user_policy

Define user policies.

remove_new_groups(user, user_store)

Removes any groups in the given user that are not in the stored version of this user.

Source code in mlte/store/user/policy/user_policy.py

def remove_new_groups(
    user: Union[UserWithPassword, BasicUser], user_store: UserStoreSession
) -> Union[UserWithPassword, BasicUser]:
    """Removes any groups in the given user that are not in the stored version of this user."""
    current_groups = user_store.user_mapper.read(user.username).groups
    user.groups = current_groups
    return user

set_default_user_policies(user, policy_store)

Assign a new user the permissions given to all users.

Source code in mlte/store/user/policy/user_policy.py

def set_default_user_policies(
    user: UserWithPassword, policy_store: PolicyStoreService
) -> UserWithPassword:
    """Assign a new user the permissions given to all users."""
    # Users with admin role don't need these policies.
    if user.role == RoleType.ADMIN:
        return user

    # Give every new user permissions to create (only) new models.
    model_create_policy = Policy(
        ResourceType.MODEL,
        resource_id=None,
        create_group=True,
        edit_group=False,
        read_group=False,
    )
    model_create_policy.assign_to_user(user)

    # Give every new user permissions to modify all custom lists.
    custom_list_policy = Policy(ResourceType.CUSTOM_LIST, resource_id=None)
    custom_list_policy.assign_to_user(user)

    # Give user permissions to modify its data.
    own_user_policy = Policy(ResourceType.USER, resource_id=user.username)
    policy_store.save_to_store(own_user_policy)
    own_user_policy.assign_to_user(user)

    return user