User Management

class user_management.models.GlobalGroup(*args, **kwargs)

Bases: user_management.models.Group

Represents a group that has global access, that is, not tied to a specific Kamaji Project.

Parameters:
  • id (AutoField) –
  • role_id (ForeignKey) – The role that this group maps to
  • name (CharField) – Name of this group
class user_management.models.Group(*args, **kwargs)

Bases: django.db.models.base.Model

Represents a group of users that are tied to a Role.

Parameters:role_id (ForeignKey) – The role that this group maps to
delete(**kwargs)

Delete the Group

class user_management.models.KamajiUser(id, user, ssh_key)

Bases: shared.models.KamajiModel

Parameters:
  • id (AutoField) –
  • user_id (OneToOneField) –
  • ssh_key (CharField) –
set_global_role(role_name)

Sets the global role of the user. Assures the user can only have one global role by removing any other global role (except the default_spectator role) after adding the new one. :raises: GlobalGroup.DoesNotExist

set_project_role(project, role_name)

Sets the project role for this user. Assures a user can only have one role within a project by removing any roles in the same project before adding the new role. :raises: GlobalGroup.DoesNotExist

class user_management.models.Permission(*args, **kwargs)

Bases: django.db.models.base.Model

A named permission that has a relation with a number of ViewPermissions that in turn will define create, read, update, and delete permissions for a given view.

Parameters:
  • id (AutoField) –
  • name (CharField) – The name of this permission
class user_management.models.Project(*args, **kwargs)

Bases: shared.openstack2.models.OSModel

Represents a project in Kamaji.

Parameters:
  • id (AutoField) –
  • openstack_id (CharField) –
members
Returns:All users that are members of a Global or Project Group that gives access to this project.
Return type:list
users

Get all users in this project.

class user_management.models.ProjectGroup(*args, **kwargs)

Bases: user_management.models.Group

Represents a group that is tied to a Kamaji Project.

Parameters:
  • id (AutoField) –
  • role_id (ForeignKey) – The role that this group maps to
  • project_id (ForeignKey) – The project this group is assigned to.
static get_instances(project_groups)

Get all Instances of the projects of the specified ProjectGroups.

class user_management.models.Role(*args, **kwargs)

Bases: django.db.models.base.Model

Represents a set of permissions.

Parameters:
  • id (AutoField) –
  • name (CharField) – The name of this role.
class user_management.models.ViewPermission(id, permission, view_name, create, read, update, delete)

Bases: django.db.models.base.Model

Parameters:
  • id (AutoField) –
  • permission_id (ForeignKey) – The permission that this ViewPermission belongs to.
  • view_name (CharField) –
  • create (BooleanField) – True if create operations are allowed.
  • read (BooleanField) – True if read operations are allowed.
  • update (BooleanField) – True if update operations are allowed.
  • delete (BooleanField) – True if delete operations are allowed.
user_management.permissions.jwt_response_payload_handler(token, user=None, request=None)

This function generates the output returned when a user has successfully obtained a new token.

Parameters:
  • token (str) – The generated token
  • user (User) – The object representing the user that has obtained the token
  • request (HttpRequest) – The incoming request
Returns:

A dictionary with the token and the permissions the user has

Return type:

dict

class user_management.project_extractor.ProjectExtractor

Bases: object

Abstract Base Class for providing a custom project extraction method during the permission assessment. A custom project extraction method needs to be provided when a call to a View is connected to a specific project but it is not obvious which project from directly looking in the data attribute or kwargs of the request.

extract_project(request)

Extract the project from the request and return the Project model instance.

Note:Override this method if the designated project cannot be easily extracted from the request by the common implemented solutions.
Parameters:request (HttpRequest) – The incoming request.
Returns:The model instance of the request.
Return type:Project
class user_management.serializers.UserSerializer(instance=None, data=<class rest_framework.fields.empty>, **kwargs)

Bases: rest_framework.serializers.Serializer

User serializer that should only be used for users with a kamajiuser assigned to them. project_roles are readonly.

class user_management.views.GlobalGroupList(**kwargs)

Bases: rest_framework.generics.ListCreateAPIView

List or create groups with global access tied to a role. Membership in a global group allows users to access endpoints not specifically tied to a project but that effect the whole environment.

class user_management.views.GlobalGroupSingle(**kwargs)

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

Lookup a specific global group. Delete, update or show info about a single global group. This endpoint assigns membership to global groups.

class user_management.views.PasswordChange(**kwargs)

Bases: user_management.views.PasswordResetTokenValidationView

To change the password for a user, perform a post request containing a valid password reset token (token) and the requested new password (new password).

Bases: rest_framework.views.APIView

The available endpoints managing password change

class user_management.views.PasswordResetTokenValidationView(**kwargs)

Bases: shared.views.LookupMixin, rest_framework.views.APIView

Validate a password reset token for a user. To perform token validation, POST a JSON object with token in a field named token.

class user_management.views.ProjectGroupList(**kwargs)

Bases: rest_framework.generics.ListCreateAPIView

List or create groups tied to a project and role. Membership in a project group allows users to reach project specific endpoints with info only relevant for the project of their group.

class user_management.views.ProjectGroupSingle(**kwargs)

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView, user_management.project_extractor.ProjectExtractor

Delete, update or show info about a single project group. This endpoints assigns membership to project groups.

class user_management.views.ProjectGroupsPerProject(**kwargs)

Bases: rest_framework.generics.ListAPIView

List all project groups associated with a specified group.

class user_management.views.ProjectList(**kwargs)

Bases: rest_framework.generics.ListCreateAPIView

List or create projects. A project can be assigned to a project group to allow users access to project specific endpoints.

class user_management.views.ProjectMembership(**kwargs)

Bases: rest_framework.views.APIView

View to add a user to a project with a specific role.

class user_management.views.ProjectSingle(**kwargs)

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

Show info about a single project.

class user_management.views.RequestPasswordChangeTokenView(**kwargs)

Bases: rest_framework.views.APIView

To request a password reset, simply perform a post request. No body necessary.

class user_management.views.UserList(**kwargs)

Bases: rest_framework.generics.ListCreateAPIView

List or create users. A user can be assigned to a group to allow access to endpoints.

serializer_class

alias of UserSerializer

Bases: rest_framework.generics.RetrieveAPIView

List all available endpoints under user_management.

class user_management.views.UserSingle(**kwargs)

Bases: rest_framework.generics.RetrieveUpdateDestroyAPIView

Delete, update or show info about a single user.

serializer_class

alias of UserSerializer

class user_management.views.UsersByProjectList(**kwargs)

Bases: rest_framework.generics.ListAPIView

List users that are connected to KamajiUsers and are either member of a ProjectGroup for this project or is granted access to this project by being a Global Administrator or Spectator.

get_queryset()
Returns:All users that has a kamajiuser and is a member of this project or a global project.
serializer_class

alias of UserSerializer

class user_management.views.UsersByProjectSingle(**kwargs)

Bases: rest_framework.generics.RetrieveAPIView

Show info about a single project user.

get_queryset()
Returns:All users that has a kamajiuser and is a member of this project or a global project.
serializer_class

alias of UserSerializer