Skip to content

octoprint.vendor.flask_principal#

flask_principal ~~~~~~~~~~~~~~~

Identity management for Flask.

© (c) 2012 by Ali Afshar. :license: MIT, see LICENSE for more details.

ItemNeed = namedtuple('ItemNeed', ['method', 'value', 'type']) module-attribute #

A required item need

An item need is just a named tuple, and practically any tuple will do. In addition to other Needs, there is a type, for example this could be specified as::

ItemNeed('update', 27, 'posts')
('update', 27, 'posts') # or like this

And that might describe the permission to update a particular blog post. In reality, the developer is free to choose whatever convention the permissions are.

Need = namedtuple('Need', ['method', 'value']) module-attribute #

A required need

This is just a named tuple, and practically any tuple will do.

The method attribute can be used to look up element 0, and the value attribute can be used to look up element 1.

AnonymousIdentity() #

Bases: Identity

An anonymous identity

Denial(*excludes) #

Bases: Permission

Shortcut class for passing excluded needs.

Identity(id, auth_type = None) #

Bases: object

Represent the user's identity.

:param id: The user id :param auth_type: The authentication type used to confirm the user's identity.

The identity is used to represent the user's identity in the system. This object is created on login, or on the start of the request as loaded from the user's session.

Once loaded it is sent using the identity-loaded signal, and should be populated with additional required information.

Needs that are provided by this identity should be added to the provides set after loading.

can(permission) #

Whether the identity has access to the permission.

:param permission: The permission to test provision for.

IdentityContext(permission, http_exception = None) #

Bases: object

The context of an identity for a permission.

.. note:: The principal is usually created by the flaskext.Permission.require method call for normal use-cases.

The principal behaves as either a context manager or a decorator. The permission is checked for provision in the identity, and if available the flow is continued (context manager) or the function is executed (decorator).

http_exception = http_exception instance-attribute #

The permission of this principal

identity property #

The identity of this principal

can() #

Whether the identity has access to the permission

Permission(*needs) #

Bases: object

Represents needs, any of which must be present to access a resource

:param needs: The needs for this permission

A set of needs, any of which must be present in an identity to have access.

__and__(other) #

Does the same thing as self.union(other)

__bool__() #

Equivalent to self.can().

__contains__(other) #

Does the same thing as other.issubset(self).

__nonzero__() #

Equivalent to self.can().

__or__(other) #

Does the same thing as self.difference(other)

allows(identity) #

Whether the identity can access this permission.

:param identity: The identity

can() #

Whether the required context for this permission has access

This creates an identity context and tests whether it can access this permission

difference(other) #

Create a new permission consisting of requirements in this permission and not in the other.

issubset(other) #

Whether this permission needs are a subset of another

:param other: The other permission

require(http_exception = None) #

Create a principal for this permission.

The principal may be used as a context manager, or a decroator.

If http_exception is passed then abort() will be called with the HTTP exception code. Otherwise a PermissionDenied exception will be raised if the identity does not meet the requirements.

:param http_exception: the HTTP exception code (403, 401 etc)

reverse() #

Returns reverse of current state (needs->excludes, excludes->needs)

test(http_exception = None) #

Checks if permission available and raises relevant exception if not. This is useful if you just want to check permission without wrapping everything in a require() block.

This is equivalent to::

with permission.require():
    pass

union(other) #

Create a new permission with the requirements of the union of this and other.

:param other: The other permission

PermissionDenied #

Bases: RuntimeError

Permission denied to the resource

Principal(app = None, use_sessions = True, skip_static = False, anonymous_identity = AnonymousIdentity) #

Bases: object

Principal extension

:param app: The flask application to extend :param use_sessions: Whether to use sessions to extract and store identification. :param skip_static: Whether to ignore static endpoints.

identity_loader(f) #

Decorator to define a function as an identity loader.

An identity loader function is called before request to find any provided identities. The first found identity is used to load from.

For example::

app = Flask(__name__)

principals = Principal(app)

@principals.identity_loader
def load_identity_from_weird_usecase():
    return Identity('ali')

identity_saver(f) #

Decorator to define a function as an identity saver.

An identity loader saver is called when the identity is set to persist it for the next request.

For example::

app = Flask(__name__)

principals = Principal(app)

@principals.identity_saver
def save_identity_to_weird_usecase(identity):
    my_special_cookie['identity'] = identity

set_identity(identity) #

Set the current identity.

:param identity: The identity to set