intranet.security

Functions

get_roles_setting(→ dict[str, ...)

Returns the default roles available to onegov.core applications.

may_view_static_files_not_logged_in(→ bool)

Always allow to view static files.

may_view_theme_files_not_logged_in(→ bool)

Always allow to view theme files.

may_view_auth_not_logged_in(→ bool)

Anonymous needs to be able to log in.

may_view_public_identity(→ bool)

Even anonymous may view the public metadata of the instance.

Module Contents

intranet.security.get_roles_setting() dict[str, set[type[onegov.core.security.roles.Intent]]][source]

Returns the default roles available to onegov.core applications.

Applications building on onegov.core may add more roles and permissions, or replace the existing ones entirely, though it’s not something that one should do carelessly.

The default roles are:

admin

Has access to everything

editor

Has access to most things

member

Has access their own data. Be careful though, core doesn’t know about personal data, so this is just a role to implement registered users. As with all permissions, making sure the right information is shown is up to the applications.

anonymous

Has access to public things

intranet.security.may_view_static_files_not_logged_in(app: onegov.intranet.app.IntranetApp, identity: morepath.authentication.NoIdentity, model: onegov.core.static.StaticFile, permission: type[onegov.core.security.Public]) bool[source]

Always allow to view static files.

Those files are public anyway, since we are open-source.

intranet.security.may_view_theme_files_not_logged_in(app: onegov.intranet.app.IntranetApp, identity: morepath.authentication.NoIdentity, model: onegov.core.theme.ThemeFile, permission: type[onegov.core.security.Public]) bool[source]

Always allow to view theme files.

Those files are public anyway, since we are open-source.

intranet.security.may_view_auth_not_logged_in(app: onegov.intranet.app.IntranetApp, identity: morepath.authentication.NoIdentity, model: onegov.user.Auth, permission: type[onegov.core.security.Public]) bool[source]

Anonymous needs to be able to log in.

intranet.security.may_view_public_identity(app: onegov.intranet.app.IntranetApp, identity: morepath.authentication.NoIdentity, model: onegov.core.metadata.PublicMetadata, permission: type[onegov.core.security.Public]) bool[source]

Even anonymous may view the public metadata of the instance.