This package provides a python Class to parse and compare entitlements according to the AARC-G002 Recommendation https://aarc-project.eu/guidelines/aarc-g002.
from aarc_g002_entitlement import Aarc_g002_entitlement required = Aarc_g002_entitlement( 'urn:geant:h-df.de:group:aai-admin', strict=False, ) actual = Aarc_g002_entitlement( 'urn:geant:h-df.de:group:aai-admin:role=member#backupserver.used.for.developmt.de', ) # is a user with actual permitted to use a resource which needs required? permitted = required.is_contained_in(actual) # True in this case # are the two entitlements the same? equals = required == actual # False in this case
Check entitlements according to the AARC G002 recommendation https://aarc-project.eu/guidelines/aarc-g002
Aarc_g002_entitlement(raw, strict=True, raise_error_if_unparseable=False)¶
Entitlement allows EduPerson Entitlement parsing and comparision, as specified in https://aarc-project.eu/guidelines/aarc-g002.
Class instances can be tested for equality and less-than-or-equality. The py:meth:is_contained_in can be used to checks if a user with an entitlement U is permitted to use a resource which requires a certain entitlement R, like so:
raw (str) – The entitlement to parse. If the entitlement is ‘%xx’ encoded it is decoded before parsing.
strict (bool, optional) – False to ignore a missing group_authority and True otherwise, defaults to True.
raise_error_if_unparseable (bool, optional) – True to raise a ValueError, if the entitlements does not follow the AARC-G002 recommendation and True to create the (largely empty) entitlement object, defaults to False.
ValueError – If raw does not contain a group_authority and strict is True, or if the raw entitlement is not following the AARC-G002 recommendation at all and raise_error_if_unparseable is `True.
Exception – If the attributes extracted from the entitlement could not be assigned to this instance.
Available attributes for AARC-G002 entitlements are listed here. For entitlements not following the recommendation, these are set to their default values.
List of subnamespaces. May be empty.
List of subgroups. May be empty
None if the entitlement has no role.
None if the entitlement has no group_authority.
Check if self is contained in other
Check if this entitlements follows the AARC-G002 recommendation Note this only works with raise_error_if_unparseable=False
True if the recommendation is followed
- Return type