xia_meta_auth.permission.Permission

class xia_meta_auth.permission.Permission(**kwargs)

Bases: VirtualWorker

Permission Management

Each owner will have their own rbac model stored.
Each user can request an acl model.

__init__(**kwargs)

Methods

`__init__`(**kwargs)
`add_role_permissions`(role_name, permissions)
`add_roles_in_role`(role_name, role_list[, save])
`add_roles_in_user`(user_name, role_list[, save])
`add_user_permissions`(user_name, permissions)
`add_users_in_role`(role_name, user_list[, save])
`check_new_group`(new_group)	Check if new added group will break DAG (making a circular)
`delete`([cascade])	Delete a document
`delete_all`()	Delete every instance of this document type
`dfs`(start, discovered)	Deep First Search
`drop`()	Drop the collection
`from_db`(**kwargs)	Transform database data to internal data
`from_display`(**kwargs)	Transform Display data to internal data
`get_collection_name`()	Get collection name of current class
`get_display_data`([lazy])	Get Display data (visualized form of data)
`get_id`()	Get document id
`get_implicit_permissions_for_user`(user_name)	Get full recursive permission list
`get_raw_data`()	Get Raw data (materialized form of data)
`get_role_permissions`(role_name)
`get_roles_in_role`(role_name)
`get_runtime_data`()	Get Runtime data (calculated from raw data when runtime is activated)
`get_sample`()	Get a sample document data
`get_user_acl`(user_name)	Get Enforcer from the given user_name and owner_name
`get_user_permissions`(user_name)
`get_users_in_role`(role_name)
`list`(owner_name[, limit])	List objects of predefined criteria, default limited to 10 objects
`load`(args, *kwargs)	Load a Document from engine
`objects`(**kwargs)	Search documents
`reload`()	Reload the document from the engine
`save`([validate, cascade])	Save a document to engine
`set_role_permissions`(role_name, permissions)
`set_roles_in_role`(role_name, role_list[, save])
`set_roles_in_user`(user_name, role_list[, save])
`set_user_permissions`(user_name, permissions)
`to_db`([ignore_unknown, no_class])	Translate the runtime data into raw data (materialized form of data)
`update`([validate, cascade])	Update existed fields
`validate`()	Validate if all of the component of document follows the predefined rules

Attributes

`cluster_fields`	Cluster Fields
`groups`
`key_fields`	Key Fields
`logger`
`name`
`owner_name`
`partition_info`	Partition information
`policies`
`reverse_delete_rules`

check_new_group(new_group: Group) → bool

Check if new added group will break DAG (making a circular)

Parameters: new_group – New group to be added into DAG
Returns: True if the new group is safe else False

cluster_fields = []: Cluster Fields

delete(cascade: bool = True)

Delete a document

Parameters: cascade (bool) – Activate the cascade delete

classmethod delete_all(): Delete every instance of this document type

dfs(start: str, discovered: dict) → dict

Deep First Search

Parameters

start – start point
discovered – a dictionary [point, discovered] to mark if a point could be reached from start point

Returns

discovered record after searching.

classmethod drop()

Drop the collection

Hard way to delete the collection. No cascade relation will be considered

classmethod from_db(**kwargs)

Transform database data to internal data

Parameters: **kwargs (object) – python dict got from system
Returns: python dict object

classmethod from_display(**kwargs)

Transform Display data to internal data

Parameters: **kwargs (object) – display object got from front end
Returns: python dict object

classmethod get_collection_name()

Get collection name of current class

Returns: collection name
Return type: str

get_display_data(lazy: bool = True)

Get Display data (visualized form of data)

Returns: python dict object

Notes

We will return the detail form if it is possible

get_id()

Get document id

Returns: Document ID
Return type: str

get_implicit_permissions_for_user(user_name: str) → list

Get full recursive permission list

Parameters: user_name (str) – User name
Returns: list of [obj, act]

Notes

The user can only modify / delete their user-data

get_raw_data()

Get Raw data (materialized form of data)

Returns: python dict object

get_runtime_data()

Get Runtime data (calculated from raw data when runtime is activated)

Returns: python dict object

classmethod get_sample(): Get a sample document data

get_user_acl(user_name: str)

Get Enforcer from the given user_name and owner_name

Parameters: user_name (str) – User name
Returns: The enforcer is a simple ACL enforcer

key_fields = []: Key Fields

classmethod list(owner_name: str, limit: int = 10, **kwargs): List objects of predefined criteria, default limited to 10 objects

classmethod load(*args, **kwargs)

Load a Document from engine

Parameters

*args – a list document id (should only have one valid)
**kwargs –

Returns

loaded document instance

classmethod objects(**kwargs)

Search documents

Parameters: **kwargs – Search Configuration
Returns: generator of a found document

Notes

key, str pair: single value search
key, list pair: array_contains_any search
embedded search: a__b means b component of a. a.b means the key’s name is a.b
operators: key is end with __op__. The following op are supported:
- __eq__: Could ignore because it is a by default behavior
- __lt__, __le__, __gt__, __ge__, __ne__: as is supposed by the name
- __asc__, __desc__: the result will be ordered by the fields

partition_info = {}: Partition information

reload()

Reload the document from the engine

Returns: itself with refreshed data

save(validate: bool = True, cascade: bool = True)

Save a document to engine

Parameters

validate (bool) – Should the validation to be passed or not
cascade (bool) – Save cascaded document

Returns

itself (with document id in the case of a new created document)

to_db(ignore_unknown: bool = False, no_class: bool = False)

Translate the runtime data into raw data (materialized form of data)

Parameters

no_class (bool) – Don’t save the class name into document
ignore_unknown (bool) – When a field is not defined in the document, should we send it back to the database

Returns

python dict object

update(validate=True, cascade: bool = True, **kwargs)

Update existed fields

Parameters

validate (bool) – Should the data be validated before update or not
cascade (bool) – Activate the cascade update / delete
**kwargs – update parameters

Returns

updated document in the form of python object

Notes

Update String Specifications * embedded update: a__b means b component of a. a.b means the key’s name is a.b * operators: key is end with __op__. The following op are supported:

__append__: Append an item to array

__remove__: Remove an item

__delete__: Delete the field

Notes

We need to update the data from all sources

validate()

Validate if all of the component of document follows the predefined rules

Returns: Always None. No exception raised means the validation passed