tardis.tardis_portal.auth package¶
Submodules¶
tardis.tardis_portal.auth.authentication module¶
A module containing helper methods for the manage_auth_methods function in views.py.
-
tardis.tardis_portal.auth.authentication.
add_auth_method
(request)¶ Add a new authentication method to request.user’s existing list of authentication methods. This method will ask for a confirmation if the user wants to merge two accounts if the authentication method he provided already exists as a method for another user.
Parameters: request (Request) – the HTTP request object Returns: The HttpResponse which contains request.user’s new list of authentication methods Return type: HttpResponse
-
tardis.tardis_portal.auth.authentication.
edit_auth_method
(request)¶ Change the local DB (Django) password for request.user.
-
tardis.tardis_portal.auth.authentication.
list_auth_methods
(request)¶ Generate a list of authentication methods that request.user uses to authenticate to the system and send it back in a HttpResponse.
Parameters: request (Request) – the HTTP request object Returns: The HttpResponse which contains request.user’s list of authentication methods Return type: HttpResponse
-
tardis.tardis_portal.auth.authentication.
merge_auth_method
(request)¶ Merge the account that the user is logged in as and the account that he provided in the Authentication Form. Merging accounts involve relinking the UserAuthentication table entries, transferring ObjectACL entries to the merged account, changing the Group memberships and deleting the unneeded account.
Parameters: request (Request) – the HTTP request object Returns: The HttpResponse which contains request.user’s new list of authentication methods Return type: HttpResponse
-
tardis.tardis_portal.auth.authentication.
remove_auth_method
(request)¶ Removes the non-local DB auth method from the UserAuthentication model.
Parameters: request (Request) – the HTTP request object Returns: The HttpResponse which contains request.user’s new list of authentication methods Return type: HttpResponse
tardis.tardis_portal.auth.authorisation module¶
Object-level authorisation backend
Bases:
object
do not use this backend for authentication
relates ACLs to permissions
main method, calls other methods based on permission type queried
tardis.tardis_portal.auth.authservice module¶
models.py
-
class
tardis.tardis_portal.auth.authservice.
AuthService
(settings=<django.conf.LazySettings object>)¶ The AuthService provides an interface for querying the auth(n|z) framework within MyTardis. The auth service works by reading the class path to plugins from the settings file.
Parameters: settings ( django.conf.settings
) – the settings object that contains the list of user and group plugins.-
authenticate
(authMethod, **credentials)¶ Try and authenticate the user using the auth type he/she specified to use and if authentication didn’t work using that
Parameters: - authMethod (string) – the shortname of the auth method.
- credentials (kwargs) – the credentials as expected by the auth plugin
Returns: authenticated User or None
Return type: User or None
-
getGroups
(user)¶ Parameters: user (User) – User Returns: a list of tuples containing pluginname and group id Return type: list
-
getGroupsForEntity
(entity)¶ Return a list of the groups an entity belongs to
Parameters: entity (string) – the entity to earch for, user or group. Returns: groups Return type: Group The groups will be reurned as a list similar to:
[{'name': 'Group 456', 'id': '2'}, {'name': 'Group 123', 'id': '1'}]
-
getUser
(authMethod, user_id, force_user_create=False)¶ Return a user model based on the given auth method and user id.
This function is responsible for creating the user within the Django DB and returning the resulting user model.
-
getUsernameByEmail
(authMethod, email)¶ Return a username given the auth method and email address of a user.
-
get_or_create_user
(user_obj_or_dict, authMethod=None)¶ refactored out for external use by AAF and possibly others
-
searchEntities
(filter)¶ Return a list of users and/or groups
-
searchGroups
(**kw)¶ basestring id: the value of the id to search for basestring name: the value of the displayname to search for int max_results: the maximum number of elements to return basestring sort_by: the attribute the users should be sorted on basestring plugin: restrict the search to the specific group
providerreturns a list of users and/or groups rtype list
-
searchUsers
(filter)¶ Return a list of users and/or groups
-
tardis.tardis_portal.auth.decorators module¶
-
tardis.tardis_portal.auth.decorators.
datafile_access_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
dataset_access_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
dataset_download_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
dataset_write_permissions_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
delete_permissions_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
experiment_access_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
experiment_download_required
(f)¶
-
tardis.tardis_portal.auth.decorators.
experiment_ownership_required
(f)¶ A decorator for Django views that validates if a user is an owner of an experiment or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.
Parameters: f (types.FunctionType) – A Django view function Returns: A Django view function Return type: types.FunctionType
-
tardis.tardis_portal.auth.decorators.
get_accessible_datafiles_for_user
(request)¶
-
tardis.tardis_portal.auth.decorators.
get_accessible_experiments
(request)¶
-
tardis.tardis_portal.auth.decorators.
get_accessible_experiments_for_dataset
(request, dataset_id)¶
-
tardis.tardis_portal.auth.decorators.
get_owned_experiments
(request)¶
-
tardis.tardis_portal.auth.decorators.
group_ownership_required
(f)¶ A decorator for Django views that validates if a user is a group admin or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.
Parameters: f (types.FunctionType) – A Django view function Returns: A Django view function Return type: types.FunctionType
-
tardis.tardis_portal.auth.decorators.
has_datafile_access
(request, datafile_id)¶
-
tardis.tardis_portal.auth.decorators.
has_datafile_download_access
(request, datafile_id)¶
-
tardis.tardis_portal.auth.decorators.
has_dataset_access
(request, dataset_id)¶
-
tardis.tardis_portal.auth.decorators.
has_dataset_download_access
(request, dataset_id)¶
-
tardis.tardis_portal.auth.decorators.
has_dataset_ownership
(request, dataset_id)¶
-
tardis.tardis_portal.auth.decorators.
has_dataset_write
(request, dataset_id)¶
-
tardis.tardis_portal.auth.decorators.
has_delete_permissions
(request, experiment_id)¶
-
tardis.tardis_portal.auth.decorators.
has_experiment_access
(request, experiment_id)¶
-
tardis.tardis_portal.auth.decorators.
has_experiment_download_access
(request, experiment_id)¶
-
tardis.tardis_portal.auth.decorators.
has_experiment_ownership
(request, experiment_id)¶
-
tardis.tardis_portal.auth.decorators.
has_experiment_write
(request, experiment_id)¶
-
tardis.tardis_portal.auth.decorators.
has_read_or_owner_ACL
(request, experiment_id)¶ Check whether the user has read access to the experiment - this means either they have been granted read access, or that they are the owner.
NOTE: This does not check whether the experiment is public or not, which means even when the experiment is public, this method does not automatically returns true.
As such, this method should NOT be used to check whether the user has general read permission.
-
tardis.tardis_portal.auth.decorators.
has_write_permissions
(request, experiment_id)¶
-
tardis.tardis_portal.auth.decorators.
is_group_admin
(request, *args, **kwargs)¶
-
tardis.tardis_portal.auth.decorators.
upload_auth
(f)¶
-
tardis.tardis_portal.auth.decorators.
write_permissions_required
(f)¶
tardis.tardis_portal.auth.fix_circular module¶
-
tardis.tardis_portal.auth.fix_circular.
getGroups
(user)¶
tardis.tardis_portal.auth.httpbasicendpoint_auth module¶
Created on Dec 15, 2011
@author: uqtdettr
-
class
tardis.tardis_portal.auth.httpbasicendpoint_auth.
HttpBasicEndpointAuth
(openerDirector=<urllib2.OpenerDirector instance>, endpoint=None)¶ Bases:
tardis.tardis_portal.auth.interfaces.AuthProvider
This class provides authentication against a HTTP resource protected by HTTP Basic authentication. Access is granted based on the user credentials being valid against that resource.
-
class
SimplePasswordMgr
¶ Bases:
urllib2.HTTPPasswordMgr
Simple password manager which provides the same credentials, no matter the realm or the uri.
-
add_password
(realm, uri, username, password)¶
-
clear
()¶
-
find_user_password
(realm, authuri)¶
-
-
authenticate
(request)¶ Authenticate a user, expecting the user will be using form-based auth and the username and password will be passed in url-encoded form POST variables.
Parameters: request ( django.http.HttpRequest
) – a HTTP Request instanceReturns: authenticated user Return type: User
-
get_user
(user_id)¶
-
class
tardis.tardis_portal.auth.interfaces module¶
-
class
tardis.tardis_portal.auth.interfaces.
AuthProvider
¶ -
authenticate
(request)¶ from a request authenticate try to authenticate the user. return a user dict if successful.
-
getUsernameByEmail
(email)¶ returns the username (format string) from the auth domain
Implementing this function is optional- it is needed for resolving experiment owner email addresses to usernames during ingestion.
-
get_user
(user_id)¶
-
-
class
tardis.tardis_portal.auth.interfaces.
GroupProvider
¶ -
getGroupById
(id)¶ return the group associated with the id
-
getGroups
(user)¶ return an iteration of the available groups.
-
getGroupsForEntity
(id)¶ return a list of groups associated with a particular entity id
-
searchGroups
(**filter)¶ return a list of groups that match the filter
-
-
class
tardis.tardis_portal.auth.interfaces.
UserProvider
¶ -
getUserById
(id)¶ return the user dictionary in the format of:
{"id": 123, "first_name": "John", "last_name": "Smith", "email": "john@example.com"}
-
getUsernameByEmail
(email)¶ returns the username (format string) from the auth domain needed for resolving experiment owners during ingestion
-
searchUsers
(**filter)¶ return a list of user descriptions from the auth domain.
each user is in the format of:
{"id": 123, "first_name": "John", "last_name": "Smith", "email": "john@example.com"}
-
tardis.tardis_portal.auth.ldap_auth module¶
tardis.tardis_portal.auth.localdb_auth module¶
Local DB Authentication module.
-
class
tardis.tardis_portal.auth.localdb_auth.
DjangoAuthBackend
¶ Bases:
tardis.tardis_portal.auth.interfaces.AuthProvider
Authenticate against Django’s Model Backend.
-
authenticate
(request)¶ authenticate a user, this expect the user will be using form based auth and the username and password will be passed in as POST variables.
Parameters: request ( django.http.HttpRequest
) – a HTTP Request instanceReturns: authenticated User Return type: User
-
get_user
(user_id)¶
-
-
class
tardis.tardis_portal.auth.localdb_auth.
DjangoGroupProvider
¶ Bases:
tardis.tardis_portal.auth.interfaces.GroupProvider
-
getGroupById
(id)¶ return the group associated with the id:
{"id": 123,
“display”: “Group Name”,}
-
getGroups
(user)¶ return an iteration of the available groups.
-
name
= u'django_group'¶
-
searchGroups
(**filter)¶
-
-
class
tardis.tardis_portal.auth.localdb_auth.
DjangoUserProvider
¶ Bases:
tardis.tardis_portal.auth.interfaces.UserProvider
-
getUserById
(id)¶ return the user dictionary in the format of:
{"id": 123, "first_name": "John", "last_name": "Smith", "email": "john@example.com"}
-
name
= u'django_user'¶
-
tardis.tardis_portal.auth.token_auth module¶
token authentication module
-
class
tardis.tardis_portal.auth.token_auth.
TokenAuthMiddleware
¶ Bases:
object
adds tokens to the user object and the session from a GET query
-
process_request
(request)¶
-
-
class
tardis.tardis_portal.auth.token_auth.
TokenGroupProvider
¶ Bases:
tardis.tardis_portal.auth.interfaces.GroupProvider
Transforms tokens into auth groups
-
getGroups
(user)¶
-
name
= u'token_group'¶
-
searchGroups
(**kwargs)¶ return nothing because these are not groups in the standard sense
-
tardis.tardis_portal.auth.utils module¶
Created on 15/03/2011
@author: gerson
-
tardis.tardis_portal.auth.utils.
configure_user
(user)¶ Configure a user account that has just been created by adding the user to the default groups and creating a UserProfile.
Parameters: user (User) – the User instance for the newly created account Returns: User profile for user Return type: UserProfile
-
tardis.tardis_portal.auth.utils.
create_user
(auth_method, user_id, email='')¶
-
tardis.tardis_portal.auth.utils.
get_or_create_user
(auth_method, user_id, email='')¶