flowserv.model.auth module

The authentication and authorization module contains methods to authorize users that have logged in to the system as well as methods to authorize that a given user can execute a requested action.

class flowserv.model.auth.Auth(session)

Bases: object

Base class for authentication and authorization methods. Different authorization policies should override the methods of this class.

authenticate(api_key)

Get the unique user identifier that is associated with the given API key. Raises an error if the API key is None or if it is not associated with a valid login.

Parameters

api_key (string) – Unique API access token assigned at login

Return type

flowserv.model.base.User

Raises

flowserv.error.UnauthenticatedAccessError –

group_or_run_exists(group_id=None, run_id=None)

Test whether the given group or run exists. Raises an error if they don’t exist or if no parameter or both parameters are given.

Returns the group identifier for the run. If group_id is given the value is returned as the result. If the run_id is given the group identifier is retrieved as part of the database query.

Parameters

• group_id (string, optional) – Unique workflow group identifier

• run_id (string, optional) – Unique run identifier

Raises

• ValueError –

• flowserv.error.UnknownRunError –

• flowserv.error.UnknownWorkflowGroupError –

abstract is_group_member(user_id, group_id=None, run_id=None)

Verify that the given user is member of a workflow group. The group is identified either by the given group identifier or by the identifier for a run that is associated with the group.

Expects that exactly one of the two optional identifier is given. Raises a ValueError if both identifier are None or both are not None. Raises an error if the workflow group or the run is unknown.

Parameters

• user_id (string) – Unique user identifier

• group_id (string, optional) – Unique workflow group identifier

• run_id (string, optional) – Unique run identifier

Return type

bool

Raises

• ValueError –

• flowserv.error.UnknownRunError –

• flowserv.error.UnknownWorkflowGroupError –

class flowserv.model.auth.DefaultAuthPolicy(session)

Bases: flowserv.model.auth.Auth

Default implementation for the API’s authorization methods.

is_group_member(user_id, group_id=None, run_id=None)

Verify that the given user is member of a workflow group. The group is identified either by the given group identifier or by the identifier for a run that is associated with the group.

Expects that exactly one of the two optional identifier is given. Raises a ValueError if both identifier are None or both are not None.

Parameters

• user_id (string) – Unique user identifier

• group_id (string, optional) – Unique workflow group identifier

• run_id (string, optional) – Unique run identifier

Return type

bool

Raises

• ValueError –

• flowserv.error.UnknownRunError –

• flowserv.error.UnknownWorkflowGroupError –

class flowserv.model.auth.OpenAccessAuth(session)

Bases: flowserv.model.auth.Auth

Implementation for the API’s authorization policy that gives full access to any registered user.

is_group_member(user_id, group_id=None, run_id=None)

Anyone has access to a workflow group. This method still ensures that the combination of argument values is valid and that the group or run exists.

Parameters

• user_id (string) – Unique user identifier

• group_id (string, optional) – Unique workflow group identifier

• run_id (string, optional) – Unique run identifier

Return type

bool

Raises

ValueError –

flowserv.model.auth.open_access(session)

Create an open access policy object.