atoti_plus.user_service_client.user_service_client module#

class atoti_plus.UserServiceClient#

Manage the parts of the security config that can be changed without restarting the Session.

The roles and restrictions are stored in the user content storage. Multiple sessions configured with the same user content storage will thus share this part of the security config.

property basic: BasicSecurity#
create_role(name, *, restrictions={})#

Create a role with the given restrictions.

There are special roles which cannot be redefined:

  • ROLE_USER: required to access the application

  • ROLE_ADMIN: gives full access (read, write, delete, etc) to the application

Return type


classmethod from_session(session, /)#

Create a service able to authenticate against session.

Return type


classmethod from_url(url, /, *, auth=None, certificate_authority=None, client_certificate=None)#

Create a service from a URL.

  • url (str) – The URL of an existing Session.

  • auth (Optional[Auth]) – To authenticate against the session. It must grant the ROLE_ADMIN role. If None, a client_certificate must be passed instead.

  • certificate_authority (Optional[Path]) – Custom certificate authority to use to verify the HTTPS connection.

  • client_certificate (Optional[ClientCertificate]) – Required to authenticate against the session if auth was None.

Return type


property individual_roles: IndividualRoles#
property kerberos: KerberosSecurity#
property ldap: LdapSecurity#
property oidc: OidcSecurity#
property roles: Roles#