nvflare.fuel.sec.authz module¶
- class AuthorizationService[source]¶
Bases:
object
- static authorize(ctx: AuthzContext)[source]¶
- static initialize(authorizer: ~nvflare.fuel.sec.authz.Authorizer) -> (<class 'nvflare.fuel.sec.authz.Authorizer'>, <class 'str'>)[source]¶
- the_authorizer = None¶
- class Authorizer(site_org: str, right_categories: dict | None = None)[source]¶
Bases:
object
Base class containing the authorization policy.
- class AuthzContext(right: str, user: Person, submitter: Person | None = None)[source]¶
Bases:
object
Base class to contain context data for authorization.
- class ConditionEvaluator[source]¶
Bases:
ABC
- abstract evaluate(site_org: str, ctx: AuthzContext) bool [source]¶
- class FalseEvaluator[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext) bool [source]¶
- class FieldNames(value)[source]¶
Bases:
str
,Enum
An enumeration.
- CATEGORY_RIGHT = 'Right for Category'¶
- EXP = 'Expression'¶
- RIGHT = 'Right'¶
- ROLE_NAME = 'Role name'¶
- SITE_ORG = 'Site org'¶
- TARGET_TYPE = 'Target type'¶
- TARGET_VALUE = 'Target value'¶
- USER_NAME = 'User name'¶
- USER_ORG = 'User org'¶
- USER_ROLE = 'User role'¶
- class Policy(config: dict, role_right_map: dict, roles: list, rights: list, role_rights: dict)[source]¶
Bases:
object
- class TrueEvaluator[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext) bool [source]¶
- class UserNameEvaluator(target: str)[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext)[source]¶
- class UserOrgEvaluator(target)[source]¶
Bases:
ConditionEvaluator
- evaluate(site_org: str, ctx: AuthzContext)[source]¶
- parse_policy_config(config: dict, right_categories: dict)[source]¶
Validates that an authorization policy configuration has the right syntax.
- Parameters:
config – configuration dictionary to validate
right_categories – a dict of right => category mapping
Returns: a Policy object if no error, a string describing the error encountered