AARC-G002 Entitlements

This package provides a python Class to parse and compare entitlements according to the AARC-G002 Recommendation https://aarc-project.eu/guidelines/aarc-g002.

Example

from aarc_g002_entitlement import Aarc_g002_entitlement

required = Aarc_g002_entitlement(
    'urn:geant:h-df.de:group:aai-admin',
    strict=False,
)
actual = Aarc_g002_entitlement(
    'urn:geant:h-df.de:group:aai-admin:role=member#backupserver.used.for.developmt.de',
)

# is a user with actual permitted to use a resource which needs required?
permitted = required.is_contained_in(actual) # True in this case

# are the two entitlements the same?
equals = required == actual # False in this case

API

Check entitlements according to the AARC G002 recommendation https://aarc-project.eu/guidelines/aarc-g002

class Aarc_g002_entitlement(raw, strict=True, raise_error_if_unparseable=False)

Entitlement allows EduPerson Entitlement parsing and comparision, as specified in https://aarc-project.eu/guidelines/aarc-g002.

Class instances can be tested for equality and less-than-or-equality. The py:meth:is_contained_in can be used to checks if a user with an entitlement U is permitted to use a resource which requires a certain entitlement R, like so:

R.is_contained_in(U)

Parameters

  • raw (str) – The entitlement to parse. If the entitlement is ‘%xx’ encoded it is decoded before parsing.

  • strict (bool, optional) – False to ignore a missing group_authority and True otherwise, defaults to True.

  • raise_error_if_unparseable (bool, optional) – True to raise a ValueError, if the entitlements does not follow the AARC-G002 recommendation and True to create the (largely empty) entitlement object, defaults to False.

Raises

  • ValueError – If raw does not contain a group_authority and strict is True, or if the raw entitlement is not following the AARC-G002 recommendation at all and raise_error_if_unparseable is `True.

  • Exception – If the attributes extracted from the entitlement could not be assigned to this instance.

Available attributes for AARC-G002 entitlements are listed here. For entitlements not following the recommendation, these are set to their default values.

namespace_id = ''
delegated_namespace = ''
subnamespaces = []

List of subnamespaces. May be empty.

group = ''
subgroups = []

List of subgroups. May be empty

role = None

None if the entitlement has no role.

group_authority = None

None if the entitlement has no group_authority.

is_contained_in(other)

Check if self is contained in other

property is_aarc_g002

Check if this entitlements follows the AARC-G002 recommendation Note this only works with raise_error_if_unparseable=False

Returns

True if the recommendation is followed

Return type

bool