rattail.db.auth
¶
Authentication & Authorization
- rattail.db.auth.authenticate_user(session, userobj, password)[source]¶
Attempt to authenticate a user.
- Parameters:
userobj¶ – May be a
model.User
instance, or a username as string. If the latter, it will be used to look up the User instance.- Returns:
The User instance, if found and the password was correct; otherwise
None
.
- rattail.db.auth.has_permission(session, principal, permission, include_guest=True, include_authenticated=True)[source]¶
Determine if a principal has been granted a permission.
- Parameters:
session¶ – A SQLAlchemy session instance.
principal¶ – May be either a
model.User
ormodel.Role
instance. It is also expected that this may sometimes beNone
, in which case the “Guest” role will typically be assumed.permission¶ – The full internal name of a permission, e.g.
'users.create'
.include_guest¶ – Whether or not the “Guest” role should be included when checking permissions. If
False
, then Guest’s permissions will not be consulted.include_authenticated¶ – Whether or not the “Authenticated” role should be included when checking permissions.
Note that if no
principal
is provided, andinclude_guest
is set toFalse
, then no checks will actually be done, and the return value will beFalse
.
- rattail.db.auth.cache_permissions(session, principal, include_guest=True, include_authenticated=True)[source]¶
Return a set of permission names, which represents all permissions effectively granted to the given principal.
- Parameters:
session¶ – A SQLAlchemy session instance.
principal¶ – May be either a
model.User
ormodel.Role
instance. It is also expected that this may sometimes beNone
, in which case the “Guest” role will typically be assumed.include_guest¶ – Whether or not the “Guest” role should be included when checking permissions. If
False
, then Guest’s permissions will not be consulted.include_authenticated¶ – Whether or not the “Authenticated” role should be included when checking permissions.
Note that if no
principal
is provided, andinclude_guest
is set toFalse
, then no checks will actually be done, and the return value will beFalse
.