AARC-G002 Entitlements¶
This package provides a python Class to parse and compare entitlements according to the AARC-G002 Recommendation https://aarc-project.eu/guidelines/aarc-g002.
Example¶
from aarc_g002_entitlement import Aarc_g002_entitlement
required = Aarc_g002_entitlement(
'urn:geant:h-df.de:group:aai-admin',
strict=False,
)
actual = Aarc_g002_entitlement(
'urn:geant:h-df.de:group:aai-admin:role=member#backupserver.used.for.developmt.de',
)
# is a user with actual permitted to use a resource which needs required?
permitted = required.is_contained_in(actual) # True in this case
# are the two entitlements the same?
equals = required == actual # False in this case
API¶
Check entitlements according to the AARC G002 recommendation https://aarc-project.eu/guidelines/aarc-g002
-
class
Aarc_g002_entitlement
(raw, strict=True, raise_error_if_unparseable=False)¶ Entitlement allows EduPerson Entitlement parsing and comparision, as specified in https://aarc-project.eu/guidelines/aarc-g002.
Class instances can be tested for equality and less-than-or-equality. The py:meth:is_contained_in can be used to checks if a user with an entitlement U is permitted to use a resource which requires a certain entitlement R, like so:
R.is_contained_in(U)
- Parameters
raw (str) – The entitlement to parse. If the entitlement is ‘%xx’ encoded it is decoded before parsing.
strict (bool, optional) – False to ignore a missing group_authority and True otherwise, defaults to True.
raise_error_if_unparseable (bool, optional) – True to raise a ValueError, if the entitlements does not follow the AARC-G002 recommendation and True to create the (largely empty) entitlement object, defaults to False.
- Raises
ValueError – If raw does not contain a group_authority and strict is True, or if the raw entitlement is not following the AARC-G002 recommendation at all and raise_error_if_unparseable is `True.
Exception – If the attributes extracted from the entitlement could not be assigned to this instance.
Available attributes for AARC-G002 entitlements are listed here. For entitlements not following the recommendation, these are set to their default values.
-
namespace_id
= ''¶
-
delegated_namespace
= ''¶
-
subnamespaces
= []¶ List of subnamespaces. May be empty.
-
group
= ''¶
-
subgroups
= []¶ List of subgroups. May be empty
-
role
= None¶ None if the entitlement has no role.
None if the entitlement has no group_authority.
-
is_contained_in
(other)¶ Check if self is contained in other
-
property
is_aarc_g002
¶ Check if this entitlements follows the AARC-G002 recommendation Note this only works with raise_error_if_unparseable=False
- Returns
True if the recommendation is followed
- Return type
bool