Coverage for gws-app/gws/plugin/account/__init__.py: 100%

0 statements  

« prev     ^ index     » next       coverage.py v7.11.0, created at 2025-10-16 23:09 +0200

1"""Account plugin. 

2 

3This plugin manages user accounts. Accounts are stored in a database table. This plugin provides facilities for managing 

4and editing account data and thus is different from the "sql" authorization provider, which can only authorize users. 

5 

6The accounts DB table can have an arbitrary name and should contain the following columns: :: 

7 

8 id int primary key generated always as identity, 

9 

10 email text not null, -- user email 

11 status int default 0, -- use status 

12 

13 password text, -- password hash 

14 mfauid text, -- MFA adapter uid, if used 

15 mfasecret text, -- MFA secret value 

16 

17 tc text, -- storage for a temporary code 

18 tctime int, -- temporary code timestamp 

19 tccategory text, -- temporary code category 

20 

21 

22The table can also contain further columns for user info and data. These columns can be configured in the account models 

23and thus made editable for account administrators and/or end users. 

24 

25This plugin provides the global ``account`` helper, which contains database models and various options. 

26 

27Additionally, the following components are defined: 

28 

29- account administration: action ``accountAdmin`` and the client component ``Sidebar.AccountAdmin``. 

30- account management for end users: action ``account`` and the client component ``Dialog.Account``. Also used for the onboarding procedure. 

31- authorization provider ``account``. Authorizes users based on the accounts table. 

32 

33These components are optional and can be used together or separately. All components require the global helper to be configured. 

34 

35Configuration example: :: 

36 

37 

38 @# global configuration 

39 

40 helpers+ { 

41 type "account" 

42 adminModel { ... definition for the administrator model } 

43 options... 

44 } 

45 

46 auth.providers+ { 

47 type "account" 

48 } 

49 

50 @# some "admin" project 

51 

52 projects+ { 

53 .... 

54 action { 

55 type "accountAdmin" 

56 permissions.read "allow admin, deny all" 

57 } 

58 client.addElements { 

59 tag "Sidebar.AccountAdmin" 

60 } 

61 } 

62 

63 @# some "user" project 

64 

65 projects+ { 

66 .... 

67 action { 

68 type "account" 

69 permissions.read "allow user, deny all" 

70 } 

71 client.addElements { 

72 tag "Dialog.Account" 

73 } 

74 } 

75 

76"""