Home | Trees | Indices | Help |
|
---|
|
gluon.tools.Auth --+ | AuthS3
S3 extensions of the gluon.tools.Auth class - override: - __init__ - define_tables - login_bare - set_cookie - login - register - email_reset_password - verify_email - profile - has_membership - requires_membership - S3 extension for user registration: - s3_register_validation - s3_user_register_onaccept - S3 extension for user administration: - configure_user_fields - s3_verify_user - s3_approve_user - s3_link_user - s3_user_profile_onaccept - s3_link_to_person - s3_link_to_organisation - s3_link_to_human_resource - s3_link_to_member - s3_approver - S3 custom authentication methods: - s3_impersonate - s3_logged_in - S3 user role management: - get_system_roles - s3_set_roles - s3_create_role - s3_delete_role - s3_assign_role - s3_withdraw_role - s3_has_role - s3_group_members - S3 ACL management: - s3_update_acls - S3 user identification helpers: - s3_get_user_id - s3_user_pe_id - s3_logged_in_person - s3_logged_in_human_resource - S3 core authorization methods: - s3_has_permission - s3_accessible_query - S3 variants of web2py authorization methods: - s3_has_membership - s3_requires_membership - S3 record ownership methods: - s3_make_session_owner - s3_session_owns - s3_set_record_owner
Instance Methods | |||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
Static Methods | |||
|
|||
|
Class Variables | |
S3_SYSTEM_ROLES = Storage(ADMIN= "ADMIN", AUTHENTICATED= "AUTH
|
Method Details |
Initialise parent class & make any necessary modifications |
to be called unless tables are defined manually usages: # defines all needed tables and table files # UUID + "_auth_user.table", ... auth.define_tables() # defines all needed tables and table files # "myprefix_auth_user.table", ... auth.define_tables(migrate="myprefix_") # defines all needed tables without migration/table files auth.define_tables(migrate=False) |
Logs user in
|
Set a Cookie to the client browser so that we know this user has registered & so we should present them with a login form instead of a register form |
Overrides Web2Py's login() to use custom flash styles & utcnow
|
Returns a form that lets the user change password |
Returns a form to reset the user password, overrides web2py's version of the method to not swallow the _next var. |
Returns a form to reset the user password, overrides web2py's version of the method to apply Eden formstyles.
|
Log the user in - common function called by login() & register() |
Overrides Web2Py's register() to add new functionality:
|
Overrides Web2Py's email_reset_password() to modify the message structure
|
gives user_id membership of group_id or role if user is None than user_id is that of current logged in user S3: extended to support Entities |
action user to verify the registration email, XXXXXXXXXXXXXXXX .. method:: Auth.verify_email([next=DEFAULT [, onvalidation=DEFAULT [, log=DEFAULT]]]) |
returns a form that lets the user change his/her profile .. method:: Auth.profile([next=DEFAULT [, onvalidation=DEFAULT [, onaccept=DEFAULT [, log=DEFAULT]]]]) Patched for S3 to use s3_mark_required and handle opt_in mailing lists |
Configure User Fields - for registration & user administration pe_ids: an optional list of pe_ids for the Org Filter i.e. org_admin coming from admin.py/user() |
Called when users are imported from CSV Lookups Pseudo-reference Integer fields from Names e.g.: auth_membership.pe_id from organisation.name=<Org Name> |
JavaScript client-side validation for Registration / User profile - needed to check for passwords being same, etc |
|
S3 framework function Designed to be called when a user is created through:
Does the following:
|
S3 framework function Designed to be called when a user is created through:
Does the following:
To Do: If these fields are implemented with the InlineForms functionality, this function may become redundant |
" Designed to be called when a user is verified through:
Does the following:
@returns boolean - if the user has been approved |
S3 framework function Designed to be called when a user is created through:
Does the following:
|
S3 framework function Designed to be called when a user is created & approved through:
Does the following:
|
Update the UI locale from user profile |
Links user accounts to person registry entries @param user: the user record @param organisation_id: the user's organisation_id to get the person's realm_entity Policy for linking to pre-existing person records: If this user is already linked to a person record with a different first_name, last_name, email or realm_entity these will be updated to those of the user. If a person record with exactly the same first name and last name exists, which has a contact information record with exactly the same email address as used in the user account, and is not linked to another user account, then this person record will be linked to this user account. Otherwise, a new person record is created, and a new email contact record with the email address from the user record is registered for that person. |
Link a user account to an organisation
|
Link a user account to an organisation group
|
Take ownership of the HR records of the person record To Do: Add user to the Org Access role. |
Link to a member Record |
Returns the Approver for a new Registration & the organisation_id field @param: user - the user record (form.vars when done direct) @ToDo: Support multiple approvers per Org - via Org Admin (or specific Role?) Split into separate functions to returning approver & finding users' org from auth_organisations @returns approver, organisation_id - if approver = False, user is automatically approved by whitelist |
Send a welcome mail to newly-registered users - especially suitable for users from Facebook/Google who don't verify their emails @param user: the user dict, must contain "email", and can contain "language" for translation of the message @param password: optional password to include in a custom welcome_email |
S3 framework function Designed to be used within tasks, which are run in a separate request & hence don't have access to current.auth
|
Check whether the user is currently logged-in - tries Basic if not |
Get the IDs of the session roles by their UIDs, and store them in the current session, as these IDs should never change. |
Get the pe_ids of all managed organisations (to authorize role assignments) TODO use this in admin/user controller |
Update pe_id, roles and realms for the current user |
Back-end method to create roles with ACLs
|
Remove a role from the system.
Note: protected roles cannot be deleted with this function, need to reset the protected-flag first to override |
Assigns a role to a user (add the user to a user group) @param user_id: the record ID of the user account @param group_id: the record ID(s)/UID(s) of the group @param for_pe: the person entity (pe_id) to restrict the group membership to, possible values: - None: use default realm (entities the user is affiliated with) - 0: site-wide realm (no entity-restriction) - X: restrict to records owned by entity X @note: strings are assumed to be group UIDs @note: for_pe will be ignored for ADMIN, ANONYMOUS and AUTHENTICATED |
Removes a role assignment from a user account @param user_id: the record ID of the user account @param group_id: the record ID(s)/UID(s) of the role @param for_pe: only remove the group membership for this realm, possible values: - None: only remove for the default realm - 0: only remove for the site-wide realm - X: only remove for entity X - []: remove for any realms @note: strings are assumed to be role UIDs |
Lookup all roles which have been assigned to user for an entity
|
Check whether the currently logged-in user has a certain role (auth_group membership).
|
Check whether the currently logged-in user has at least one out of a set of roles (or all of them, with all=True)
|
Get a list of members of a group
|
Delegate a role (auth_group) from one entity to another
Notes:
|
Remove a delegation.
Notes:
|
Lookup delegations for an entity, ordered either by receiver (by_role=False) or by affiliation role (by_role=True)
|
Wrapper for permission.update_acl to allow batch updating |
Get the user_id for a person_id
|
Get the person pe_id for a user ID
|
Get the list of person pe_id for list of user_ids
|
Get the person record ID for the current logged-in user |
Get the first HR record ID for the current logged-in user |
S3 framework function to define whether a user can access a record in manner "method". Designed to be called from the RESTlike controller.
|
Returns a query with all accessible records for the currently logged-in user
Note: This method does not work on GAE because it uses JOIN and IN |
Checks if user is member of group_id or role Extends Web2Py's requires_membership() to add new functionality:
|
Checks if user is member of group_id or role Extends Web2Py's requires_membership() to add new functionality:
|
Decorator that prevents access to action if not logged in or if user logged in is not a member of group_id. If role is provided instead of group_id then the group_id is calculated. Extends Web2Py's requires_membership() to add new functionality:
|
Decorator that prevents access to action if not logged in or if user logged in is not a member of group_id. If role is provided instead of group_id then the group_id is calculated. Extends Web2Py's requires_membership() to add new functionality:
|
Makes the current session owner of a record
|
Checks whether the current session owns a record
|
Removes session ownership for a record
|
Update ownership fields in a record (DRY helper method for s3_set_record_owner and set_realm_entity)
|
Set the record owned_by_user, owned_by_group and realm_entity for a record (auto-detect values). To be called by CRUD and Importer during record creation.
Notes:
|
Update the realm entity for records, will also update the realm in all configured realm-entities, see: http://eden.sahanafoundation.org/wiki/S3AAA/OrgAuth#Realms1 To be called by CRUD and Importer during record update.
|
Lookup the realm entity for a record
|
Update the shared fields in data in all super-entity rows linked with this record.
|
If there are no facilities that the user has permission for, prevents create & update of records in table & gives a warning if the user tries to.
|
If there are no organisations that the user has update permission for, prevents create & update of a record in table & gives an warning if the user tries to.
|
Return the current user's root organisation ID or None |
Return the current user's root organisation name or None |
Function to return a query to filter a table to only display results for the user's root org OR record with no root org To Do: Restore Realms and add a role/functionality support for Master Data Then this function is redundant |
Class Variable Details |
S3_SYSTEM_ROLES
|
Home | Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Fri Mar 15 08:51:49 2019 | http://epydoc.sourceforge.net |