`rattail.db.model.users`¶

Data Models for Users & Permissions

class rattail.db.model.users.Permission(**kwargs)[source]¶: Represents permission a role has to do a particular thing.

class rattail.db.model.users.Role(**kwargs)[source]¶

Represents a role within the system; used to manage permissions.

adminish¶: Flag indicating that the role is “admin-ish” - i.e. only users who belong to the true Administrator role, should be allowed to (un)assign users to this role.

name¶: Name for the role. Each role must have a name, which must be unique.

node_type¶

Type of node for which this role is applicable. This is probably only useful if the sync_me flag is set.

If set, this value must match a node’s configured type, or else it will be ignored by that node. See also node_type() for how a node’s type is determined. If there is no value set for this field then the role will be honored by all nodes in which it exists (which is just one unless sync_me is set, in which case all nodes would have it).

It is useful in combination with sync_me in that it allows a certain role to be “global” (synced) and yet only be “effective” for certain nodes. Probably the most common scenario is where you have a host node and several store nodes, and you want to manage the store roles “globally” but avoid granting unwanted access to the host node. So you’d set the sync_me flag but also set node_type to e.g. 'store'.

notes¶: Any arbitrary notes for the role.

session_timeout¶: Optional session timeout value for the role, in seconds. If this is set to zero, the role’s users will have no session timeout. A value of None means the role has no say in the timeout.

sync_me¶

Flag indicating that the Role - its primary attributes, and list of permissions - should be synced across all nodes.

So if set, when the role changes at one node then that change should propagate to all other nodes.

Note that this does not include the user list by default; see sync_users to add that.

Note that if this flag is set, the role will be synced to all nodes regardless of node type. See also node_type.

sync_users¶

Flag indicating that the user list for the role should be synced across all nodes. This has no effect unless sync_me is also set.

Note that if this flag is set, the role’s user list will be synced to all nodes regardless of node type. See also node_type.

class rattail.db.model.users.User(**kwargs)[source]¶

Represents a user of the system.

This may or may not correspond to a real person, i.e. some users may exist solely for automated tasks.

active¶: Whether the user is active, e.g. allowed to log in via the UI.

active_sticky¶: Optional flag, motivation behind which is as follows: If you import user accounts from another system, esp. on a regular basis, you might be keeping the active flag in sync along with that. But in some cases you might want to not keep the active flag in sync, for certain accounts. Hence this “active sticky” flag, which may be used to mark certain accounts as off-limits from the general active flag sync.

api_tokens¶: List of API tokens for the user.

property email_address¶

DEPRECATED

Convenience attribute which invokes get_email_address().

Note

The implementation of this may change some day, e.g. if the User is given an association to EmailAddress in the data model.

property employee¶

DEPRECATED

Reference to the Employee associated with the user, if any.

events¶: Sequence of events for the user.

get_email_address()[source]¶

DEPRECATED

Returns the primary email address for the user (as unicode string), or None. Note that currently there is no direct association between a User and an EmailAddress, so the Person and Customer relationships are navigated in an attempt to locate an address.

get_short_name()[source]¶: Returns “short name” for the user. This is for convenience of mobile view, at least…

is_admin()[source]¶: DEPRECATED; use rattail.auth.AuthHandler.user_is_admin() instead.

last_login¶: Timestamp when user last logged into the system.

local_only¶: Flag indicating the user account is somehow specific to the “local” app node etc. and should not be synced elsewhere.

person¶: Reference to the person whose user account this is.

prevent_password_change¶: If set, this user cannot change their own password, and the password is not editable when e.g. a manager edits this user record. So if set, only root can change this user’s password.

sent_messages¶: List of all messages which have ever been sent by the user.

class rattail.db.model.users.UserAPIToken(**kwargs)[source]¶

User authentication token for use with Tailbone API

created¶: Date/time when the token was created.

description¶: Description of the token.

token_string¶: Token string, to be used by API clients.

user¶: Reference to the User associated with the token.

user_uuid¶: Reference to the User associated with the token.

class rattail.db.model.users.UserEvent(**kwargs)[source]¶

Represents an event associated with a user.

occurred¶: Timestamp at which the event occurred.

type_code¶: Type code for the event.

user¶: Reference to the user whose event this is.

class rattail.db.model.users.UserRole(**kwargs)[source]¶: Represents the association between a User and a Role.

rattail.db.model.users¶

`rattail.db.model.users`¶