From Fedora Project Wiki
mNo edit summary |
m (Categorize) |
||
| Line 183: | Line 183: | ||
</td></tr></table> | </td></tr></table> | ||
</pre> | </pre> | ||
[[Category:Infrastructure]] | |||
Latest revision as of 21:53, 8 January 2010
API to Access the Fedora Account System
.png){kind=small}
mmcgrath as a much better approach for FAS2. Consider this a fas1.5 stopgap API :-)
This is an alternative python interface to the Fedora Accounts system. The original website.py module has quite a few issues that we're attempting to address here:
- We should be able to change from an SQL db to ldap without the consuming
application being any the wiser. website.py requires the app to track the database handle so that doesn't work well.
- An object oriented interface is preferable to the procedural interface that
we had before. Then we can hang onto the database handle and take care of authentication within the object.
- Separate out the session handling code from database retrieval code. This
will be required when we move to LDAP.
- Separate out the website template code.
- Use psycopg2 instead of pgdb for performance and features.
#! html <p> <table width="100%" cellspacing=0 cellpadding=2 border=0 summary="section"> <tr bgcolor="#ffc8d8"> <td colspan=3 valign=bottom> <br> <font color="#000000" face="helvetica, arial"><strong>fas.AccountSystem</strong> = <a name="fas.AccountSystem">class AccountSystem</a>(<a href="__builtin__.html#object">__builtin__.object</a>)</font></td></tr> <tr bgcolor="#ffc8d8"><td rowspan=2><tt> </tt></td> <td colspan=2><tt>Fedora Account System.<br> <br> This object provides an interface to the account system. It allows you<br> to connect to it for authentication, information retrieval, and etc.<br> </tt></td></tr> <tr><td> </td> <td width="100%">Methods defined here:<br> <dl><dt><a name="AccountSystem-__init__"><strong>__init__</strong></a>(self, user<font color="#909090">=None</font>, password<font color="#909090">=None</font>)</dt><dd><tt>Initialize the Account System.<br> <br> Arguments:<br> :user: Can either be a string containing the username or an integer<br> containing the user.id that we are verifying the password for.<br> :password: Is a string containing the unencrypted password.<br> <br> Exceptions:<br> :AuthError: Returned if we were unable to get config information<br> from the database or the user-password combination failed.</tt></dd></dl> <dl><dt><a name="AccountSystem-add_group"><strong>add_group</strong></a>(self, group)</dt><dd><tt>Add a new group. (Admin)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-add_user"><strong>add_user</strong></a>(self, user, userInfo)</dt><dd><tt>Add a new user. (anyone)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-approve_group"><strong>approve_group</strong></a>(self, user, group, level)</dt><dd><tt>Approve a user for a group (Admin, groupowner)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-change_user"><strong>change_user</strong></a>(self, user, password)</dt><dd><tt>Set the AccountSystem to act on behalf of a user.<br> <br> Arguments:<br> :user: Can either be a string containing the username or an integer<br> containing the user.id that we are verifying the password for.<br> :password: Is a string containing the unencrypted password.<br> <br> Exceptions:<br> :AuthError: If the username and password don't match or the user<br> doesn't exist.</tt></dd></dl> <dl><dt><a name="AccountSystem-change_user_pass"><strong>change_user_pass</strong></a>(self, oldpassword, newpassword, user<font color="#909090">=None</font>)</dt><dd><tt>Change user's password.<br> <br> Function to change a user's password.<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-get_group_info"><strong>get_group_info</strong></a>(self, group)</dt><dd><tt>Retrieve information about the group.<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-get_user_id"><strong>get_user_id</strong></a>(self, username)</dt><dd><tt>Retrieve the userid from a username.<br> <br> Arguments:<br> :username: The username to lookup.<br> <br> Exceptions:<br> :AuthError: The user does not exist.</tt></dd></dl> <dl><dt><a name="AccountSystem-get_user_info"><strong>get_user_info</strong></a>(self, user<font color="#909090">=None</font>)</dt><dd><tt>Retrieve information for user.<br> <br> Returns the subset of information about user that the currently<br> authenticated user is allowed to see.<br> <br> If the authenticated user is None: Only return information suitable<br> for the general public:<br> :id: User id in the account system<br> :username: The public username<br> :human_name: The user's common name<br> :gpg_keyid: The gpg id of the user<br> :comments: Public comments from the user<br> :affiliation: What group the user is a part of<br> :creation: Date the user was created<br> :ircnick: The user's irc nickname<br> Group Information: The following information about the groups the user<br> has been approved into. (Will not list groups for which the user is<br> not approved.)<br> :id: group id<br> :name: group name<br> :role_type: the user's role in the group<br> :creation: when the user was added to the group<br> <br> If an authenticated user is requesting the information, you get this<br> additional information:<br> :email: Email address<br> :ssh_key: Ssh public key<br> :postal_address: Mailing address<br> :telephone: Telephone number<br> :facsimile: FAX number<br> :approval_status:<br> :wiki_prefs:<br> And additional group information including groups for which the user's<br> membership is pending.<br> :owner_id: Owner of the group<br> :needs_sponsor: Whether the group requires a sponsor to add a user<br> :user_can_remove: Whether the user is allowed to remove themselves<br> :role_status: Whether the user is approved yet<br> <br> If the authenticated user of the AccountSystem is retrieving information<br> about their own account, they get this in addition:<br> :password: The user's password<br> <br> If the authenticated user is the accounts admin, then they have access<br> to all of the above plus:<br> :internal_comments: Comments the admin has made about the user<br> Group information:<br> :internal_comments: Comments left by a group admin about the user's<br> involvement with this group.<br> <br> Arguments:<br> :user: Can either be a string containing the username or an integer<br> containing the user.id to lookup information for. If this is None,<br> return information about the currently authenticated user.<br> <br> Returns: A tuple of (UserData, GroupData) that is associated with<br> the user. UserData is a dict of information about the user.<br> GroupData is a tuple of dicts holding group information.</tt></dd></dl> <dl><dt><a name="AccountSystem-modify_group"><strong>modify_group</strong></a>(self, group)</dt><dd><tt>Change information for a group. (Admin, owner)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-modify_user"><strong>modify_user</strong></a>(self, user)</dt><dd><tt>Change information for user. (Admin or owner)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-remove_group"><strong>remove_group</strong></a>(self, group)</dt><dd><tt>(Admin)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-remove_user"><strong>remove_user</strong></a>(self, user)</dt><dd><tt>(Admin or owner)<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-request_group"><strong>request_group</strong></a>(self, user, group, level)</dt><dd><tt>Request that user be added to group at level.<br> <br> (Not Yet Implemented)</tt></dd></dl> <dl><dt><a name="AccountSystem-verify_user_pass"><strong>verify_user_pass</strong></a>(self, user, password)</dt><dd><tt>Verify that the username-password combination are valid.<br> <br> Arguments:<br> :user: Can either be a string containing the username or an integer<br> containing the user.id that we are verifying the password for.<br> :password: Is a string containing the unencrypted password.<br> <br> Returns: True if the user and password match. Otherwise, False.<br> <br> Exceptions:<br> :AuthError: Returned if the user does not exist.</tt></dd></dl> <hr> Data and other attributes defined here:<br> <dl><dt><strong>__dict__</strong> = <dictproxy object><dd><tt>dictionary for instance variables (if defined)</tt></dl> <dl><dt><strong>__weakref__</strong> = <attribute '__weakref__' of 'AccountSystem' objects><dd><tt>list of weak references to the object (if defined)</tt></dl> </td></tr></table>