tardis.tardis_portal.auth package

Submodules

tardis.tardis_portal.auth.authentication module

A module containing helper methods for the manage_auth_methods function in views.py.

tardis.tardis_portal.auth.authentication.add_auth_method(request)

Add a new authentication method to request.user’s existing list of authentication methods. This method will ask for a confirmation if the user wants to merge two accounts if the authentication method he provided already exists as a method for another user.

Parameters:request (Request) – the HTTP request object
Returns:The HttpResponse which contains request.user’s new list of authentication methods
Return type:HttpResponse
tardis.tardis_portal.auth.authentication.edit_auth_method(request)

Change the local DB (Django) password for request.user.

tardis.tardis_portal.auth.authentication.list_auth_methods(request)

Generate a list of authentication methods that request.user uses to authenticate to the system and send it back in a HttpResponse.

Parameters:request (Request) – the HTTP request object
Returns:The HttpResponse which contains request.user’s list of authentication methods
Return type:HttpResponse
tardis.tardis_portal.auth.authentication.merge_auth_method(request)

Merge the account that the user is logged in as and the account that he provided in the Authentication Form. Merging accounts involve relinking the UserAuthentication table entries, transferring ObjectACL entries to the merged account, changing the Group memberships and deleting the unneeded account.

Parameters:request (Request) – the HTTP request object
Returns:The HttpResponse which contains request.user’s new list of authentication methods
Return type:HttpResponse
tardis.tardis_portal.auth.authentication.remove_auth_method(request)

Removes the non-local DB auth method from the UserAuthentication model.

Parameters:request (Request) – the HTTP request object
Returns:The HttpResponse which contains request.user’s new list of authentication methods
Return type:HttpResponse

tardis.tardis_portal.auth.authorisation module

Object-level authorisation backend

class tardis.tardis_portal.auth.authorisation.ACLAwareBackend

Bases: object

app_label = 'tardis_acls'
authenticate(request)

do not use this backend for authentication

get_perm_bool(verb)

relates ACLs to permissions

has_perm(user_obj, perm, obj=None)

main method, calls other methods based on permission type queried

supports_anonymous_user = True
supports_object_permissions = True

tardis.tardis_portal.auth.authservice module

models.py

class tardis.tardis_portal.auth.authservice.AuthService(settings=<LazySettings "tardis.test_settings">)

The AuthService provides an interface for querying the auth(n|z) framework within MyTardis. The auth service works by reading the class path to plugins from the settings file.

Parameters:settings (django.conf.settings) – the settings object that contains the list of user and group plugins.
authenticate(authMethod, **credentials)

Try and authenticate the user using the auth type he/she specified to use and if authentication didn’t work using that

Parameters:
  • authMethod (string) – the shortname of the auth method.
  • credentials (kwargs) – the credentials as expected by the auth plugin
Returns:

authenticated User or None

Return type:

User or None

getGroups(user)
Parameters:user (User) – User
Returns:a list of tuples containing pluginname and group id
Return type:list
getGroupsForEntity(entity)

Return a list of the groups an entity belongs to

Parameters:entity (string) – the entity to earch for, user or group.
Returns:groups
Return type:Group

The groups will be reurned as a list similar to:

[{'name': 'Group 456', 'id': '2'},
{'name': 'Group 123', 'id': '1'}]
getUser(authMethod, user_id, force_user_create=False)

Return a user model based on the given auth method and user id.

This function is responsible for creating the user within the Django DB and returning the resulting user model.

getUsernameByEmail(authMethod, email)

Return a username given the auth method and email address of a user.

get_or_create_user(user_obj_or_dict, authMethod=None)

refactored out for external use by AAF and possibly others

searchEntities(filter)

Return a list of users and/or groups

searchGroups(**kw)

basestring id: the value of the id to search for basestring name: the value of the displayname to search for int max_results: the maximum number of elements to return basestring sort_by: the attribute the users should be sorted on basestring plugin: restrict the search to the specific group provider

returns: a list of users and/or groups rtype: list

searchUsers(filter)

Return a list of users and/or groups

tardis.tardis_portal.auth.decorators module

tardis.tardis_portal.auth.decorators.datafile_access_required(f)
tardis.tardis_portal.auth.decorators.dataset_access_required(f)
tardis.tardis_portal.auth.decorators.dataset_download_required(f)
tardis.tardis_portal.auth.decorators.dataset_write_permissions_required(f)
tardis.tardis_portal.auth.decorators.delete_permissions_required(f)
tardis.tardis_portal.auth.decorators.experiment_access_required(f)
tardis.tardis_portal.auth.decorators.experiment_download_required(f)
tardis.tardis_portal.auth.decorators.experiment_ownership_required(f)

A decorator for Django views that validates if a user is an owner of an experiment or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.

Parameters:f (types.FunctionType) – A Django view function
Returns:A Django view function
Return type:types.FunctionType
tardis.tardis_portal.auth.decorators.get_accessible_datafiles_for_user(request)
tardis.tardis_portal.auth.decorators.get_accessible_experiments(request)
tardis.tardis_portal.auth.decorators.get_accessible_experiments_for_dataset(request, dataset_id)
tardis.tardis_portal.auth.decorators.get_owned_experiments(request)
tardis.tardis_portal.auth.decorators.get_shared_experiments(request)
tardis.tardis_portal.auth.decorators.group_ownership_required(f)

A decorator for Django views that validates if a user is a group admin or ‘superuser’ prior to further processing the request. Unauthenticated requests are redirected to the login page. If the user making the request satisfies none of these criteria, an error response is returned.

Parameters:f (types.FunctionType) – A Django view function
Returns:A Django view function
Return type:types.FunctionType
tardis.tardis_portal.auth.decorators.has_datafile_access(request, datafile_id)
tardis.tardis_portal.auth.decorators.has_datafile_download_access(request, datafile_id)
tardis.tardis_portal.auth.decorators.has_dataset_access(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_dataset_download_access(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_dataset_ownership(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_dataset_write(request, dataset_id)
tardis.tardis_portal.auth.decorators.has_delete_permissions(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_access(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_download_access(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_ownership(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_experiment_write(request, experiment_id)
tardis.tardis_portal.auth.decorators.has_read_or_owner_ACL(request, experiment_id)

Check whether the user has read access to the experiment - this means either they have been granted read access, or that they are the owner.

NOTE: This does not check whether the experiment is public or not, which means even when the experiment is public, this method does not automatically returns true.

As such, this method should NOT be used to check whether the user has general read permission.

tardis.tardis_portal.auth.decorators.has_write_permissions(request, experiment_id)
tardis.tardis_portal.auth.decorators.is_group_admin(request, *args, **kwargs)
tardis.tardis_portal.auth.decorators.upload_auth(f)
tardis.tardis_portal.auth.decorators.write_permissions_required(f)

tardis.tardis_portal.auth.fix_circular module

tardis.tardis_portal.auth.fix_circular.getGroups(user)

tardis.tardis_portal.auth.interfaces module

class tardis.tardis_portal.auth.interfaces.AuthProvider
authenticate(request)

from a request authenticate try to authenticate the user. return a user dict if successful.

getUsernameByEmail(email)

returns the username (format string) from the auth domain

Implementing this function is optional- it is needed for resolving experiment owner email addresses to usernames during ingestion.

get_user(user_id)
class tardis.tardis_portal.auth.interfaces.GroupProvider
getGroupById(id)

return the group associated with the id

getGroups(user)

return an iteration of the available groups.

getGroupsForEntity(id)

return a list of groups associated with a particular entity id

searchGroups(**filter)

return a list of groups that match the filter

class tardis.tardis_portal.auth.interfaces.UserProvider
getUserById(id)

return the user dictionary in the format of:

{"id": 123,
"first_name": "John",
"last_name": "Smith",
"email": "john@example.com"}
getUsernameByEmail(email)

returns the username (format string) from the auth domain needed for resolving experiment owners during ingestion

searchUsers(**filter)

return a list of user descriptions from the auth domain.

each user is in the format of:

{"id": 123,
"first_name": "John",
"last_name": "Smith",
"email": "john@example.com"}

tardis.tardis_portal.auth.ldap_auth module

tardis.tardis_portal.auth.localdb_auth module

Local DB Authentication module.

class tardis.tardis_portal.auth.localdb_auth.DjangoAuthBackend

Bases: tardis.tardis_portal.auth.interfaces.AuthProvider

Authenticate against Django’s Model Backend.

authenticate(request)

authenticate a user, this expect the user will be using form based auth and the username and password will be passed in as POST variables.

Parameters:request (django.http.HttpRequest) – a HTTP Request instance
Returns:authenticated User
Return type:User
get_user(user_id)
class tardis.tardis_portal.auth.localdb_auth.DjangoGroupProvider

Bases: tardis.tardis_portal.auth.interfaces.GroupProvider

getGroupById(id)

return the group associated with the id:

{"id": 123,

“display”: “Group Name”,}

getGroups(user)

return an iteration of the available groups.

name = u'django_group'
searchGroups(**filter)
class tardis.tardis_portal.auth.localdb_auth.DjangoUserProvider

Bases: tardis.tardis_portal.auth.interfaces.UserProvider

getUserById(id)

return the user dictionary in the format of:

{"id": 123,
"first_name": "John",
"last_name": "Smith",
"email": "john@example.com"}
name = u'django_user'

tardis.tardis_portal.auth.token_auth module

token authentication module

class tardis.tardis_portal.auth.token_auth.TokenAuthMiddleware(get_response)

Bases: object

adds tokens to the user object and the session from a GET query

process_request(request)
class tardis.tardis_portal.auth.token_auth.TokenGroupProvider

Bases: tardis.tardis_portal.auth.interfaces.GroupProvider

Transforms tokens into auth groups

getGroups(user)
name = u'token_group'
searchGroups(**kwargs)

return nothing because these are not groups in the standard sense

tardis.tardis_portal.auth.utils module

Created on 15/03/2011

@author: gerson

tardis.tardis_portal.auth.utils.configure_user(user)

Configure a user account that has just been created by adding the user to the default groups and marking it as a not a Django account.

Parameters:user (User) – the User instance for the newly created account
Returns:User profile for user
Return type:UserProfile
tardis.tardis_portal.auth.utils.create_user(auth_method, user_id, email='')
tardis.tardis_portal.auth.utils.get_or_create_user(auth_method, user_id, email='')

Module contents