rbac package

Submodules

rbac.admin module

Generated by utils/cgit/cgit_util_generate_admin_file on 2022-01-24 14:56:11.114685

class rbac.admin.RBACAdminGroupAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACAdminGroup

autocomplete_fields = ['created_by']

list_display = ['name', 'name_qualifier', 'name_item', 'description']

property media

search_fields = ['name_qualifier', 'name_item', 'description']

class rbac.admin.RBACAdminGroupRoleAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACAdminGroupRole

autocomplete_fields = ['group']

list_display = ['group', 'app', 'model', 'model_id']

property media

search_fields = ['group__name_item', 'app']

class rbac.admin.RBACAdminTreeAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACAdminTree

autocomplete_fields = ['group']

list_display = ['group', 'tree']

property media

search_fields = ['group__description', 'group__name_qualifier', 'group__name_item', 'tree']

class rbac.admin.RBACAdminUserGroupAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACAdminUserGroup

autocomplete_fields = ['member', 'group']

list_display = ['group', 'member']

property media

search_fields = ['group__description', 'group__name_qualifier', 'group__name_item', 'member__first_name', 'member__last_name']

class rbac.admin.RBACAppModelActionAdmin(model, admin_site)

Bases: ModelAdmin

list_display = ['app', 'model', 'valid_action', 'description']

property media

search_fields = ['app', 'model', 'valid_action', 'description']

class rbac.admin.RBACGroupAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACGroup

autocomplete_fields = ['created_by']

list_display = ['name', 'name_qualifier', 'name_item', 'description']

property media

search_fields = ['name_qualifier', 'name_item', 'description']

class rbac.admin.RBACGroupRoleAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACGroupRole

autocomplete_fields = ['group']

list_display = ['group', 'role', 'action', 'rule_type']

property media

search_fields = ['group__name', 'role']

class rbac.admin.RBACModelDefaultAdmin(model, admin_site)

Bases: ModelAdmin

list_display = ['app', 'model', 'default_behaviour']

property media

search_fields = ['app', 'model', 'default_behaviour']

class rbac.admin.RBACUserGroupAdmin(model, admin_site)

Bases: ModelAdmin

Admin class for model RBACUserGroup

autocomplete_fields = ['member', 'group']

list_display = ['group', 'member']

property media

search_fields = ['group__description', 'group__name_qualifier', 'group__name_item', 'member__first_name', 'member__last_name']

rbac.ajax module

rbac.ajax.group_to_action_ajax(request, group_id)

Called by the admin page when a user selects a group.

Takes the RBACGroup id and return the matching records from RBACGroupRole

Parameters:

• request (HTTPRequest) – standard request object.

• group_id (int) – RBACGroup id to use for queries

Returns:

Ajax JSON object

Return type:

HTTPResponse

rbac.ajax.group_to_user_ajax(request, group_id)

Called by the admin page when a user selects a group.

Takes the RBACGroup id and return the matching records from RBACUserGroup

Parameters:

• request (HTTPRequest) – standard request object.

• group_id (int) – RBACGroup id to use for queries

Returns:

Ajax JSON object

Return type:

HTTPResponse

rbac.ajax.rbac_add_role_to_admin_group_ajax(request)

Ajax call to add a role to an admin group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_add_role_to_group_ajax(request)

Ajax call to add a role to a group

The user needs to be both a group admin (have access to this part of the tree), and also be an admin for the role thay are adding.

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_add_user_to_admin_group_ajax(request)

Ajax call to add a user to an admin group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_add_user_to_group_ajax(request)

Ajax call to add a user to a group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_delete_role_from_admin_group_ajax(request)

Ajax call to delete a role from an admin group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_delete_role_from_group_ajax(request)

Ajax call to delete a role from a group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_delete_user_from_admin_group_ajax(request)

Ajax call to delete an admin user from a group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_delete_user_from_group_ajax(request)

Ajax call to delete a user from a group

Parameters:

request (HTTPRequest) – standard request

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.ajax.rbac_get_action_for_model_ajax(request)

Ajax call to get the action types for a given app and model

Parameters:

request (HTTPRequest) – standard request - needs to include “app” and “model”

Returns:

success, failure or error

Return type:

HTTPResponse

rbac.apps module

class rbac.apps.RbacConfig(app_name, app_module)

Bases: AppConfig

name = 'rbac'

rbac.core module

Role Based Access Control Core

This handles the core functions for role based security for Cobalt.

See RBAC Overview for more details.

rbac.core.allow_to_boolean(test_string)

takes a string and returns True if it is “Allow”

rbac.core.rbac_access_in_english(user)

returns what access a user has in plain English

Parameters:

user (User) – a standard User object

Returns:

list of strings with user access explained

Return type:

list

rbac.core.rbac_access_in_english_sub(user, this_name)

returns what access a user has in plain English

Parameters:

• this_name (str) – Will be Everyone or the user’s first name

• user (User) – a standard User object

Returns:

list of tuples - role, strings with user access explained

Return type:

list

rbac.core.rbac_add_role_to_admin_group(group, app, model, model_id=None)

adds a role to an admin group

rbac.core.rbac_add_role_to_group(group, app, model, action, rule_type, model_id=None)

Adds a role to an RBAC group

Parameters:

• group (RBACGroup) – group

• app (str) – name of the app

• model (str) – name of the model

• action (str) – action

• rule_type (str) – Allow or Block

• model_id (int) – model instance (Optional)

Returns:

RBACGroupRole

rbac.core.rbac_add_user_to_admin_group(member, admin_group)

Adds a user to an RBAC admin group

Parameters:

• member (User) – standard user object

• group (RBACAdminGroup) – group to add to

Returns:

Nothing

rbac.core.rbac_add_user_to_group(member: User, group: RBACGroup) → RBACGroup

Adds a user to an RBAC group

Parameters:

• member (User) – standard user object

• group (RBACGroup) – group to add to

Returns:

RBACUserGroup

rbac.core.rbac_admin_add_tree_to_group(group, tree)

Add tree to an admin group

Parameters:

• group (RBACAdminGroup) – group to update

• tree (str) – Tree tp add

Returns:

Nothing

rbac.core.rbac_admin_all_rights(user)

returns a list of which apps, models and model_ids a user is an admin for

Parameters:

user (User) – standard user object

Returns:

list of App, model, model_id

Return type:

list

rbac.core.rbac_admin_tree_access(user)

returns a list of where in the tree a user had admin access.

Parameters:

user (User) – standard user object

Returns:

list of trees

Return type:

list

rbac.core.rbac_create_admin_group(name_qualifier, name_item, description)

create an admin group :param name_qualifier: where in the tree the group will go :type name_qualifier: str :param name_item: name :type name_item: str :param description: free format description :type description: str

Returns:

RBACAdminGroup

rbac.core.rbac_create_group(name_qualifier, name_item, description)

Create an RBAC group

Parameters:

• name_qualifier (str) – where in the tree the group will go

• name_item (str) – name

• description (str) – free format description

Returns:

RBACGroup

rbac.core.rbac_delete_admin_group_by_name(group_name)

Delete an RBAC Admin group by name

Parameters:

group_name (str) – group name to delete

Returns:

bool

rbac.core.rbac_delete_group(group)

Delete an RBAC group. Cascade takes care of related objects.

Parameters:

group (RBACGroup) – Group to delete

Returns:

bool

rbac.core.rbac_delete_group_by_name(group_name)

Delete an RBAC group by name

Parameters:

group_name (str) – group name to delete

Returns:

bool

rbac.core.rbac_get_admin_group_by_name(group_name)

Get an RBAC Admin group by name

Parameters:

group_name (str) – group name to find

Returns:

RBACGroup

rbac.core.rbac_get_admin_users_in_group(admin_group)

returns a list of users in an admin group

Parameters:

admin_group (RBACAdminGroup) – group to check

Returns:

List of users

Return type:

list

rbac.core.rbac_get_admins_for_group(group)

returns a queryset of admins who can change users for a given group

rbac.core.rbac_get_group_by_name(group_name)

Get an RBAC group by name

Parameters:

group_name (str) – group name to find

Returns:

RBACGroup

rbac.core.rbac_get_groups_for_role(role)

takes a role and lists the groups that can provide it.

Only works for allow rules with model ids

rbac.core.rbac_get_roles_for_group(group)

list roles that are provided by a group.

e.g. if group 17 has RBACGroupRoles:

app.model.model_id.action org.pencil.12.edit payments.chair.12.view

This will return: [ {‘app’: ‘org’, ‘model’: ‘pencil’, ‘action’: ‘edit’}, {‘app’: ‘payments’, ‘model’: ‘chair’, ‘action’: ‘view’} ]

Parameters:

group (RBACGroup) – group to check

Returns:

app, model, action

Return type:

queryset dictionary

rbac.core.rbac_get_users_in_group(group)

returns a list of users in a group

Parameters:

group (RBACGroup) – group to check

Returns:

List of users

Return type:

list

rbac.core.rbac_get_users_in_group_by_name(group_name)

returns a list of users in a group using the group name

Parameters:

group_name (str) – group name to check

Returns:

List of users

Return type:

list

rbac.core.rbac_get_users_with_exact_role(role)

returns a list of all users who have a role specifically, NOT from having the equivalent generic role. E.g. forums.forum.5.view would not also return users with forums.forum.view or forums.forum.all

rbac.core.rbac_get_users_with_role(role)

returns a list of all users who have a role, either specifically or from having the equivalent generic role. E.g. forums.forum.5.view would also return users with forums.forum.view or forums.forum.all

rbac.core.rbac_group_id_from_name(name_qualifier, name_item)

returns the id of a group based upon its name

Parameters:

• name_qualifier (Str) – Group qualifier

• name_item (Str) – Group name

Returns:

group id

Return type:

id

rbac.core.rbac_remove_admin_user_from_group(member, group)

Removes a user from an RBAC admin group

Parameters:

• member (User) – standard user object

• group (RBACAdminGroup) – group to remove user from

Returns:

bool

rbac.core.rbac_remove_user_from_group(member, group)

Removes a user from an RBAC group

Parameters:

• member (User) – standard user object

• group (RBACGroup) – group to remove user from

Returns:

bool

rbac.core.rbac_show_admin(request)

Decide whether to show the admin link on the main template to this user

Parameters:

request (Request) – Standard request object

Returns:

True to show it, False to not show it

Return type:

boolean

rbac.core.rbac_user_allowed_for_model(user, app, model, action)

returns a tuple.

Parameters:

• user (User) – standard user object

• app (str) – application name

• model (str) – model name

• action (str) – action required

Returns:

boolean - allowed for all, list - list of model_instances explicitly allowed

Return type:

tuple

rbac.core.rbac_user_blocked_for_model(user, app, model, action)

returns a list of model instances which the user cannot view

Parameters:

• user (User) – standard user object

• app (str) – application name

• model (str) – model name

• action (str) – action required

Returns:

list of model_instances explicitly block

Return type:

list

rbac.core.rbac_user_has_admin_tree_access(user, admin_tree)

returns whether a user has admin access to this exact part of the tree.

Used initially by orgs for club admin so only checks the provided path, not anything higher.

e.g. if user has admin.b this will not match on admin.b.c

Parameters:

• user (User) – standard user object

• admin_tree (str) – tree path to check

Returns:

boolean

rbac.core.rbac_user_has_any_model(member, app, model)

check if a user has access to any model in a role

Parameters:

• member (User) – standard user object

• app (str) – app to check

• model (str) – model to check

Returns:

True or False for user role

Return type:

bool

rbac.core.rbac_user_has_role(member, role, debug=False)

check if a user has a specific role

Parameters:

• member (User) – standard user object

• role (str) – role to check

• debug (bool) – print debug info

Returns:

True or False for user role

Return type:

bool

rbac.core.rbac_user_has_role_exact(member, role)

check if a user has an exact role

This is called by rbac_user_has_role to check exact roles. The process for checking an exact role is always the same. rbac_user_has_role has the logic to put this together at a higher level and to use defaults in order to work out if the combination of rules allows a user to do something. This function only checks at the most specific level.

Parameters:

• member (User) – standard user object

• role (str) – role to check

Returns:

“Allow”, “Block”, or None for no match

Return type:

string

rbac.core.rbac_user_has_role_exact_explain(member, role)

check if a user has an exact role and explain why

Parameters:

• member (User) – standard user object

• role (str) – role to check

Returns:

“Allow”, “Block”, or None for no match string: Role that matched group: The group that matched

Return type:

string

rbac.core.rbac_user_has_role_explain(member, role)

check if a user has a specific role and explains why

Parameters:

• member (User) – standard user object

• role (str) – role to check

Returns:

True or False for user role

Return type:

bool

rbac.core.rbac_user_is_admin_for_admin_group(member, group)

check if a user is an admin for an admin group. Any member of an admin group is automatically an administrator for that group.

Parameters:

• member (User) – standard user object

• group (RBACAdminGroup) – admin group to check

Returns:

True of False for user role

Return type:

bool

rbac.core.rbac_user_is_group_admin(member, group)

check if a user has admin rights to a group based upon their rights in the tree. Note - they also need admin rights to the objects if they are intending to change the group. This only checks for the ability to change group membership or delete the group.

Parameters:

• member (User) – standard user object

• group (RBACGroup) – group to check

Returns:

True of False for user role

Return type:

bool

rbac.core.rbac_user_is_role_admin(member, role)

check if a user is an admin for a specific role

Parameters:

• member (User) – standard user object

• role (str) – role to check. should be from role.path e.g. forums.forum.3. No action in string.

Returns:

True of False for user role

Return type:

bool

rbac.core.rbac_user_role_list(user, app, model)

return list of roles a user has for part of the tree.

This takes in a user and and app/model combination and returns the list of model_ids and actions that a user can perform. For example, if you provide:

app = "forums"
model = "forum"

This could return:

[(23, "edit"), (23, "delete"), (55, "edit")]

Only returns things with “Allow” so only works for Block default models.

rbac.core.role_to_parts(role)

take a role string and return it in parts

Parameters:

role (str) – string in format e.g. forums.forum.5.view

Returns:

(app, model, model_instance, action)

Return type:

tuple

rbac.decorators module

RBAC Decorators to simplify code

rbac.decorators.rbac_check_role(role1, role2=None)

checks if a users has a role, optionally checks against a second role as well, either will pass.

Call as:

from rbac.decorators import rbac_check_role

@rbac_check_role(“some_app.some_role”) def my_func(request):

OR

@rbac_check_role(“some_app.some_role”, “some_role.some_other_role”) def my_func(request):

You don’t need @login_required as it does that for you as well

rbac.forms module

class rbac.forms.AddGroup(*args, **kwargs)

Bases: Form

Add a new group to RBAC

base_fields = {'add_self': <django.forms.fields.BooleanField object>, 'description': <django.forms.fields.CharField object>, 'name_item': <django.forms.fields.CharField object>}

clean()

We allow uses to put . into the name_item so here we split that out and put the part before the . into name_qualifier but only on group creation.

declared_fields = {'add_self': <django.forms.fields.BooleanField object>, 'description': <django.forms.fields.CharField object>, 'name_item': <django.forms.fields.CharField object>}

property media

Return all media required to render the widgets on this form.

rbac.models module

Role Based Access Control Application

This handles the models for role based security for Cobalt.

See RBAC Overview for more details.

class rbac.models.RBACAdminGroup(*args, **kwargs)

Bases: Model

Admin Group definitions

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

created_by

Standard User object

created_by_id

created_date

date created

description

Free format decription

get_next_by_created_date(*, field=<django.db.models.fields.DateTimeField: created_date>, is_next=True, **kwargs)

get_previous_by_created_date(*, field=<django.db.models.fields.DateTimeField: created_date>, is_next=False, **kwargs)

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

property name

name_item

chosen by the admin. appends onto name_qualifier

name_qualifier

eg “organisations.trumps”

objects = <django.db.models.manager.Manager object>

rbacadmingrouprole_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

rbacadmintree_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

rbacadminusergroup_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

class rbac.models.RBACAdminGroupRole(*args, **kwargs)

Bases: Model

Admin model to map a group to a role.

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

app

Application level hierarchy

group

RBACGroup for this Role

group_id

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

model

model level hierarchy

model_id

Instance of model level hierarchy

objects = <django.db.models.manager.Manager object>

property role

Returns the role in dotted format.

class rbac.models.RBACAdminTree(*args, **kwargs)

Bases: Model

Control where in the tree a member of a group can create groups

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

group

RBACGroup for this Role

group_id

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

objects = <django.db.models.manager.Manager object>

tree

tree is an allowed entry point for a user. e.g. rbac.org.org

class rbac.models.RBACAdminUserGroup(*args, **kwargs)

Bases: Model

Maps admins to Groups

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

group

RBAC Group

group_id

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

member

Standard User object

member_id

objects = <django.db.models.manager.Manager object>

class rbac.models.RBACAppModelAction(*args, **kwargs)

Bases: Model

Valid Actions for an App and Model combination

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

app

Application level hierarchy

description

description of what this does

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

model

model level hierarchy

objects = <django.db.models.manager.Manager object>

valid_action

valid actions for this combination

class rbac.models.RBACGroup(*args, **kwargs)

Bases: Model

Group definitions

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

created_by

Standard User object

created_by_id

created_date

date created

description

Free format description

get_next_by_created_date(*, field=<django.db.models.fields.DateTimeField: created_date>, is_next=True, **kwargs)

get_previous_by_created_date(*, field=<django.db.models.fields.DateTimeField: created_date>, is_next=False, **kwargs)

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

property name

name_item

chosen by the admin. appends onto name_qualifier

name_qualifier

eg “organisations.trumps”

objects = <django.db.models.manager.Manager object>

rbacgrouprole_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

rbacusergroup_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

Parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

class rbac.models.RBACGroupRole(*args, **kwargs)

Bases: Model

Core model to map a group to a role.

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

action

What this role allows you to do here

app

Application level hierarchy

get_rule_type_display(*, field=<django.db.models.fields.CharField: rule_type>)

group

RBACGroup for this Role

group_id

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

model

model level hierarchy

model_id

Instance of model level hierarchy

objects = <django.db.models.manager.Manager object>

property path

Returns the role in dotted format excluding the action.

property role

Returns the role in dotted format including the action.

rule_type

Rules can Allow or Block permissions

class rbac.models.RBACModelDefault(*args, **kwargs)

Bases: Model

Default behaviour for a model. Some models (e.g. forums.forum) need a default of allowing users access unless explicitly blocked. Other models (e.g. organisations.Organisation) need a default behaviour of blocking unless explicitly allowed.

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

app

Application level hierarchy

default_behaviour

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

get_default_behaviour_display(*, field=<django.db.models.fields.CharField: default_behaviour>)

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

model

model level hierarchy

objects = <django.db.models.manager.Manager object>

class rbac.models.RBACUserGroup(*args, **kwargs)

Bases: Model

Maps users to Groups

exception DoesNotExist

Bases: ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: MultipleObjectsReturned

group

RBAC Group

group_id

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

member

Standard User object

member_id

objects = <django.db.models.manager.Manager object>

rbac.urls module

rbac.views module

rbac.views.admin_group_create(request)

view to create a new admin group

rbac.views.admin_group_delete(request, group_id)

view to delete an admin group

rbac.views.admin_group_edit(request, group_id)

view to edit an admin group

rbac.views.admin_group_view(request, group_id)

view to show details of an admin group

rbac.views.admin_menu(request)

Shows the main admin screen - maybe shouldn’t live in RBAC

rbac.views.admin_tree_screen(request)

Show full RBAC Admin Tree

rbac.views.generic_tree_builder(groups, detail_link=None, html_type='href')

function to build an rbac tree for use with the tree viewer.

Parameters:

• RBACAdminGroup (groups - queryset of RBACGroup or)

• follow (detail_link - str of link to)

• <button> (html_type - str to specify whether to generate <a> or)

Returns:

str - HTML string to insert into page

build a list of the tree. We want to turn:

abf.people.fred (id=34) abf.people.john (id=45) abf.animals.dogs.rover (id=2) abf.animals.cats.felix (id=21)

into:

items[“abf”]=[“people”, “animals”] items[“abf.people”]=[“fred”, “john”] items[“abf.people.fred”]=34 items[“abf.people.john”]=45 items[“abf.animals”]=[“dogs”, “cats”] items[“abf.animals.dogs”]=[“rover”] items[“abf.animals.cats”]=[“felix”] items[“abf.animals.dogs.rover”]=2 items[“abf.animals.cats.felix”]=21

rbac.views.generic_tree_screen(request, groups, detail_link, title)

Show full RBAC Tree for RBAC or Admin

rbac.views.get_rbac_statistics()

get basic stats on RBAC, called by utils statistics

rbac.views.group_create(request)

view to create a new group

rbac.views.group_delete(request, group_id)

view to delete a group

rbac.views.group_edit(request, group_id)

view to edit a group

rbac.views.group_view(request, group_id)

view to show details of a group

rbac.views.list_members_screen(request)

Show full RBAC Tree as a table order by members

rbac.views.list_roles_screen(request)

Show full RBAC Tree as a table - order by roles

rbac.views.list_screen(request)

Show full RBAC Tree as a table

rbac.views.rbac_admin(request)

shows the admin groups a user is in

rbac.views.rbac_forbidden(request, role, htmx=False)

RBAC screen for forbidden access - gives the user more info than a normal error screen.

If htmx value is set, then we return a simpler template view

rbac.views.rbac_tests(request)

easy way to underlying functions. Test only

rbac.views.role_view_screen(request)

Show Roles

rbac.views.tree_screen(request)

Show full RBAC Tree

rbac.views.view_screen(request)

Shows the user what roles they have in RBAC

Module contents