mbe package

Submodules

mbe.access module

The access module contains features providing an abstraction layer over MongoDB.

class mbe.access.DatabaseAccess(_database, _json_schema_folders=None)[source]

Bases: object

The database access class handles all communication with the database It provides logging, validation against a schema and hiding ObjectIds.

database = None
find(_conditions, _do_not_fix_object_ids=False)[source]

Return a list of documents that match the supplied MBE condition. :param _conditions: An MBE condition :return: A list of matching documents

static load_exactly_one_document(_collection, _id, _zero_error=None, _duplicate_error=None)[source]

Raises provided errors if not exactly one row in result.

Parameters:
  • _collection – The collection to load from
  • _id – The _id of the document
  • _zero_error – Error to report if no documents are found
  • _duplicate_error – Error to report when duplicate documents are found
Returns:

The document

logging = None
manage_input(_input, _schema_id=None)[source]

Validate, convert _id to objectId instances and parse collection from input, whether it is data to save or a condition. Note: This should not be run twice on the same data.

Parameters:
  • _input – Data to handle
  • _schema_id – If set the schema to validate against
Returns:

A tuple with the data and the database collection specified in the schema.

remove_condition(_condition, _user)[source]

Remove documents that match the supplied MBE condition

Parameters:_condition – A MongoDB search criteria
Returns:
remove_documents(_documents, _user, _collection_name=None)[source]

Remove the documents in the documents lis

Parameters:
  • _documents – The list of documents
  • _user – A user object
  • _collection_name – The collection from where to remove them.
Returns:

Nothing

save(_document, _user, _old_document=None, _allow_save_id=False)[source]

Save a document to a collection

Parameters:
  • _document – The data to save
  • _user – A user object
  • _old_document – If available, the existing data, used to avoid an extra read when logging changes.
  • _allow_save_id – If set, to not assume that _id being set means updating an existing document.
Returns:

The object id of the saved document

schema_tools = None
transform_collection(_destination_schema, _map, _row_callback)[source]

NOT IMPLEMENTED. :param _destination_schema: :param _map: :param _row_callback: :return:

static verify_condition(_data, _collection_name, _caller_name)[source]

Validates the conditions’ structure and the collection it queries.

Parameters:
  • _data – The data to check.
  • _collection_name – Name of the collection that it should be checked against
  • _caller_name – The name of the calling function for logging
verify_document(_data, _collection_name, _caller_name)[source]

Check so that the collection for the specified schema in the input data match the supplied collection in _collection_name.

Parameters:
  • _data – The data to check.
  • _collection_name – Name of the collection that it should be checked against
  • _caller_name – The name of the calling function for logging

mbe.authentication module

The authentication module is responsible for taking log in credentials an establish a session. Session data is saved in the Session collection.

class mbe.authentication.Authentication(_database_access)[source]

Bases: object

The authentication class is the central entity for authentication in MBE. It handles login, logout and session validation.

check_session(_session_id)[source]

Checks if a session_id is valid and returns the user object Otherwise raises an AuthenticationError,

Parameters:_session_id – A session_id, format is a MongoDB objectId.
Returns:A user object
login(_credentials)[source]

Takes a credentials object and logs in. Returns a tuple with a session_id and a user object if successful. Otherwise raises an AuthenticationError, If user is already logged in, that session is destroyed and this one created.

Parameters:_credentials – A structure containing credentials
Returns:A tuple with a session_id and a user object
logout(_session_id)[source]

Logs out the session

Parameters:_session_id
Returns:
exception mbe.authentication.AuthenticationError[source]

Bases: Exception

Exception class for authentication errors

mbe.authentication.aop_check_session(f)[source]

A session validation decorator, searches that parameters for _session_id and checks that session

mbe.authentication.check_session(_session_id)[source]

Global convenience function, see Authentication.check_session

Parameters:_session_id – The session Id.
mbe.authentication.check_session_aspect(func, *args, **kwargs)[source]

The authentication aspect code, provides an aspect for the aop_check_session decorator

mbe.authentication.init_authentication(_database_access)[source]

Initializes the global authentication object

Parameters:_database_access – A database access instance that provides access to the node collection (users)
Returns:an instance of the global authentication object
mbe.authentication.login(_credentials)[source]

Global convenience function, see Authentication.logout

Parameters:_credentials – An MBE credentials package.
mbe.authentication.logout(_session_id)[source]

Global convenience function, see Authentication.logout

Parameters:_session_id – The session Id

mbe.cherrypy module

The CherryPy-module provides a web server plugin for CherryPy.

class mbe.cherrypy.CherryPyNode(_database_access)[source]

Bases: object

The CherryPyNode class is a plugin for CherryPy to expose the MBE node-functionality. Each function maps to counterparts in the node class.

find(**kwargs)[source]
history(**kwargs)[source]
load_children(**kwargs)[source]
load_node(**kwargs)[source]
login(**kwargs)[source]
logout(**kwargs)[source]
lookup(**kwargs)[source]
remove(**kwargs)[source]
save(**kwargs)[source]
mbe.cherrypy.aop_check_session(f)[source]

CherryPy-specific session checking decorator.

Parameters:f – the function
mbe.cherrypy.aop_login_json(f)[source]

CherryPy-specific session login decorator.

mbe.constants module

Created on Mar 6, 2015

@author: Nicklas Boerjesson @note: The constants of the MBE library

mbe.groups module

Created on Mar 6, 2015

The groups module contains functionality for checking group level rights.

@author: Nicklas Boerjesson

class mbe.groups.Groups(_database_access)[source]

Bases: object

The Groups class is the central location for group management in MBE and holds the group cache.

has_right(_right, _user)[source]

Check if a certain user, through group membership, holds a certain right. Raises a RightCheckError if npt

Parameters:
  • _right – The right in question
  • _user – A user object
reload_all()[source]

Reload all groups from database

exception mbe.groups.RightCheckError[source]

Bases: Exception

Exception class for Rights errors

mbe.groups.aop_has_right(_rights_function)[source]

A decorator for to supply the has_right functionality. Takes a function pointer. It is necessary to make it able to get the data in runtime. TODO: This is quite ugly.

Parameters:_rights_function – A pointer to a function that returns the right to check for
Returns:returns a decorator function.
mbe.groups.has_right(_right, _user)[source]

Global convenience function, see Groups.has_right

Parameters:_right
mbe.groups.init_groups(_database_access)[source]

Initiate the global groups object, load all groups from the provided database

Parameters:_database_access – A database access object
Returns:The global group object

mbe.logging module

The logging module handles all the logging of MBE.

class mbe.logging.DictDiffer(current_dict, past_dict)[source]

Bases: object

Calculate the difference between two dictionaries as: (1) items added (2) items removed (3) keys same in both but changed values (4) keys same in both and unchanged values

added()[source]

A list of added items

changed()[source]

Returns a list of changed items

removed()[source]

Returns a list of removed items

unchanged()[source]

Returns a list of unchanged items

class mbe.logging.Logging(_database)[source]

Bases: object

The logging class provides functionality to properly write to the “event” collection

database = None
log_remove(_removed_document, _user_id)[source]

Created a “remove” event. Called when a document has been removed.

Parameters:
  • _removed_document – The removed document.
  • _user_id – The _id of the user. A string(not the ObjectId)
log_save(_document, _user_id, _old_document=None)[source]

Creates an event log item based on the differences between the provided documents

Parameters:
  • _document – The new version of the document
  • _user_id – The _id of the user. A string(not the ObjectId)
  • _old_document – The previous version
log_security(_type, _message, _user_id, _node_id)[source]

Creates an security event log item

Parameters:
  • _type – type of event, can be rights, access or attack
  • _message – Error message
  • _user_id – The _id of the user. A string(not the ObjectId)
  • _node_id – If applicable, the concerned node document
Returns:

write_event(_event)[source]

Writes an event to the database

Parameters:_event – The event data

mbe.node module

The node module provides the node-API for MBE. All interaction with the node-collection should happen through the Node-class

Note: Sphinx does not properly document this module with the decorators, comment them before running sphinx

class mbe.node.Node(_database_access, _rights=None)[source]

Bases: object

The node class is used for all node management in MBE.

database_access = None
find(_conditions, _user)[source]

Returns a list of nodes matching the MBE condition. Note: This method is literate, it takes ObjectId instances when comparing to ObjectId instances. But JSON doesn’t handle ObjectId. So instead it supports an ObjectId(000000010000010001ee3214)-syntax and when it encounters those values, it converts them into ObjectId instances.

Parameters:
  • _conditions – A condition
  • _user – A user object
Returns:

A list of nodes

history(_id, _user)[source]

Return the change history for the specified node.

Parameters:
  • _id – An object with a node _id field
  • _user – A user object
Returns:

load_children(_parent_id, _user)[source]

Returns a list of child nodes whose _parent_ids match _parent_id

Parameters:
  • _parent_id – An object with a parent_id property
  • _user – A user object
Returns:

A list of nodes

load_node(_id, _user)[source]

Returns the child with _id.

Parameters:
  • _id – An object with a id property
  • _user – A user object
Returns:

A list of nodes

lookup(_conditions, _user)[source]

Returns a list of value-name objects for use in drop downs. As find, handles the ObjectId(000000010000010001ee3214) string format. (no quotes)

Parameters:
  • _conditions – An MBE condition
  • _user – A user object
Returns:

A list of lookup objects.

remove(_id, _user)[source]

Remove the specified node

Parameters:
  • _id – An object with a node _id field
  • _user – A user object
Returns:

Result of removal

rights = None
save(self, _document, _user)[source]

Saves an MBE node descendant to the database.

Parameters:
  • _document – The MBE node document to save.
  • _user – The current user
Returns:

A structure detailing the save result

mbe.node.get_node_rights()[source]

This function is necessary to hand runtime data to the decorators

Returns:the node rights
mbe.node.node_rights = None

A cache of node rights

mbe.permission module

The permission module handles permissions for nodes.

mbe.permission.filter_by_group(_nodes, _permission, _user, _database_access, _error_prefix_if_not_allowed=None, _use_object_id=False)[source]

This function filters a list of nodes based on what groups a user belong to and its right

Parameters:
  • _nodes – A list of node
  • _permission – The permission to check. For example “canRead” or “canWrite”.
  • _user – The user to check
  • _database_access – A database access instance.
  • _error_prefix_if_not_allowed – If set, the supplied error message is raised. Normally used when testing for write access.
  • _use_object_id – If true, the node has ObjectId instances and not strings.
Returns:

A list of nodes any of the users’ groups have the permission defined in _permission for

mbe.schema module

Created on Mar 6, 2015

@author: Nicklas Boerjesson @note: The schema tools

class mbe.schema.SchemaTools(_json_schema_folders=[])[source]

Bases: object

The schema tools class does all the handling, validation and transformation of schemas in MBE.

apply(_data, _schema_id=None)[source]

Validate the JSON in _data against a JSON schema.

Parameters:
  • _data – The JSON data to validate
  • _schema_id – If set, validate against the specified schema, and not the one in the data.
Returns:

the schema object that was validated against.

static check_schema_fields(_curr_schema_obj, _curr_file)[source]

Check so all mandatory fields are in the schema :param _curr_schema_obj: Schema to check :param _curr_file: File name use in error message

json_schema_folders = None
json_schema_objects = None
load_schema_from_file(_file_name)[source]

Loads a specifield schema from a file, checks it and stores it in the schema cache.

Parameters:_file_name – The name of the schema file
load_schemas_from_directory(_schema_folder)[source]

Load and validate all schemas in a folder, add to json_schema_objects

Parameters:_schema_folder – Where to look
mbe_uri_handler(uri)[source]

# TODO: Memoize.

Handle the mbe:// namespace references

Parameters:uri – The uri to handle
Returns:The schema
mongodb_validator = None

Module contents

Created on Mar 6, 2015

@author: Nicklas Boerjesson @note: MBE, Mongo Back End is a general back end for document database. It provides concrete functionality for nonstandard features like validation, rights, and group-level permission.