roles Package¶
models
Module¶
- class lemur.roles.models.Role(**kwargs)
Bases:
Model
- authorities
- authority
- authority_id
- certificate
- certificates
- description
- id
- name
- password
- pending_cert
- pending_certificates
- sensitive_fields = ('password',)
- third_party
- user
- user_id
- username
- users
service
Module¶
- lemur.roles.service.create(name, password=None, description=None, username=None, users=None, third_party=False)
Create a new role
- Parameters:
name –
users –
description –
username –
password –
- Returns:
- lemur.roles.service.delete(role_id)
Remove a role
- Parameters:
role_id –
- Returns:
- lemur.roles.service.get(role_id)
Retrieve a role by ID
- Parameters:
role_id –
- Returns:
- lemur.roles.service.get_by_name(role_name)
Retrieve a role by its name
- Parameters:
role_name –
- Returns:
- lemur.roles.service.get_or_create(role_name, description)
- lemur.roles.service.render(args)
Helper that filters subsets of roles depending on the parameters passed to the REST Api
- Parameters:
args –
- Returns:
- lemur.roles.service.set_third_party(role_id, third_party_status=False)
Sets a role to be a third party role. A user should pretty much never call this directly.
- Parameters:
role_id –
third_party_status –
- Returns:
- lemur.roles.service.update(role_id, name, description, users)
Update a role
- Parameters:
role_id –
name –
description –
users –
- Returns:
- lemur.roles.service.warn_user_updates(role_name, current_users, new_users)
views
Module¶
- class lemur.roles.views.AuthorityRolesList
Bases:
AuthenticatedResource
Defines the ‘roles’ endpoint
- endpoint = 'authorityRoles'
- get(authority_id)
- GET /authorities/1/roles¶
List of roles for a given authority
Example request:
GET /authorities/1/roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "role1", "description": "this is role1" }, { "id": 2, "name": "role2", "description": "this is role2" } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.roles.views.RoleViewCredentials
Bases:
AuthenticatedResource
- endpoint = 'roleCredentials`'
- get(role_id)
- GET /roles/1/credentials¶
View a roles credentials
Example request:
GET /users/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "username": "ausername", "password": "apassword" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- class lemur.roles.views.Roles
Bases:
AuthenticatedResource
- delete(role_id)
- DELETE /roles/1¶
Delete a role
Example request:
DELETE /roles/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "message": "ok" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- endpoint = 'role'
- get(role_id)
- GET /roles/1¶
Get a particular role
Example request:
GET /roles/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "role1", "description": "this is role1" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'PUT'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- put(role_id, data=None)
- PUT /roles/1¶
Update a role
Example request:
PUT /roles/1 HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "name": "role1", "description": "This is a new description" }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "role1", "description": "this is a new description" }
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.roles.views.RolesList
Bases:
AuthenticatedResource
Defines the ‘roles’ endpoint
- endpoint = 'roles'
- get()
- GET /roles¶
The current role list
Example request:
GET /roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "role1", "description": "this is role1" }, { "id": 2, "name": "role2", "description": "this is role2" } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.
- post(data=None)
- POST /roles¶
Creates a new role
Example request:
POST /roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript Content-Type: application/json;charset=UTF-8 { "name": "role3", "description": "this is role3", "username": null, "password": null, "users": [ {"id": 1} ] }
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 3, "description": "this is role3", "name": "role3" }
- Parameters:
name – name for new role
description – description for new role
password – password for new role
username – username for new role
users – list, of users to associate with role
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
403 Forbidden – unauthenticated
- class lemur.roles.views.UserRolesList
Bases:
AuthenticatedResource
Defines the ‘roles’ endpoint
- endpoint = 'userRoles'
- get(user_id)
- GET /users/1/roles¶
List of roles for a given user
Example request:
GET /users/1/roles HTTP/1.1 Host: example.com Accept: application/json, text/javascript
Example response:
HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "items": [ { "id": 1, "name": "role1", "description": "this is role1" }, { "id": 2, "name": "role2", "description": "this is role2" } ] "total": 2 }
- Query Parameters:
sortBy – field to sort on
sortDir – asc or desc
page – int default is 1
filter – key value pair format is k;v
count – count number default is 10
- Request Headers:
Authorization – OAuth token to authenticate
- Status Codes:
200 OK – no error
- mediatypes()
- methods: t.ClassVar[t.Collection[str] | None] = {'GET'}
The methods this view is registered for. Uses the same default (
["GET", "HEAD", "OPTIONS"]
) asroute
andadd_url_rule
by default.