nvflare.fuel.sec.authz module
- class AuthorizationService[source]
Bases:
object- static authorize(ctx: AuthzContext)[source]
- static initialize(authorizer: ~nvflare.fuel.sec.authz.Authorizer) -> (<class 'nvflare.fuel.sec.authz.Authorizer'>, <class 'str'>)[source]
- the_authorizer = None
- class Authorizer(site_org: str, right_categories: dict | None = None)[source]
Bases:
objectBase class containing the authorization policy.
- class AuthzContext(right: str, user: Person, submitter: Person | None = None)[source]
Bases:
objectBase class to contain context data for authorization.
- class ConditionEvaluator[source]
Bases:
ABC- abstract evaluate(site_org: str, ctx: AuthzContext) bool[source]
- class FalseEvaluator[source]
Bases:
ConditionEvaluator- evaluate(site_org: str, ctx: AuthzContext) bool[source]
- class FieldNames(value)[source]
Bases:
str,EnumAn enumeration.
- CATEGORY_RIGHT = 'Right for Category'
- EXP = 'Expression'
- RIGHT = 'Right'
- ROLE_NAME = 'Role name'
- SITE_ORG = 'Site org'
- TARGET_TYPE = 'Target type'
- TARGET_VALUE = 'Target value'
- USER_NAME = 'User name'
- USER_ORG = 'User org'
- USER_ROLE = 'User role'
- class Policy(config: dict, role_right_map: dict, roles: list, rights: list, role_rights: dict)[source]
Bases:
object
- class TrueEvaluator[source]
Bases:
ConditionEvaluator- evaluate(site_org: str, ctx: AuthzContext) bool[source]
- class UserNameEvaluator(target: str)[source]
Bases:
ConditionEvaluator- evaluate(site_org: str, ctx: AuthzContext)[source]
- class UserOrgEvaluator(target)[source]
Bases:
ConditionEvaluator- evaluate(site_org: str, ctx: AuthzContext)[source]
- parse_policy_config(config: dict, right_categories: dict)[source]
Validates that an authorization policy configuration has the right syntax.
- Parameters:
config – configuration dictionary to validate
right_categories – a dict of right => category mapping
Returns: a Policy object if no error, a string describing the error encountered