univention.authorization package

Contents

univention.authorization package#

Submodules#

univention.authorization.authorization module#

Interface to Guardian

class univention.authorization.authorization.LocalGuardianAuthorizationClient(base_path)[source]#

Bases: object

reload()[source]#
static load_local_roles(base_path)[source]#
check_permissions(actor, targets, contexts, namespaces, extra_request_data=None, targeted_permissions_to_check=None, general_permissions_to_check=None)[source]#
get_and_check_permissions(actor, targets, contexts, namespaces, extra_request_data=None, targeted_permissions_to_check=None, general_permissions_to_check=None)[source]#
get_permissions(actor, targets, contexts, namespaces, extra_request_data=None, include_general_permissions=False)[source]#
udm_conditions_target_position_from_context(params, condition_data)[source]#
udm_conditions_target_position_in(params, condition_data)[source]#

Checks if the position matches the condition.

udm_conditions_target_object_type_equals(params, condition_data)[source]#

Checks the object type of the target object

udm_conditions_target_property_values_compares(params, condition_data)[source]#

Checks a property matches any certain value in the target object properties

target_is_self(params, condition_data)[source]#
class univention.authorization.authorization.GuardianAuthorizationClient[source]#

Bases: object

check_permissions(actor, targets, contexts, namespaces, extra_request_data=None, targeted_permissions_to_check=None, general_permissions_to_check=None)[source]#
get_and_check_permissions(actor, targets, contexts, namespaces, extra_request_data=None, targeted_permissions_to_check=None, general_permissions_to_check=None)[source]#
get_permissions(actor, targets, contexts, namespaces, extra_request_data=None, include_general_permissions=False)[source]#

univention.authorization.config module#

class univention.authorization.config.AuthorizationConfig(filename)[source]#

Bases: object

A YAML based configuration format for Guardian.

This intermediate layer allows to de-duplicate data while Guardian dosen’t offer capability bundles, permission bundles, and multiple role to capability assignments, etc.

parse()[source]#
compose()[source]#
create(client)[source]#
create_permission(role_string, permissions)[source]#
create_capability_bundle(role_string, bundle_name)[source]#
create_capability(role_string, capability_string)[source]#
resolve_conditions(condition_name)[source]#
resolve_permissions(permission_names)[source]#

univention.authorization.management module#

Guardian Management Client

exception univention.authorization.management.TokenInvalidError[source]#

Bases: Exception

class univention.authorization.management.GuardianManagementClient(management_url, username, password, oidc_token_endpoint_url, oidc_client_id)[source]#

Bases: object

static get_token(token_endpoint_url, client_id, username, password)[source]#
handle_status_code(response)[source]#
generate_headers()[source]#
post(path, data)[source]#
put(path, data)[source]#
patch(path, data)[source]#
request(method, path, data)[source]#
create_app(app_name, display_name)[source]#
modify_app(app_name, display_name)[source]#
create_namespace(app_name, namespace_name, display_name=None)[source]#
modify_namespace(app_name, namespace_name, display_name)[source]#
create_role(app_name, namespace_name, role_name, display_name)[source]#
modify_role(app_name, namespace_name, role_name, display_name)[source]#
create_permission(app_name, namespace_name, permission_name, display_name)[source]#
modify_permission(app_name, namespace_name, permission_name, display_name)[source]#
create_context(app_name, namespace_name, context_name, display_name)[source]#
modify_context(app_name, namespace_name, context_name, display_name)[source]#
create_condition(app_name, namespace_name, condition_name, display_name, documentation, code, parameters=None)[source]#
modify_condition(app_name, namespace_name, condition_name, display_name, documentation, code, parameters=None)[source]#
create_role_capability_mapping(app_name, namespace_name, name, display_name, role, permissions, conditions=None, relation='AND')[source]#
modify_role_capability_mapping(app_name, namespace_name, name, display_name, role, permissions, conditions=None, relation='AND')[source]#
prune(apps, contexts, namespaces, roles, capabilities)[source]#
univention.authorization.management.expand_role(app_name, namespace_name, name)[source]#
univention.authorization.management.expand_permission(app_name, namespace_name, name)[source]#
univention.authorization.management.expand_string(string)[source]#
univention.authorization.management.implode_string(app_name, namespace_name, name)[source]#
univention.authorization.management.expand_condition(condition, parameters=None)[source]#
class univention.authorization.management.GuardianManagementClientLocal(local_path, management_url, username, password, oidc_token_endpoint_url, oidc_client_id)[source]#

Bases: GuardianManagementClient

request(method, path, data)[source]#
prune(apps, contexts, namespaces, roles, capabilities)[source]#
On this page