttpResponse.
- Parameters
request (Request) – the HTTP request object
- Returns
The HttpResponse which contains request.user’s list of authentication methods
- Return type
HttpResponse
- tardis.tardis_portal.auth.authentication.merge_auth_method(request)¶
Merge the account that the user is logged in as and the account that he provided in the Authentication Form. Merging accounts involve relinking the UserAuthentication table entries, transferring ObjectACL entries to the merged account, changing the Group memberships and deleting the unneeded account.
- Parameters
request (Request) – the HTTP request object
- Returns
The HttpResponse which contains request.user’s new list of authentication methods
- Return type
HttpResponse
- tardis.tardis_portal.auth.authentication.remove_auth_method(request)¶
Removes the non-local DB auth method from the UserAuthentication model.
- Parameters
request (Request) – the HTTP request object
- Returns
The HttpResponse which contains request.user’s new list of authentication methods
- Return type
HttpResponse
tardis.tardis_portal.auth.authorisation module¶
Object-level authorisation backend
- class tardis.tardis_portal.auth.authorisation.ACLAwareBackend¶
Bases:
object- app_label = 'tardis_acls'¶
- authenticate(request)¶
do not use this backend for authentication
- get_perm_bool(verb)¶
relates ACLs to permissions
- has_perm(user_obj, perm, obj=None)¶
main method, calls other methods based on permission type queried
- supports_anonymous_user = True¶
- supports_object_permissions = True¶
tardis.tardis_portal.auth.authservice module¶
models.py
- class tardis.tardis_portal.auth.authservice.AuthService(settings=<LazySettings "tardis.test_settings">)¶
Bases:
objectThe AuthService provides an interface for querying the auth(n|z) framework within MyTardis. The auth service works by reading the class path to plugins from the settings file.
- Parameters
settings (
django.conf.settings) – the settings object that contains the list of user and group plugins.
- authenticate(authMethod, **credentials)¶
Try and authenticate the user using the auth type he/she specified to use and if authentication didn’t work using that
- Parameters
authMethod (string) – the shortname of the auth method.
credentials (kwargs) – the credentials as expected by the auth plugin
- Returns
authenticated User or None
- Return type
User or None
- getGroups(user)¶
- Parameters
user (User) – User
- Returns
a list of tuples containing pluginname and group id
- Return type
- getGroupsForEntity(entity)¶
Return a list of the groups an entity belongs to
- Parameters
entity (string) – the entity to earch for, user or group.
- Returns
groups
- Return type
Group
The groups will be reurned as a list similar to:
[{'name': 'Group 456', 'id': '2'}, {'name': 'Group 123', 'id': '1'}]
- getUser(authMethod, user_id, force_user_create=False)¶
Return a user model based on the given auth method and user id.
This function is responsible for creating the user within the Django DB and returning the resulting user model.
- getUsernameByEmail(authMethod, email)¶
Return a username given the auth method and email address of a user.
- get_or_create_user(user_obj_or_dict, authMethod=None)¶
refactored out for external use by AAF and possibly others
- searchEntities(filter)¶
Return a list of users and/or groups
- searchGroups(**kw)¶
basestring id: the value of the id to search for basestring name: the value of the displayname to search for int max_results: the maximum number of elements to return basestring sort_by: the attribute the users should be sorted on basestring plugin: restrict the search to the specific group provider
returns: a list of users and/or groups rtype: list
- searchUsers(filter)¶
Return a list of users and/or groups
tardis.tardis_portal.auth.decorators module¶
- tardis.tardis_portal.auth.decorators.datafile_access_required(f)¶
- tardis.tardis_portal.auth.decorators.dataset_access_required(f)¶
- tardis.tardis_portal.auth.decorators.dataset_download_required(f)¶
- tardis.tardis_portal.auth.decorators.dataset_write_permissions_required(f)¶
- tardis.tardis_portal.auth.decorators.delete_permissions_required(f)¶
- tardis.tardis_portal.auth.decorators.experiment_access_required(f)¶
- tardis.tardis_portal.auth.decorators.experiment_download_required(f)¶
- tardis.tardis_portal.auth.decorators.experiment_ownership_required(f)¶
A decorator for Django views that validates if a user is an owner of an experiment or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.
- Parameters
f (types.FunctionType) – A Django view function
- Returns
A Django view function
- Return type
types.FunctionType
- tardis.tardis_portal.auth.decorators.get_accessible_datafiles_for_user(request)¶
- tardis.tardis_portal.auth.decorators.get_accessible_experiments(request)¶
- tardis.tardis_portal.auth.decorators.get_accessible_experiments_for_dataset(request, dataset_id)¶
- tardis.tardis_portal.auth.decorators.get_owned_experiments(request)¶
- tardis.tardis_portal.auth.decorators.group_ownership_required(f)¶
A decorator for Django views that validates if a user is a group admin or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.
- Parameters
f (types.FunctionType) – A Django view function
- Returns
A Django view function
- Return type
types.FunctionType
- tardis.tardis_portal.auth.decorators.has_datafile_access(request, datafile_id)¶
- tardis.tardis_portal.auth.decorators.has_datafile_download_access(request, datafile_id)¶
- tardis.tardis_portal.auth.decorators.has_dataset_access(request, dataset_id)¶
- tardis.tardis_portal.auth.decorators.has_dataset_download_access(request, dataset_id)¶
- tardis.tardis_portal.auth.decorators.has_dataset_ownership(request, dataset_id)¶
- tardis.tardis_portal.auth.decorators.has_dataset_write(request, dataset_id)¶
- tardis.tardis_portal.auth.decorators.has_delete_permissions(request, experiment_id)¶
- tardis.tardis_portal.auth.decorators.has_experiment_access(request, experiment_id)¶
- tardis.tardis_portal.auth.decorators.has_experiment_download_access(request, experiment_id)¶
- tardis.tardis_portal.auth.decorators.has_experiment_ownership(request, experiment_id)¶
- tardis.tardis_portal.auth.decorators.has_experiment_write(request, experiment_id)¶
- tardis.tardis_portal.auth.decorators.has_read_or_owner_ACL(request, experiment_id)¶
Check whether the user has read access to the experiment - this means either they have been granted read access, or that they are the owner.
NOTE: This does not check whether the experiment is public or not, which means even when the experiment is public, this method does not automatically returns true.
As such, this method should NOT be used to check whether the user has general read permission.
- tardis.tardis_portal.auth.decorators.has_write_permissions(request, experiment_id)¶
- tardis.tardis_portal.auth.decorators.is_group_admin(request, group_id)¶
- tardis.tardis_portal.auth.decorators.upload_auth(f)¶
- tardis.tardis_portal.auth.decorators.write_permissions_required(f)¶
tardis.tardis_portal.auth.fix_circular module¶
- tardis.tardis_portal.auth.fix_circular.getGroups(user)¶
tardis.tardis_portal.auth.interfaces module¶
- class tardis.tardis_portal.auth.interfaces.AuthProvider¶
Bases:
object- authenticate(request)¶
from a request authenticate try to authenticate the user. return a user dict if successful.
- getUsernameByEmail(email)¶
returns the username (format string) from the auth domain
Implementing this function is optional- it is needed for resolving experiment owner email addresses to usernames during ingestion.
- get_user(user_id)¶
- class tardis.tardis_portal.auth.interfaces.GroupProvider¶
Bases:
object- getGroupById(id)¶
return the group associated with the id
- getGroups(user)¶
return an iteration of the available groups.
- getGroupsForEntity(id)¶
return a list of groups associated with a particular entity id
- searchGroups(**filter)¶
return a list of groups that match the filter
- class tardis.tardis_portal.auth.interfaces.UserProvider¶
Bases:
object- getUserById(id)¶
return the user dictionary in the format of:
{"id": 123, "first_name": "John", "last_name": "Smith", "email": "john@example.com"}
- getUsernameByEmail(email)¶
returns the username (format string) from the auth domain needed for resolving experiment owners during ingestion
- searchUsers(**filter)¶
return a list of user descriptions from the auth domain.
each user is in the format of:
{"id": 123, "first_name": "John", "last_name": "Smith", "email": "john@example.com"}
tardis.tardis_portal.auth.ldap_auth module¶
tardis.tardis_portal.auth.localdb_auth module¶
Local DB Authentication module.
- class tardis.tardis_portal.auth.localdb_auth.DjangoAuthBackend¶
Bases:
tardis.tardis_portal.auth.interfaces.AuthProviderAuthenticate against Django’s Model Backend.
- authenticate(request)¶
authenticate a user, this expect the user will be using form based auth and the username and password will be passed in as POST variables.
- Parameters
request (
django.http.HttpRequest) – a HTTP Request instance- Returns
authenticated User
- Return type
User
- get_user(user_id)¶
- class tardis.tardis_portal.auth.localdb_auth.DjangoGroupProvider¶
Bases:
tardis.tardis_portal.auth.interfaces.GroupProvider- getGroupById(id)¶
return the group associated with the id:
{"id": 123,
“display”: “Group Name”,}
- getGroups(user)¶
return an iteration of the available groups.
- name = 'django_group'¶
- searchGroups(**filter)¶
return a list of groups that match the filter
- class tardis.tardis_portal.auth.localdb_auth.DjangoUserProvider¶
Bases:
tardis.tardis_portal.auth.interfaces.UserProvider- getUserById(id)¶
return the user dictionary in the format of:
{"id": 123, "first_name": "John", "last_name": "Smith", "email": "john@example.com"}
- name = 'django_user'¶
tardis.tardis_portal.auth.token_auth module¶
token authentication module
- class tardis.tardis_portal.auth.token_auth.TokenAuthMiddleware(get_response)¶
Bases:
objectadds tokens to the user object and the session from a GET query
- process_request(request)¶
- class tardis.tardis_portal.auth.token_auth.TokenGroupProvider¶
Bases:
tardis.tardis_portal.auth.interfaces.GroupProviderTransforms tokens into auth groups
- getGroups(user)¶
return an iteration of the available groups.
- name = 'token_group'¶
- searchGroups(**kwargs)¶
return nothing because these are not groups in the standard sense
tardis.tardis_portal.auth.utils module¶
Created on 15/03/2011
@author: gerson
- tardis.tardis_portal.auth.utils.configure_user(user)¶
Configure a user account that has just been created by adding the user to the default groups and marking it as a not a Django account.
- Parameters
user (User) – the User instance for the newly created account
- Returns
User profile for user
- Return type
- tardis.tardis_portal.auth.utils.create_user(auth_method, user_id, email='')¶
- tardis.tardis_portal.auth.utils.get_or_create_user(auth_method, user_id, email='')¶