ScriptUserManagement¶

class ScriptUserManagement.ObjectPermissionKind(value)¶

Bases: Enum

This enumeration contains the various possibilites to access an object from the viewpoint of the User Management.

View = (0,)¶: The permission to view an object.

Modify = (1,)¶: The permission to modify an object.

Remove = (2,)¶: The permission to remove an object.

AddRemoveChildren = 3¶: The permission to add or remove a child to or from an object.

class ScriptUserManagement.PermissionState(value)¶

Bases: Enum

The permission state, either “granted”, “denied”, or “default”.

Granted = (0,)¶: The corresponding permission is explicitely granted to a certain group.

Denied = (1,)¶: The corresponding permission is explicitely denied to a certain group.

Default = 2¶: The corresponding permission is not explicitely set for a certain group.

class ScriptUserManagement.ScriptUserManagement¶

Bases: object

UserManagement interface.

property project¶

Backlink to the project for this user management.

Return type:: ScriptProject

property users¶

The collection of all defined users for this project.

Return type:: ScriptUserList

property groups¶

The colleciton of all defined groups for this project.

Return type:: ScriptGroupList

property logged_on_user¶

Gets the user which is currently logged in, or None if no user is currently logged in.

Return type:: ScriptUser

property login_time¶

Gets the timestamp since the last successful login, or DateTime.MinValue if no user is currently logged in.

Return type:: DateTime

login(username, password)¶

Log into the project using the specified credentials.

This is equal to ScriptProject.login().

Parameters:

username (str) – The username.
password (str) – The password.

logout()¶

Log out from the project (back to the user “nobody”).

This is equal to ScriptProject.logout().

check_available(type)¶

Checks whether permission management for the given PermissionType is available in the given CoDeSys installation.

Parameters:: type (Guid) – The type.
Return type:: bool

get_user_management_permission()¶

Gets the permission object for the user management.

Return type:: ScriptPermission

get_command_permission(commandguid)¶

Gets the permission object for execution of a specific command.

Parameters:: commandguid (Guid or ScriptCommand) – The ScriptCommand or its Guid.
Return type:: ScriptCommandPermission
Returns:: The command permission object.

get_factory_permission(factory)¶

Gets the permission object for accessing a specific object factory.

Parameters:: factory (Guid or ScriptObjectFactory) – The factory or its guid.
Return type:: ScriptFactoryPermission
Returns:: The factory permission object.

get_object_permission(obj, kind)¶

Gets a Permission object for that specific script object.

Parameters:

obj (ScriptObject) – The object we want the permission for.
kind (ObjectPermissionKind) – The kind of object access permission we want.

Return type:

ScriptObjectPermission

Returns:

The ScriptObject.

property types¶

Gets all available types.

Return type:: ScriptPermissionTypes

class ScriptUserManagement.ScriptPermissionTypes(iterable=(), /)¶

Bases: list

This object represents all available permission types.

property usermanagement¶

The permission type guid for user management, or Guid.Empty if not available in this installation.

Return type:: Guid

property objectaccess¶

The permission type guid for object access rights, or Guid.Empty if not available in this installation.

Return type:: Guid

property objectfactory¶

The permission type guid for object factory rights (object creation), or Guid.Empty if not available in this installation.

Return type:: Guid

property commandexecution¶

The permission type guid for execution of commands, or Guid.Empty if not available in this installation.

Return type:: Guid

class ScriptUserManagement.ScriptUserList(iterable=(), /)¶

Bases: list

Represents the list of all users known to the current project.

property user_management¶

Back-Link to the project’s user management.

Return type:: ScriptUserManagement

property project¶

Backlink to the project for this user management.

Return type:: ScriptProject

create(name)¶

Creates a new user with the specified name.

Parameters:: name (str) – The name.
Return type:: ScriptUser

class ScriptUserManagement.ScriptUserOrGroup¶

Bases: object

This interface contains the common members of ScriptUser and ScriptGroup.

property project¶

Backlink to the project for this user management.

Return type:: ScriptProject

property user_management¶

Back-Link to the project’s user management.

Return type:: ScriptUserManagement

property is_user¶

Gets a value indicating whether this ScriptUserOrGroup is an user.

Return type:: bool

property is_group¶

Gets a value indicating whether this ScriptUserOrGroup is a group.

Return type:: bool

property id¶

Gets the ID of this user or group.

Return type:: Guid

property name¶

Gets the login name of this user or group.

Return type:: str

property description¶

Gets or sets the description for this user or group. This is informative only.

Return type:: str

add_to(parent)¶

Adds this user or group to the specified parent group.

Parameters:: parent (ScriptGroup) – The parent.

remove_from(parent)¶

Removes this user or group from the specified parent group.

Parameters:: parent (ScriptGroup) – The parent.

class ScriptUserManagement.ScriptUser¶

Bases: ScriptUserOrGroup

Instances of this interface represent a single user within the user management.

A user is uniquely identified by its ID (not by its name), although its name must also be unique within a user list.

property userlist¶

Backreference to the user list.

Return type:: ScriptUserList

property fullname¶

Gets or sets the full name of this user. This is informative only.

Return type:: str

property active¶

Gets or sets a boolean which indicates whether this user is currently active.

Inactive users cannot login to the user management.

Return type:: bool

check_password(password)¶

Checks the password for an user.

Parameters:: password (str) – The password.
Return type:: bool
Returns:: True if the password is correct.

change_password(old_password, new_password)¶

Changes the password for the user.

Parameters:

old_password (str) – The old password.
new_password (str) – The new password.

remove()¶

Removes the user with the specified ID from this list.

Raises:

UserNotExistingException – If the user does not exist (e. G. because it was removed before).
CannotRemoveLastMemberFromOwnerGroupException – If the user is the last member of the owner group.

rename(newname)¶

Renames the user.

Parameters:: newname (str) – The new name.

property groups¶

Gets a python tuple with the groups this user is member of.

Return type:: tuple[ScriptGroup]

class ScriptUserManagement.ScriptGroupList(iterable=(), /)¶

Bases: list

Represents the list of all known groups in this project.

property user_management¶

Back-Link to the project’s user management.

Return type:: ScriptUserManagement

property project¶

Backlink to the project for this user management.

Return type:: ScriptProject

create(name)¶

Creates a new group with the specified name.

Parameters:: name (str) – The name.
Return type:: ScriptGroup
Returns:: The newly created group.

property owner_group¶

Owner group.

Return type:: ScriptGroup

property everyone_group¶

Everyone group.

Return type:: ScriptGroup

class ScriptUserManagement.ScriptGroup¶

Bases: ScriptUserOrGroup

Instances of this interface represent a single group within the user management.

A group is uniquely identified by its ID (not by its name), although its name must also be unique within a group list.

property grouplist¶

Backlink to the grouplist.

Return type:: ScriptGroupList

add_member(member)¶

Adds a member to this group. This might be either a user or another group.

If such a user or group does not exist, (e. G. because it was deleted in the meantime), a UserNotExistingException, GroupNotExistingException, or UserOrGroupNotExistingException is thrown. If the user or group is already a member of this group, a UserIsAlreadyMemberOfGroupException or GroupIsAlreadyMemberOfGroupException is thrown.

Parameters:: member (ScriptUserOrGroup) – The user or group.
Raises:: GroupCycleException – If this addition would cause a membership cycle.

remove_member(member)¶

Removes a member from this group.

Parameters:: member (ScriptUserOrGroup) – The member.

has_member(member)¶

Checks whether the specified user or group is a member of this group.

Parameters:: member (ScriptUserOrGroup) – The member.
Return type:: bool
Returns:: True if the specified user or group is member of this group, otherwise False.

get_user_members(recursive)¶

Returns a python tuple of all users which are member of this group, or which are members of group members of this group.

Parameters:: recursive (bool) – if set to True, includes users which are members of group members of this group.
Return type:: list
Returns:: A python tuple of ScriptUser objects.

get_group_members()¶

Gets a python tuple of all groups which are member of this group.

Return type:: list

property is_everyone_group¶

Gets a boolean value indicating whether this group is the “everyone” group.

Return type:: bool

property is_owner_group¶

Gets a boolean value indicating whether this group is the “owner” group.

Return type:: bool

rename(newname)¶

Renames the group.

Parameters:: newname (str) – The new name.

remove()¶: Removes this group from the containing grouplist.

class ScriptUserManagement.ScriptPermission¶

Bases: object

Interface for permission objects.

property type¶

Gets the type.

Return type:: Guid

check_permission(silent_or_group)¶

This overload is used when silent_or_group is of type bool.

Checks whether the currently logged in user has a specific permission or not.

Parameters:: silent (bool) – If of type bool: If False, when the permission is not granted, the RequestAuthorization event is triggered which typically prompts a new login interactively and the permission is checked again with the new login. If True, nothing will be prompted.
Return type:: bool
Returns:: True if the user is allowed.

This overload is used when silent_or_group is of type ScriptGroup.

Parameters:: group (ScriptGroup) – The group.
Return type:: bool
Returns:: True if the permission is allowed.

get_permission_state(group, resolve_effective=True, resolve_inherited=False)¶

Gets the the state of a specific permission.

You can use System.commands to search for a command guid.

Parameters:

group (ScriptGroup) – The group.
resolve_effective (bool) – If True, when the permission is not explicitely granted or denied, it will be resolved (e.g. by asking the parent object, and finally deferring to a default value). This value overrides resolve_inherited.
resolve_inherited (bool) – If set to True, for hierarchical properties (currently only the object access properties), the parent objects are resolved for inherited properties. If set to false, only the properties directly set at the object are resolved. If resolve_effective is True, the parents are always resolved and this parameter is ignored.

Return type:

PermissionState

Returns:

If resolve_effective is True, PermissionState.Granted or PermissionState.Denied. If resolve_effective is False, PermissionState.Default might be returned additionally.

set_permission_state(group, state)¶

Sets the permissions for a specific command.

Parameters:

group (ScriptGroup) – The group.
state (PermissionState) – The state.

check_set_permission_state(group, state, silent=True)¶

Checks whether our group is allowed to set a specific permission.

Parameters:

group (ScriptGroup) – The group.
state (PermissionState) – The state.
silent (bool) – If False, when the permission is not granted, the RequestAuthorization event is triggered which typically prompts a new login interactively and the permission is checked again with the new login. If True, nothing will be prompted.

Return type:

bool

Returns:

True if the user is allowed.

class ScriptUserManagement.ScriptObjectPermission¶

Bases: ScriptPermission

ObjectAccess Permissions come with additional information about which object to access, and the specific kind of object access.

check_permission_extended()¶

Checks the effective permission the current user has for the given object.

This considers permission inheritance along the object tree etc. This method may prompt the user for a new login.

Return type:: Exception
Returns:: An Exception object describing why the user currently does not have access for the given object, and None if the user has access.

property target_object¶

Target object.