User Management¶

class user_management.models.GlobalGroup(*args, **kwargs)¶

Bases: user_management.models.Group

Represents a group that has global access, that is, not tied to a specific Kamaji Project.

Parameters:	id (AutoField) – role_id (ForeignKey) – The role that this group maps to name (CharField) – Name of this group

class user_management.models.Group(*args, **kwargs)¶

Bases: django.db.models.base.Model

Represents a group of users that are tied to a Role.

Parameters:	role_id (ForeignKey) – The role that this group maps to

delete(**kwargs)¶: Delete the Group

class user_management.models.KamajiUser(id, user, ssh_key)¶

Bases: shared.models.KamajiModel

Parameters:	id (AutoField) – user_id (OneToOneField) – ssh_key (CharField) –

set_global_role(role_name)¶: Sets the global role of the user. Assures the user can only have one global role by removing any other global role (except the default_spectator role) after adding the new one. :raises: GlobalGroup.DoesNotExist

set_project_role(project, role_name)¶: Sets the project role for this user. Assures a user can only have one role within a project by removing any roles in the same project before adding the new role. :raises: GlobalGroup.DoesNotExist

class user_management.models.Permission(*args, **kwargs)¶

Bases: django.db.models.base.Model

A named permission that has a relation with a number of ViewPermissions that in turn will define create, read, update, and delete permissions for a given view.

Parameters:	id (AutoField) – name (CharField) – The name of this permission

class user_management.models.Project(*args, **kwargs)¶

Bases: shared.openstack2.models.OSModel

Represents a project in Kamaji.

Parameters:	id (AutoField) – openstack_id (CharField) –

members¶

Returns:	All users that are members of a Global or Project Group that gives access to this project.
Return type:	list

users¶: Get all users in this project.

class user_management.models.ProjectGroup(*args, **kwargs)¶

Bases: user_management.models.Group

Represents a group that is tied to a Kamaji Project.

Parameters:	id (AutoField) – role_id (ForeignKey) – The role that this group maps to project_id (ForeignKey) – The project this group is assigned to.

static get_instances(project_groups)¶: Get all Instances of the projects of the specified ProjectGroups.

class user_management.models.Role(*args, **kwargs)¶

Bases: django.db.models.base.Model

Represents a set of permissions.

Parameters:	id (AutoField) – name (CharField) – The name of this role.

class user_management.models.ViewPermission(id, permission, view_name, create, read, update, delete)¶

Bases: django.db.models.base.Model

Parameters:

Parameters:	id (AutoField) – permission_id (ForeignKey) – The permission that this ViewPermission belongs to. view_name (CharField) – create (BooleanField) – True if create operations are allowed. read (BooleanField) – True if read operations are allowed. update (BooleanField) – True if update operations are allowed. delete (BooleanField) – True if delete operations are allowed.

id (AutoField) –
permission_id (ForeignKey) – The permission that this ViewPermission belongs to.
view_name (CharField) –
create (BooleanField) – True if create operations are allowed.
read (BooleanField) – True if read operations are allowed.
update (BooleanField) – True if update operations are allowed.
delete (BooleanField) – True if delete operations are allowed.

user_management.permissions.jwt_response_payload_handler(token, user=None, request=None)¶

This function generates the output returned when a user has successfully obtained a new token.

Parameters:	token (str) – The generated token user (User) – The object representing the user that has obtained the token request (HttpRequest) – The incoming request
Returns:	A dictionary with the token and the permissions the user has
Return type:	dict

class user_management.project_extractor.ProjectExtractor¶

Bases: object

Abstract Base Class for providing a custom project extraction method during the permission assessment. A custom project extraction method needs to be provided when a call to a View is connected to a specific project but it is not obvious which project from directly looking in the data attribute or kwargs of the request.

extract_project(request)¶

Extract the project from the request and return the Project model instance.

Note:	Override this method if the designated project cannot be easily extracted from the request by the common implemented solutions.
Parameters:	request (HttpRequest) – The incoming request.
Returns:	The model instance of the request.
Return type:	Project

class user_management.serializers.UserSerializer(instance=None, data=<class rest_framework.fields.empty>, **kwargs)¶

Bases: rest_framework.serializers.Serializer

User serializer that should only be used for users with a kamajiuser assigned to them. project_roles are readonly.

class user_management.views.GlobalGroupList(**kwargs)¶

Bases: rest_framework.generics.ListCreateAPIView

List or create groups with global access tied to a role. Membership in a global group allows users to access endpoints not specifically tied to a project but that effect the whole environment.

class user_management.views.GlobalGroupSingle(**kwargs)¶

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

Lookup a specific global group. Delete, update or show info about a single global group. This endpoint assigns membership to global groups.

class user_management.views.PasswordChange(**kwargs)¶

Bases: user_management.views.PasswordResetTokenValidationView

To change the password for a user, perform a post request containing a valid password reset token (token) and the requested new password (new password).

class user_management.views.PasswordLinksList(**kwargs)¶

Bases: rest_framework.views.APIView

The available endpoints managing password change

class user_management.views.PasswordResetTokenValidationView(**kwargs)¶

Bases: shared.views.LookupMixin, rest_framework.views.APIView

Validate a password reset token for a user. To perform token validation, POST a JSON object with token in a field named token.

class user_management.views.ProjectGroupList(**kwargs)¶

Bases: rest_framework.generics.ListCreateAPIView

List or create groups tied to a project and role. Membership in a project group allows users to reach project specific endpoints with info only relevant for the project of their group.

class user_management.views.ProjectGroupSingle(**kwargs)¶

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView, user_management.project_extractor.ProjectExtractor

Delete, update or show info about a single project group. This endpoints assigns membership to project groups.

class user_management.views.ProjectGroupsPerProject(**kwargs)¶

Bases: rest_framework.generics.ListAPIView

List all project groups associated with a specified group.

class user_management.views.ProjectList(**kwargs)¶

Bases: rest_framework.generics.ListCreateAPIView

List or create projects. A project can be assigned to a project group to allow users access to project specific endpoints.

class user_management.views.ProjectMembership(**kwargs)¶

Bases: rest_framework.views.APIView

View to add a user to a project with a specific role.

class user_management.views.ProjectSingle(**kwargs)¶

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

Show info about a single project.

class user_management.views.RequestPasswordChangeTokenView(**kwargs)¶

Bases: rest_framework.views.APIView

To request a password reset, simply perform a post request. No body necessary.

class user_management.views.UserList(**kwargs)¶

Bases: rest_framework.generics.ListCreateAPIView

List or create users. A user can be assigned to a group to allow access to endpoints.

serializer_class¶: alias of UserSerializer

class user_management.views.UserManagementLinksList(**kwargs)¶

Bases: rest_framework.generics.RetrieveAPIView

List all available endpoints under user_management.

class user_management.views.UserSingle(**kwargs)¶

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

Delete, update or show info about a single user.

serializer_class¶: alias of UserSerializer

class user_management.views.UsersByProjectList(**kwargs)¶

Bases: rest_framework.generics.ListAPIView

List users that are connected to KamajiUsers and are either member of a ProjectGroup for this project or is granted access to this project by being a Global Administrator or Spectator.

get_queryset()¶

Returns:	All users that has a kamajiuser and is a member of this project or a global project.

serializer_class¶: alias of UserSerializer

class user_management.views.UsersByProjectSingle(**kwargs)¶

Bases: rest_framework.generics.RetrieveAPIView

Show info about a single project user.

get_queryset()¶

Returns:	All users that has a kamajiuser and is a member of this project or a global project.

serializer_class¶: alias of UserSerializer