mxcubeweb.core.components.user.usermanager#

Classes

`BaseUserManager`(app, config)	Base class for managing user-related operations
`SSOUserManager`(app, config)
`UserManager`(app, config)	Class to provide specific implementations for user login and signout operations.

class mxcubeweb.core.components.user.usermanager.BaseUserManager(app, config)[source]#

Bases: ComponentBase

Base class for managing user-related operations

Operation it manages are: authentication, session management, and Single Sign-On (SSO) integration. It provides methods to handle user login, logout, session updates, and role assignments. The class also includes functionality to manage active users, set operators, and validate SSO tokens. It is designed to be extended by more specific user manager implementations.

app#: The application instance. It is used to access various components and configurations such as the Flask server instance and the configuration settings.

config#: The configuration settings for the user manager. It contains information such as SSO client ID, client secret and metadata URI.

active_logged_in_users(exclude_inhouse: bool = False) → list[mxcubeweb.core.models.usermodels.User][source]#

List of active and logged in users.

Parameters:: exclude_inhouse (bool) – exclude inhouse users from the list
Return type:: list[mxcubeweb.core.models.usermodels.User]

db_create_user(user: str, password: str, sso_data: dict) → User[source]#

Create or update user in datastore.

If the user already exists, update the user information. If not create new one. Assign roles to the user, prevoiusly making sure the roles of ‘staff’ and ‘incontrol’ existis in data store. If not create them also.

Parameters:

user (str) – representation of username (eventually part of it). Also a nickname for new users.
password (str) – password (unused).
sso_data (dict) – dictionary containing information from the SSO service used.

Returns:

User model instance existing in or added to datastore.

Return type:

User

db_set_in_control(user: User, control: bool) → None[source]#

Update users (their in_control field) in the datastore.

If the passed user becomes an operator (control=True), the remaining users’ in_control fields are set to False. If passed user stops being an operator, only its in_control field is set to False.

Parameters:

user (User) – User model instance.
control (bool) – the user becomes an operator (True) or not (False).

Return type:

None

force_signout_user(username: str) → None[source]#

Force signout of the annonymous or non operating user.

Parameters:: username (str) – username of the user to be signed out.
Return type:: None

get_observers() → list[mxcubeweb.core.models.usermodels.User][source]#

List users that are in observer mode.

Observer mode means user is logged in (authenticated and active) but not in control of the application.

Return type:: list[mxcubeweb.core.models.usermodels.User]

get_operator() → User[source]#

Return user object that is controlling the beamline (operator).

Return type:: User

get_user(username: str) → User | None[source]#

Return user model instance based on username.

Parameters:: username (str) –
Return type:: User | None

is_authenticated() → bool[source]#

Check if the current user is authenticated.

Returns:: True if the current user is authenticated.
Return type:: bool

is_inhouse_user(user_id: str) → bool[source]#

Check if the user_id is in the in-house user list.

Parameters:: user_id (str) – user id composed from code and number.
Returns:: True if user_id is in the in-house user list, False otherwise.
Return type:: bool

is_operator() → bool[source]#

Check if current user is an operator.

Returns:: True if the current_user is an operator.
Return type:: bool

login(login_id: str, password: str, sso_data: dict = {}) → None[source]#

Create new session for the user if it does not exist. Activate user in data store. If a sample is loaded in sample changer but not mounted, mount it and update the smaple list. Try update the operator.

Parameters:

login_id (str) – The username.
password (str) – The password.
sso_data (dict) – Dictionary containing information from the SSO service used.

Return type:

None

login_info() → dict[source]#

Get the login information to be displayed in the application.

Login information to be displayed in the application such as: * synchrotron and beamline names * user infromation * proposals list * selected proposal * and so on

Returns:: Dictionary with login information.
Return type:: dict

set_operator(username: str) → User | None[source]#

Set the user with the given username to be an operator.

Parameters:: username (str) –
Return type:: User | None

signout() → None[source]#

Sign out the current user.

If the user was an operator, the queue and samples are restored to init values, the session is cleared, the user is not an operator anymore. Log out and deactivte the user, and emit ‘observersChanged’ signal.

Return type:: None

update_active_users() → None[source]#

Check if any user have been inactive for longer than session lifetime.

If so, deactivate the user in datastore and emit the relvant signals userChanged and observersChanged to the client.

Return type:: None

update_operator(new_login: bool = False) → None[source]#

Sets the operator based on the logged in users.

If no user is currently in control, the first logged in user is set. Additionally, proposal is set based on the operator selected_proposal field.

Parameters:: new_login (bool) – True if method was invoked with new user login.
Return type:: None

update_user(user: User) → None[source]#

Update user information in datastore.

Parameters:: user (User) – User model instance.
Return type:: None

class mxcubeweb.core.components.user.usermanager.SSOUserManager(app, config)[source]#: Bases: BaseUserManager

class mxcubeweb.core.components.user.usermanager.UserManager(app, config)[source]#

Bases: BaseUserManager

Class to provide specific implementations for user login and signout operations.

It includes methods to handle login conditions such as checking if the user is active, anonymous, in-house, or accessing locally/remotely. The class also ensures that only one user can be logged in at a time and restricts in-house logins to local hosts. Additionally, it handles Single Sign-On (SSO) logout by making a request to the configured SSO logout URI.