pywebtools.pyramid.auth.models – Authentication SQLAlchemy Models

This module contains all the SQLAlchemy models needed to implement the persistence level of the authentication framework. The main classes of interest are the User and TimeToken.

class pywebtools.pyramid.auth.models.Permission(**kwargs)

The Permission class represents a single permission that can be granted to a User or to a PermissionGroup.

Instances of Permission have the following attributes:

  • id – The unique database identifier
  • name – The unique name used for permission checking
  • permission_groups – List of PermissionGroup that contain this Permission
  • title – The title displayed for this Permission
  • users – List of User that have this Permission
class pywebtools.pyramid.auth.models.PermissionGroup(**kwargs)

The PermissionGroup groups together one or more Permission for easier administration.

Instances of PermissionGroup have the following attributes:

class pywebtools.pyramid.auth.models.TimeToken(user_id, action, timeout, data=None)

The TimeToken represents a validation token that has a timeout period.

Instances of the TimeTokne have the following attributes:

  • id – The unique database identifier
  • user_id – The identifier of the User` it belongs to
  • action – The action the TimeToken is associated with
  • token – The random token
  • timeout – The timeout timestamp until which the TimeToken is valid
  • data – Any payload data
class pywebtools.pyramid.auth.models.User(**kwargs)

The User represents a generic user. Which functionality they can access is determined purely through the individual User‘s Permission.

Instances of the User have the following attributes:

  • id – The unique database identifier
  • display_name – The name to display
  • email – The e-mail address used for login and communication
  • login_limit – Login limitation counter to stop brute-force login attacks
  • parts – The UserPartProgress belonging to this User
  • password – The hashed password
  • permissions – The User‘s list of Permission.
  • permission_groups – The User‘s list of PermissionGroup.
  • salt – The password hash salt
admin_menu(request)

Generates the menu bar for the users administration list.

allow(action, user)

Checks whether the given user is allowed to perform the given action. Supports the following actions: view, edit, delete.

Parameters:
  • action (unicode) – The action to check for
  • user (User) – The user to check
Returns:

True if the user may perform the action, False otherwise

Return type:

bool

has_option(key)

Check if the User has the given option.

Parameters:key (unicode) – Option key to check.
Returns:Whether the option exists or not
Return type:boolean
has_permission(permission)

Checks whether the user has been granted the given permission, either directly or via a PermissionGroup.

Parameters:permission (unicode) – The permission to check for
Returns:True if the user has the permission, False otherwise
Return type:bool
new_password(password)

Sets the given password as the User‘s new password. Calls new_salt() to generate a new salt for the password.

Parameters:password (unicode) – The new cleartext password
new_salt()

Generates a new salt`. Will use os.urandom if available and the standard pseudo-random if not.

option(key)

Get the User options with the key.

Parameters:key (unicode) – Option key to fetch.
Returns:Returns the option value or None
password_matches(password)

Checks whether the given password matches the hashed, stored password.

Parameters:password (unicode) – The password to check
Returns:True if the passwords match, False otherwise
Return type:bool
pywebtools.pyramid.auth.models.groups_permissions = Table('permission_groups_permissions', MetaData(bind=None), Column('permission_group_id', Integer(), ForeignKey('permission_groups.id'), table=<permission_groups_permissions>, primary_key=True, nullable=False), Column('permission_id', Integer(), ForeignKey('permissions.id'), table=<permission_groups_permissions>, primary_key=True, nullable=False), schema=None)

sqlalchemy.Table to link PermissionGroup and Permission.

pywebtools.pyramid.auth.models.init_auth_permissions(dbsession)

Creates the “User Administration” PermissionGroup and the four Permission “admin.users.view”, “admin.users.edit”, “admin.users.delete”, and “admin.users.permission” needed for the user management views to work.

Parameters:dbsession (scoped_session()) – The database session to add the new objects to
Returns:The group with the new permissions
Return type:PermissionGroup
pywebtools.pyramid.auth.models.users_groups = Table('users_permission_groups', MetaData(bind=None), Column('user_id', Integer(), ForeignKey('users.id'), table=<users_permission_groups>, primary_key=True, nullable=False), Column('permission_group_id', Integer(), ForeignKey('permission_groups.id'), table=<users_permission_groups>, primary_key=True, nullable=False), schema=None)

sqlalchemy.Table to link User and PermissionGroup.

pywebtools.pyramid.auth.models.users_permissions = Table('users_permissions', MetaData(bind=None), Column('user_id', Integer(), ForeignKey('users.id'), table=<users_permissions>, primary_key=True, nullable=False), Column('permission_id', Integer(), ForeignKey('permissions.id'), table=<users_permissions>, primary_key=True, nullable=False), schema=None)

sqlalchemy.Table to link User and Permission.