nvflare.fuel.sec.authz module¶
- class AuthorizationService[source]¶
Bases:
object
- static authorize(ctx: AuthzContext)[source]¶
- static initialize(authorizer: ~nvflare.fuel.sec.authz.Authorizer) -> (<class 'nvflare.fuel.sec.authz.Authorizer'>, <class 'str'>)[source]¶
- the_authorizer = None¶
- class Authorizer(site_org: str, right_categories: dict | None = None)[source]¶
Bases:
object
Base class containing the authorization policy.
- class AuthzContext(right: str, user: Person, submitter: Person | None = None)[source]¶
Bases:
object
Base class to contain context data for authorization.
- class ConditionEvaluator[source]¶
Bases:
ABC
- abstract evaluate(site_org: str, ctx: AuthzContext) bool [source]¶
- class FalseEvaluator[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext) bool [source]¶
- class Policy(config: dict, role_right_map: dict, roles: list, rights: list, role_rights: dict)[source]¶
Bases:
object
- class TrueEvaluator[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext) bool [source]¶
- class UserNameEvaluator(target: str)[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext)[source]¶
- class UserOrgEvaluator(target)[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext)[source]¶
- parse_policy_config(config: dict, right_categories: dict)[source]¶
Validates that an authorization policy configuration has the right syntax.
- Parameters:
config – configuration dictionary to validate
right_categories – a dict of right => category mapping
Returns: a Policy object if no error, a string describing the error encountered