linotp.controllers.realms module

class linotp.controllers.realms.RealmsController(name, install_name='', **kwargs)

Bases: BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The RealmController is used for creating, deleting and modifying realms.

The following is the type definition of a Realm:

{
    "name": string,
    "entry": string,
    "userIdResolvers": [string],
    "default": boolean,
    "admin": boolean,
}
get_realms()

Method: GET /api/v2/realms

Return the list of all realms visible to the logged-in administrator.

Visible realms are determined as follows:

  • If the admin has the permission for scope=system, action=read, all realms are visible.

  • If the admin has the permission scope=admin for a realm , that realm will be visible.

Returns

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": [ Realm ]
}

Raises

  • PolicyException – if the logged-in admin does not have the correct permissions to list realms, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.

get_users(realm_name: str)

Method: GET /api/v2/realms/<realmName>/users

Display the list of the users in a given realm, provided the users of the realm are visible to the logged-in administrator.

Visible users are determined as follows:

  • If the administrator has the permission for scope=admin, action=userlist, for a realm, users in that realm are visible. This is the case no matter how the permission is defined: either by explicitly naming a realm, by setting all realms via a wildcard (realm=”*”), or by implicitly giving permissions for everything in the admin scope by not setting any admin scope policies.

Parameters

  • <searchexpr> (str, optional) – limit results to those matching the searchexpr. Will be retrieved from the UserIdResolverClass. Example: username=Alice.

  • searchTerm (str, optional) – limit results to those matching the searchTerm in at least one searchable field. Supports * as a wildcard operator.

  • rp (int, optional) – limit the number of returned users, defaults to 16 if page is given.

  • page (int, optional) – request a certain page, defaults to 0 if rp is given.

Returns

a JSON-RPC response with result in the following format:

{
    "status": boolean,
    "value": [ User ]
}

Raises

  • PolicyException – if the logged-in admin does not have the correct permissions to list users in the given realm, the exception message is serialized and returned. The response has status code 403.

  • Exception – if any other error occurs the exception message is serialized and returned. The response has status code 500.