auth – Auth Framework

The main purpose of the reworked Auth system is to allow per experiment permissions to exist allowing a richer web experience. Because of this the permissions are applied on a per experiment basis with a few predefined roles.

read

read permission allows individuals and groups access to view an experiment.

write

write permissions cover addition of new datasets and datafiles and also deletion of datafile.

delete

delete permission allows deletion of datasets and experiments.

Roles are applied through the web using the Control Panel and can be applied to either users or groups.

To make an experiment public requires and explicit publish action.

In the settings.py user providers are activated by specifying them within the USER_PROVIDERS variable:

USER_PROVIDERS = ('tardis.tardis_portal.auth.localdb_auth.DjangoUserProvider',)

In the settings.py group providers are activated by specifying them within the GROUP_PROVIDERS variable:

GROUP_PROVIDERS = ('tardis.tardis_portal.auth.localdb_auth.DjangoGroupProvider',
                   'tardis.tardis_portal.auth.vbl_auth.VblGroupProvider',)

AuthService Objects

class tardis.tardis_portal.auth.AuthService(settings=<django.conf.LazySettings object at 0x20e70b10>)

The AuthService provides an interface for querying the auth(n|z) framework within MyTARDIS. The auth service works by reading the class path to plugins from the settings file.

Parameters:settings (django.conf.settings) – the settings object that contains the list of user and group plugins.

authenticate(authMethod, **credentials)

Try and authenticate the user using the auth type he/she specified to use and if authentication didn’t work using that

Parameters:

• authMethod (string) – the shortname of the auth method.
• **credentials –

  the credentials as expected by the auth plugin

getGroups(request)

Return a list of tuples containing pluginname and group id

Parameters:request (django.http.HttpRequest) – a HTTP Request instance

getGroupsForEntity(entity)

Return a list of the groups an entity belongs to

Parameters:entity (string) – the entity to earch for, user or group.

The groups will be reurned as a list similar to:

[{'name': 'Group 456', 'id': '2'},
{'name': 'Group 123', 'id': '1'}]

getUser(authMethod, user_id, force_user_create=False)

Return a user model based on the given auth method and user id.

This function is responsible for creating the user within the Django DB and returning the resulting user model.

getUsernameByEmail(authMethod, email)

Return a username given the auth method and email address of a user.

searchEntities(filter)

Return a list of users and/or groups

searchGroups(**kw)

Return a list of users and/or groups

Parameters:

• id – the value of the id to search for
• name – the value of the displayname to search for
• max_results – the maximum number of elements to return
• sort_by – the attribute the users should be sorted on
• plugin – restrict the search to the specific group provider

searchUsers(filter)

Return a list of users and/or groups

Auth Plugins

• tardis.tardis_portal.auth.localdb_auth
• tardis.tardis_portal.auth.ldap_auth
• tardis.tardis_portal.auth.ip_auth
• tardis.tardis_portal.auth.token_auth