linotp.lib.policy.permissions module

class linotp.lib.policy.permissions.UserPermissions(user: User)

Bases: dict

Dict to represent the Permissions of a given User.

A Permission is defined by a scope and an action of that scope the User is allowed to perform.

Has keys inRealm, anyRealm, global.

• value of inRealm: {realm:PermissionDict for realm in all_realms}

• value of anyRealm: PermissionDict with Permissions that are allowed for the User on any realm. This includes Permissions granted through Policies on realm “*” and implies that a user has e.g. Permissions on a Token without realm.

• value of global: PermissionDict with Permissions that are allowed for the User and not bound to a realm. E.g. “audit/view”.

example for PermissionDict:

{

“scope_1”: [“action_1”, “action_2”], “scope_2”: [“action_5”],

}

parse_for_context_api()

parsed permissions for manage/context api

Returns:

example: {

“inRealm”: {

“realm_1”: [“admin/show”] “realm_2”: [“audit/show”, “audit/reset”]

}, “anyRealm”: [“audit/show”], “global”: [“audit/view”]

}